This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is potentially
affected by multiple vulnerabilities.
The installed version of Firefox ESR 24.x is a version prior to 24.1.1
and is, therefore, potentially affected by the following vulnerabilities :
- An error exists related to handling input greater than
half the maximum size of the 'PRUint32' value.
- An error exists in the 'Null_Cipher' function in the
file 'ssl/ssl3con.c' related to handling invalid
handshake packets that could allow arbitrary code
- An error exists in the 'CERT_VerifyCert' function in
the file 'lib/certhigh/certvfy.c' that could allow
invalid certificates to be treated as valid.
- An integer truncation error exists in the function
'PL_ArenaAllocate' in the Netscape Portable Runtime
(NSPR) library. (CVE-2013-5607)
See also :
Upgrade to Firefox ESR 24.1.1 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 70945 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now