This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is affected by
The installed version of Firefox is earlier than 10.0.5 and thus, is
potentially affected by the following security issues :
- An error exists in the ASN.1 decoder when handling zero
length items that can lead to application crashes.
- Multiple memory corruption errors exist. (CVE-2012-1937,
- Two heap-based buffer overflows and one heap-based use-
after-free error exist and are potentially exploitable.
(CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)
- The inline-script blocking feature of the 'Content
Security Policy' (CSP) does not properly block inline
event handlers. This error allows remote attackers to
more easily carry out cross-site scripting attacks.
- A use-after-free error exists related to replacing or
inserting a node into a web document. (CVE-2012-1946)
See also :
Upgrade to Firefox 10.0.5 ESR or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 59404 ()
Bugtraq ID: 5379153792537935379453797537985380053801
CVE ID: CVE-2012-0441CVE-2012-1937CVE-2012-1939CVE-2012-1940CVE-2012-1941CVE-2012-1944CVE-2012-1946CVE-2012-1947
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.