Firefox ESR 17.x < 17.0.3 Multiple Vulnerabilities

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The installed version of Firefox ESR 17.x is potentially affected by the
following security issues :

- Numerous memory safety errors exist. (CVE-2013-0783)

- An error exists related to Chrome Object Wrappers (COW)
or System Only Wrappers (SOW) that could allow security
bypass. (CVE-2013-0773)

- The file system location of the active browser profile
could be disclosed and used in further attacks.

- A use-after-free error exists in the function
'nsImageLoadingContent'. (CVE-2013-0775)

- Spoofing HTTPS URLs is possible due to an error related
to proxy '407' responses and embedded script code.

- A heap-based use-after-free error exists in the function
'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780)

- A heap-based buffer overflow error exists in the
function 'nsSaveAsCharset::DoCharsetConversion'.

See also :

Solution :

Upgrade to Firefox 17.0.3 ESR or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now