This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is affected by
The version of Firefox ESR 31.x installed on the remote Mac OS X host
is prior to 31.6. It is, therefore, affected by the following
- A privilege escalation vulnerability exists which
relates to anchor navigation. A remote attacker can
exploit this to bypass same-origin policy protections,
allowing a possible execution of arbitrary scripts in a
privileged context. Note that this is a variant of
CVE-2015-0818 that was fixed in Firefox ESR 31.5.3.
- Access to certain privileged internal methods is
retained when navigating from windows created to contain
privileged UI content to unprivileged pages. An attacker
elevated privileges. (CVE-2015-0802)
- A cross-site request forgery (XSRF) vulnerability exists
in the sendBeacon() function due to cross-origin
resource sharing (CORS) requests following 30x
- Multiple memory safety issues exist within the browser
engine. A remote attacker can exploit these to corrupt
memory and possibly execute arbitrary code.
- A privilege escalation vulnerability exists related to
documents loaded through a 'resource:' URL. An attacker
with elevated privileges. (CVE-2015-0816)
See also :
Upgrade to Firefox ESR 31.6 or later.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.9
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 82499 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now