How to Buy
This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is potentially
affected by multiple vulnerabilities.
The installed version of Firefox is earlier than 22.0 and is,
therefore, potentially affected by multiple vulnerabilities :
- Various, unspecified memory safety issues exist.
- Heap-use-after-free errors exist related to
'nsIDocument::GetRootElement' and 'mozilla::ResetDir'.
(CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)
- An error exists related to 'XBL scope', 'System Only
Wrappers' (SOW) and chrome-privileged pages that could
allow cross-site scripting attacks. (CVE-2013-1687)
- An error exists related to the 'profiler' that could
allow arbitrary code execution. (CVE-2013-1688)
- An error related to 'onreadystatechange' and unmapped
memory could cause application crashes and allow
arbitrary code execution. (CVE-2013-1690)
- The application sends data in the body of XMLHttpRequest
(XHR) HEAD requests and could aid in cross-site request
forgery attacks. (CVE-2013-1692)
- An error related to the processing of SVG content could
allow a timing attack to disclose information across
- An error exists related to 'PreserveWrapper' and the
'preserved-wrapper' flag that could cause potentially
exploitable application crashes. (CVE-2013-1694)
- An error exists related to '<iframe sandbox>'
restrictions that could allow a bypass of these
- The 'X-Frame-Options' header is ignored in certain
situations and can aid in click-jacking attacks.
- An error exists related to the 'toString' and 'valueOf'
methods that could allow 'XrayWrappers' to be bypassed.
- An error exists related to the 'getUserMedia'
permission dialog that could allow a user to be tricked
into giving access to unintended domains.
- Homograph domain spoofing protection is incomplete and
certain attacks are still possible using
Internationalized Domain Names (IDN). (CVE-2013-1699)
See also :
Upgrade to Firefox 22.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 66989 ()
Bugtraq ID: 60765607666076860773607746077660777607786077960783607846078560787607886078960790
CVE ID: CVE-2013-1682CVE-2013-1683CVE-2013-1684CVE-2013-1685CVE-2013-1686CVE-2013-1687CVE-2013-1688CVE-2013-1690CVE-2013-1692CVE-2013-1693CVE-2013-1694CVE-2013-1695CVE-2013-1696CVE-2013-1697CVE-2013-1698CVE-2013-1699
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.