How to Buy
This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is affected by
The installed version of Firefox is earlier than 18.0 and thus, is
potentially affected by the following security issues :
- Multiple unspecified use-after-free, out-of-bounds read
and buffer overflow errors exist. (CVE-2012-5829,
CVE-2013-0760, CVE-2013-0761, CVE-2013-0762,
CVE-2013-0763, CVE-2013-0766, CVE-2013-0767,
- Two intermediate certificates were improperly issued by
TURKTRUST certificate authority. (CVE-2013-0743)
- A use-after-free error exists related to displaying
HTML tables with many columns and column groups.
- An error exists related to the 'AutoWrapperChanger'
class that does not properly manage objects during
garbage collection. (CVE-2012-0745)
- An error exists related to 'jsval', 'quickstubs', and
compartmental mismatches that can lead to potentially
exploitable crashes. (CVE-2013-0746)
- Errors exist related to events in the plugin handler
that can allow same-origin policy bypass.
- An error related to the 'toString' method of XBL
objects can lead to address information leakage.
- An unspecified memory corruption issue exists.
(CVE-2013-0749, CVE-2013-0769, CVE-2013-0770)
- An error exists related to multiple XML bindings with
SVG content, contained in XBL files. (CVE-2013-0752)
- A use-after-free error exists related to
'XMLSerializer' and 'serializeToStream'.
- A use-after-free error exists related to garbage
collection and 'ListenManager'. (CVE-2013-0754)
- A use-after-free error exists related to the 'Vibrate'
library and 'domDoc'. (CVE-2013-0755)
'Proxy' objects. (CVE-2013-0756)
- 'Chrome Object Wrappers' (COW) can be bypassed by
changing object prototypes and can allow arbitrary
code execution. (CVE-2013-0757)
- An error related to SVG elements and plugins can allow
privilege escalation. (CVE-2013-0758)
- An error exists related to the address bar that can
allow URL spoofing attacks. (CVE-2013-0759)
- An error exists related to SSL and threading that
can result in potentially exploitable crashes.
- An error exists related to 'Canvas' and bad height or
width values passed to it from HTML. (CVE-2013-0768)
See also :
Upgrade to Firefox 18.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 63545 ()
Bugtraq ID: 56636571935719457195571965719757198571995720357204572055720757209572115721357215572175721857228572325723457235572365723857240572415724457258
CVE ID: CVE-2012-5829CVE-2013-0744CVE-2013-0745CVE-2013-0746CVE-2013-0747CVE-2013-0748CVE-2013-0749CVE-2013-0750CVE-2013-0752CVE-2013-0753CVE-2013-0754CVE-2013-0755CVE-2013-0756CVE-2013-0757CVE-2013-0758CVE-2013-0759CVE-2013-0760CVE-2013-0761CVE-2013-0762CVE-2013-0763CVE-2013-0764CVE-2013-0766CVE-2013-0767CVE-2013-0768CVE-2013-0769CVE-2013-0770CVE-2013-0771
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.