Firefox < 28.0 Multiple Vulnerabilities (Mac OS X)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host contains a web browser that is potentially
affected by multiple vulnerabilities.

Description :

The installed version of Firefox is a version prior to version 28.0.
It is, therefore, potentially affected by multiple vulnerabilities :

- Memory issues exist that could lead to arbitrary code
execution. (CVE-2014-1493, CVE-2014-1494)

- An issue exists where extracted files for updates are
not read-only while updating. An attacker may be able
to modify these extracted files resulting in privilege
escalation. (CVE-2014-1496)

- An out-of-bounds read error exists when decoding WAV
format audio files that could lead to a denial of
service attack or information disclosure.
(CVE-2014-1497)

- An issue exists in the 'crypto.generateCRFMRequest'
method due to improper validation of the KeyParams
argument when generating 'ec-dual-use' requests. This
could lead to a denial of service attack.
(CVE-2014-1498)

- An issue exists that could allow for spoofing attacks to
occur during a WebRTC session. Exploitation of this
issue could allow an attacker to gain access to the
user's webcam or microphone. (CVE-2014-1499)

- An issue exists with JavaScript 'onbeforeunload' events
that could lead to denial of service attacks.
(CVE-2014-1500)

- An issue exists where WebGL context from one website
can be injected into the WebGL context of another
website, which could result in arbitrary content being
rendered from the second website. (CVE-2014-1502)

- A cross-site scripting issue exists due to the Content
Security Policy (CSP) of 'data:' documents not being
saved for a session restore. Under certain
circumstances, an attacker may be able to evade the CSP
of a remote website resulting in a cross-scripting
attack. (CVE-2014-1504)

- An out-of-bounds read error exists when polygons are
rendered in 'MathML' that could lead to information
disclosure. (CVE-2014-1508)

- A memory corruption issue exists in the Cairo graphics
library when rendering a PDF file that could lead to
arbitrary code execution or a denial of service attack.
(CVE-2014-1509)

- An issue exists in the SVG filters and the
feDisplacementMap element that could lead to
information disclosure via timing attacks.
(CVE-2014-1505)

- An issue exists that could allow malicious websites to
load chrome-privileged pages when JavaScript
implemented WebIDL calls the 'window.open()' function,
which may result in arbitrary code execution.
(CVE-2014-1510)

- An issue exists that could allow a malicious website to
bypass the pop-up blocker. (CVE-2014-1511)

- A use-after-free memory issue exists in 'TypeObjects'
in the JavaScript engine during Garbage Collection
that could lead to arbitrary code execution.
(CVE-2014-1512)

- An out-of-bounds write error exists due to
'TypedArrayObject' improperly handling 'ArrayBuffer'
objects that could result in arbitrary code execution.
(CVE-2014-1513)

- An out-of-bounds write error exists when copying values
from one array to another that could result in arbitrary
code execution. (CVE-2014-1514)

See also :

http://www.securityfocus.com/archive/1/531617/30/0/threaded
http://www.mozilla.org/security/announce/2014/mfsa2014-15.html
http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
http://www.mozilla.org/security/announce/2014/mfsa2014-17.html
http://www.mozilla.org/security/announce/2014/mfsa2014-18.html
http://www.mozilla.org/security/announce/2014/mfsa2014-19.html
http://www.mozilla.org/security/announce/2014/mfsa2014-15.html
http://www.mozilla.org/security/announce/2014/mfsa2014-16.html
http://www.mozilla.org/security/announce/2014/mfsa2014-17.html
http://www.mozilla.org/security/announce/2014/mfsa2014-18.html
http://www.mozilla.org/security/announce/2014/mfsa2014-19.html
http://www.mozilla.org/security/announce/2014/mfsa2014-20.html
http://www.mozilla.org/security/announce/2014/mfsa2014-22.html
http://www.mozilla.org/security/announce/2014/mfsa2014-23.html
http://www.mozilla.org/security/announce/2014/mfsa2014-26.html
http://www.mozilla.org/security/announce/2014/mfsa2014-27.html
http://www.mozilla.org/security/announce/2014/mfsa2014-28.html
http://www.mozilla.org/security/announce/2014/mfsa2014-29.html
http://www.mozilla.org/security/announce/2014/mfsa2014-30.html
http://www.mozilla.org/security/announce/2014/mfsa2014-31.html
http://www.mozilla.org/security/announce/2014/mfsa2014-32.html

Solution :

Upgrade to Firefox 28.0 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true