How to Buy
This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is potentially
affected by multiple vulnerabilities.
The installed version of Firefox ESR 17.x is earlier than 17.0.7 and
is, therefore, potentially affected by the following vulnerabilities :
- Various, unspecified memory safety issues exist.
- Heap-use-after-free errors exist related to
'nsIDocument::GetRootElement' and 'mozilla::ResetDir'.
(CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)
- An error exists related to 'XBL scope', 'System Only
Wrappers' (SOW) and chrome-privileged pages that could
allow cross-site scripting attacks. (CVE-2013-1687)
- An error related to 'onreadystatechange' and unmapped
memory could cause application crashes and allow
arbitrary code execution. (CVE-2013-1690)
- The application sends data in the body of XMLHttpRequest
(XHR) HEAD requests and could aid in cross-site request
forgery attacks. (CVE-2013-1692)
- An error related to the processing of SVG content could
allow a timing attack to disclose information across
- An error exists related to 'PreserveWrapper' and the
'preserved-wrapper' flag that could cause potentially
exploitable application crashes. (CVE-2013-1694)
- An error exists related to the 'toString' and 'valueOf'
methods that could allow 'XrayWrappers' to be bypassed.
See also :
Upgrade to Firefox 17.0.7 ESR or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 66988 ()
Bugtraq ID: 607656076660773607746077660777607786078360787
CVE ID: CVE-2013-1682CVE-2013-1684CVE-2013-1685CVE-2013-1686CVE-2013-1687CVE-2013-1690CVE-2013-1692CVE-2013-1693CVE-2013-1694CVE-2013-1697
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.