This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is potentially
affected by multiple vulnerabilities.
The installed version of Firefox ESR 24.x is prior to 24.4 and is,
therefore, potentially affected by the following vulnerabilities :
- Memory issues exist that could lead to arbitrary code
execution. (CVE-2014-1493, CVE-2014-1494)
- An issue exists where extracted files for updates are
not read-only while updating. An attacker may be able
to modify these extracted files resulting in privilege
- An out-of-bounds read error exists when decoding WAV
format audio files that could lead to a denial of
service attack or information disclosure.
- An out-of-bounds read error exists when polygons are
rendered in 'MathML' that could lead to information
- A memory corruption issue exists in the Cairo graphics
library when rendering a PDF file that could lead to
arbitrary code execution or a denial of service attack.
- An issue exists in the SVG filters and the
feDisplacementMap element that could lead to
information disclosure via timing attacks.
- An issue exists that could allow malicious websites to
implemented WebIDL calls the 'window.open()' function,
which could result in arbitrary code execution.
- An issue exists that could allow a malicious website to
bypass the pop-up blocker. (CVE-2014-1511)
- A use-after-free memory issue exists in 'TypeObjects'
that could lead to arbitrary code execution.
- An out-of-bounds write error exists due to
'TypedArrayObject' improperly handling 'ArrayBuffer'
objects that could result in arbitrary code execution.
- An out-of-bounds write error exists when copying values
from one array to another that could result in arbitrary
code execution. (CVE-2014-1514)
See also :
Upgrade to Firefox ESR 24.4 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 73095 ()
Bugtraq ID: 662036620666207662096624066412664166641866419664236642566426
CVE ID: CVE-2014-1493CVE-2014-1494CVE-2014-1496CVE-2014-1497CVE-2014-1505CVE-2014-1508CVE-2014-1509CVE-2014-1510CVE-2014-1511CVE-2014-1512CVE-2014-1513CVE-2014-1514
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.