This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is potentially
affected by multiple vulnerabilities.
The installed version of Firefox ESR 24.x is prior to 24.4 and is,
therefore, potentially affected by the following vulnerabilities :
- Memory issues exist that could lead to arbitrary code
execution. (CVE-2014-1493, CVE-2014-1494)
- An issue exists where extracted files for updates are
not read-only while updating. An attacker may be able
to modify these extracted files resulting in privilege
- An out-of-bounds read error exists when decoding WAV
format audio files that could lead to a denial of
service attack or information disclosure.
- An out-of-bounds read error exists when polygons are
rendered in 'MathML' that could lead to information
- A memory corruption issue exists in the Cairo graphics
library when rendering a PDF file that could lead to
arbitrary code execution or a denial of service attack.
- An issue exists in the SVG filters and the
feDisplacementMap element that could lead to
information disclosure via timing attacks.
- An issue exists that could allow malicious websites to
implemented WebIDL calls the 'window.open()' function,
which could result in arbitrary code execution.
- An issue exists that could allow a malicious website to
bypass the pop-up blocker. (CVE-2014-1511)
- A use-after-free memory issue exists in 'TypeObjects'
that could lead to arbitrary code execution.
- An out-of-bounds write error exists due to
'TypedArrayObject' improperly handling 'ArrayBuffer'
objects that could result in arbitrary code execution.
- An out-of-bounds write error exists when copying values
from one array to another that could result in arbitrary
code execution. (CVE-2014-1514)
See also :
Upgrade to Firefox ESR 24.4 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 73095 ()