This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.
The remote Windows host contains a web browser that is potentially
affected by multiple vulnerabilities.
The installed version of Firefox ESR 24.x is a version prior to 24.5.
It is, therefore, potentially affected by the following
- Memory issues exist that could lead to arbitrary code
execution. (CVE-2014-1518, CVE-2014-1519)
- An issue exists related to the 'Mozilla Maintenance
Service' that could lead to privilege escalation due to
the creation of a writeable temporary directory during
the update process. (CVE-2014-1520)
- An out-of-bounds read issue exists when decoding
certain JPG images that could lead to a denial of
- A memory corruption issue exists due to improper
validation of XBL objects that could lead to arbitrary
code execution. (CVE-2014-1524)
- A security bypass issue exists in the Web Notification
API that could lead to arbitrary code execution.
- A cross-site scripting issue exists that could allow an
attacker to load another website other than the URL for
the website that is shown in the address bar.
- A use-after-free issue exists due to an 'imgLoader'
object being freed when being resized. This issue
could lead to arbitrary code execution. (CVE-2014-1531)
- A use-after-free issue exists during host resolution
that could lead to arbitrary code execution.
See also :
Upgrade to Firefox ESR 24.5 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false
Nessus Plugin ID: 73768 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now