This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is potentially
affected by multiple vulnerabilities.
The installed version of Firefox is a version prior to version 29.0.
It is, therefore, potentially affected by multiple vulnerabilities :
- An issue exists in the Network Security (NSS) library
due to improper handling of IDNA domain prefixes for
wildcard certificates. This issue could allow man-in-
the-middle attacks. (CVE-2014-1492)
- Memory issues exist that could lead to arbitrary code
execution. (CVE-2014-1518, CVE-2014-1519)
- An out-of-bounds read issue exists in the Web Audio
feature that could lead to information disclosure.
- An out-of-bounds read issue exists when decoding
certain JPG images that could lead to a denial of
- A memory corruption issue exists due to improper
validation of XBL objects that could lead to arbitrary
code execution. (CVE-2014-1524)
- A use-after-free memory issue exists in the Text Track
Manager during HTML video processing that could lead
to arbitrary code execution. (CVE-2014-1525)
- An issue exists related to the debugger bypassing
XrayWrappers that could lead to privilege escalation.
- A security bypass issue exists in the Web Notification
API that could lead to arbitrary code execution.
- A cross-site scripting issue exists that could allow an
attacker to load another website other than the URL for
the website that is shown in the address bar.
- A use-after-free issue exists due to an 'imgLoader'
object being freed when being resized. This issue
could lead to arbitrary code execution. (CVE-2014-1531)
- A use-after-free issue exists during host resolution
that could lead to arbitrary code execution.
See also :
Upgrade to Firefox 29.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 73766 ()