Firefox < 16.0 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The installed version of Firefox is earlier than 16.0 and thus, is
affected by the following vulnerabilities :

- Several memory safety bugs exist in the browser engine
used in Mozilla-based products that could be exploited
to execute arbitrary code. (CVE-2012-3983)

- '<select>' elements can be abused to cover arbitrary
portions of a newly loaded page and may also be utilized
for click-jacking attacks. (CVE-2012-3984,
CVE-2012-5354)

- A violation in the HTML specification for
'document.domain' behavior can be abused, potentially
leading to cross-site scripting attacks. (CVE-2012-3985)

- Some methods of a feature used for testing
(DOMWindowUtils) are not properly protected and may be
called through script by web pages. (CVE-2012-3986)

- A potentially exploitable denial of service may be
caused by a combination of invoking full-screen mode and
navigating backwards in history. (CVE-2012-3988)

- A potentially exploitable crash can be caused when
making an invalid cast using the 'instanceof' operator
on certain types of JavaScript objects. (CVE-2012-3989)

- When the 'GetProperty' function is invoked through JSAP,
security checking can by bypassed when getting cross-
origin properties, potentially allowing arbitrary code
execution. (CVE-2012-3991)

- The 'location' property can be accessed by binary
plugins through 'top.location' and 'top' can be shadowed
by 'Object.defineProperty', potentially allowing cross-
site scripting attacks through plugins. (CVE-2012-3994)

- The Chrome Object Wrapper (COW) has flaws that could
allow access to privileged functions, allowing for cross-
site scripting attacks or arbitrary code execution.
(CVE-2012-3993, CVE-2012-4184)

- The 'location.hash' property is vulnerable to an attack
that could allow an attacker to inject script or
intercept post data. (CVE-2012-3992)

- The 'Address Sanitizer' tool is affected by multiple,
potentially exploitable use-after-free flaws.
(CVE-2012-3990, CVE-2012-3995, CVE-2012-4179,
CVE-2012-4180, CVE-2012-4181, CVE-2012-4182,
CVE-2012-4183)

- The 'Address Sanitizer' tool is affected by multiple,
potentially exploitable heap memory corruption issues.
(CVE-2012-4185, CVE-2012-4186, CVE-2012-4187,
CVE-2012-4188)

See also :

http://www.mozilla.org/security/announce/2012/mfsa2012-87.html
http://www.mozilla.org/security/announce/2012/mfsa2012-86.html
http://www.mozilla.org/security/announce/2012/mfsa2012-85.html
http://www.mozilla.org/security/announce/2012/mfsa2012-84.html
http://www.mozilla.org/security/announce/2012/mfsa2012-83.html
http://www.mozilla.org/security/announce/2012/mfsa2012-82.html
http://www.mozilla.org/security/announce/2012/mfsa2012-81.html
http://www.mozilla.org/security/announce/2012/mfsa2012-80.html
http://www.mozilla.org/security/announce/2012/mfsa2012-79.html
http://www.mozilla.org/security/announce/2012/mfsa2012-78.html
http://www.mozilla.org/security/announce/2012/mfsa2012-77.html
http://www.mozilla.org/security/announce/2012/mfsa2012-76.html
http://www.mozilla.org/security/announce/2012/mfsa2012-75.html
http://www.mozilla.org/security/announce/2012/mfsa2012-74.html

Solution :

Upgrade to Firefox 16.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true