This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is affected by
The installed version of Firefox is earlier than 10.0.11 and thus,
is potentially affected by the following security issues :
- Several memory safety bugs exist in the browser engine
used in Mozilla-based products that could be exploited
to execute arbitrary code. (CVE-2012-5843)
- An error exists in the method
'image::RasterImage::DrawFrameTo' related to GIF images
that could allow a heap-based buffer overflow leading to
arbitrary code execution. (CVE-2012-4202)
- Errors exist related to 'evalInSandbox', 'HZ-GB-2312'
charset, frames and the 'location' object, the 'Style
Inspector', and 'cross-origin wrappers' that could allow
cross-site scripting (XSS) attacks. (CVE-2012-4201,
CVE-2012-4207, CVE-2012-4209, CVE-2012-4210,
- Various use-after-free, out-of-bounds read and buffer
overflow errors exist that could potentially lead to
arbitrary code execution. (CVE-2012-4214, CVE-2012-4215,
CVE-2012-4216, CVE-2012-5829, CVE-2012-5830,
CVE-2012-5833, CVE-2012-5835, CVE-2012-5839,
Please note the 10.x ESR branch will be unsupported as of 02/13/2013.
Only the 17.x ESR branch will receive security updates after that
See also :
Upgrade to Firefox 10.0.11 ESR or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 62993 ()
Bugtraq ID: 56612566145661856628566295663156632566335663456635566365663756641566425664356646
CVE ID: CVE-2012-4201CVE-2012-4202CVE-2012-4207CVE-2012-4209CVE-2012-4210CVE-2012-4214CVE-2012-4215CVE-2012-4216CVE-2012-5829CVE-2012-5830CVE-2012-5833CVE-2012-5835CVE-2012-5839CVE-2012-5840CVE-2012-5841CVE-2012-5843
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.