How to Buy
This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is affected by
The installed version of Firefox is earlier than 15.0 and thus, is
potentially affected by the following security issues :
- An error exists related to 'Object.defineProperty'
and the location object that could allow cross-site
scripting attacks. (CVE-2012-1956)
- Unspecified memory safety issues exist. (CVE-2012-1970,
- Multiple use-after-free errors exist. (CVE-2012-1972,
CVE-2012-1973, CVE-2012-1974, CVE-2012-1975,
CVE-2012-1976, CVE-2012-3956, CVE-2012-3957,
CVE-2012-3958, CVE-2012-3959, CVE-2012-3960,
CVE-2012-3961, CVE-2012-3962, CVE-2012-3963,
- An error exists related to 'about:newtab' and the
browser's history. This error can allow a newly opened
tab to further open a new window and navigate to the
privileged 'about:newtab' page leading to possible
privilege escalation. (CVE-2012-3965)
- An error exists related to bitmap (BMP) and icon (ICO)
file decoding that can lead to memory corruption
causing application crashes and potentially arbitrary
code execution. (CVE-2012-3966)
- A use-after-free error exists related to WebGL shaders.
- A buffer overflow exists related to SVG filters.
- A use-after-free error exists related to elements
having 'requiredFeatures' attributes. (CVE-2012-3970)
- A 'Graphite 2' library memory corruption error exists.
- An XSLT out-of-bounds read error exists related to
- Remote debugging is possible even when disabled and the
'HTTPMonitor' extension is enabled. (CVE-2012-3973)
- The DOM parser can unintentionally load linked
resources in extensions. (CVE-2012-3975)
- Incorrect SSL certificate information can be displayed
in the address bar when two 'onLocationChange' events
fire out of order. (CVE-2012-3976)
- Security checks related to location objects can be
bypassed if crafted calls are made to the browser
chrome code. (CVE-2012-3978)
- Calling 'eval' in the web console can allow injected
code to be executed with browser chrome privileges.
- SPDY's request header compression leads to information
leakage, which can allow private data such as session
cookies to be extracted, even over an SSL connection.
See also :
Upgrade to Firefox 15.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 61711 ()
Bugtraq ID: 55249552565525755260552645526655274552765527855292553045530655308553105531155313553145531655317553185531955320553215532255323553245532555340553415534255857
CVE ID: CVE-2012-1956CVE-2012-1970CVE-2012-1971CVE-2012-1972CVE-2012-1973CVE-2012-1974CVE-2012-1975CVE-2012-1976CVE-2012-3956CVE-2012-3957CVE-2012-3958CVE-2012-3959CVE-2012-3960CVE-2012-3961CVE-2012-3962CVE-2012-3963CVE-2012-3964CVE-2012-3965CVE-2012-3966CVE-2012-3968CVE-2012-3969CVE-2012-3970CVE-2012-3971CVE-2012-3972CVE-2012-3973CVE-2012-3975CVE-2012-3976CVE-2012-3978CVE-2012-3980CVE-2012-4930
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.