This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is potentially
affected by multiple vulnerabilities.
The installed version of Firefox is earlier than 24.0 and is,
therefore, potentially affected by multiple vulnerabilities :
- Memory issues exist in the browser engine that could
allow for denial of service or arbitrary code execution.
- The HTML5 Tree Builder does not properly maintain
states, which could result in a denial of service or
possible arbitrary code execution. (CVE-2013-1720)
- The ANGLE library is vulnerable to an integer overflow,
which could result in a denial of service or arbitrary
code execution. (CVE-2013-1721)
- Multiple use-after-free problems exist, which could
result in denial of service attacks or arbitrary code
execution. (CVE-2013-1722, CVE-2013-1724,
CVE-2013-1735, CVE-2013-1736, CVE-2013-1738)
- The NativeKey widget does not properly terminate key
messages, possibly leading to a denial of service attack.
compartments can result in denial of service or possibly
arbitrary code execution. (CVE-2013-1725)
- Local users can gain the same privileges as the Mozilla
Updater because the application does not ensure
exclusive access to the update file. An attacker can
exploit this by inserting a malicious file into the
update file. (CVE-2013-1726)
- Sensitive information can be obtained via unspecified
properly initialize memory. (CVE-2013-1728)
of service or arbitrary code execution. Versions of
Firefox 20 or greater are not susceptible to the
arbitrary code execution mentioned above.
- A buffer overflow is possible because of an issue with
multi-column layouts. (CVE-2013-1732)
- An object is not properly identified during use of
user-defined getter methods on DOM proxies. This can
result in access restrictions being bypassed.
- An issue in the NVIDIA OS X graphic drivers allows the
user's desktop to be viewed by web content, potentially
exposing sensitive information. (CVE-2013-1729)
See also :
Upgrade to Firefox 24.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 69989 ()
Bugtraq ID: 6246062462624636246462465624666246762468624696247062472624736247462475624786247962482
CVE ID: CVE-2013-1718CVE-2013-1719CVE-2013-1720CVE-2013-1721CVE-2013-1722CVE-2013-1723CVE-2013-1724CVE-2013-1725CVE-2013-1726CVE-2013-1728CVE-2013-1729CVE-2013-1730CVE-2013-1732CVE-2013-1735CVE-2013-1736CVE-2013-1737CVE-2013-1738
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.