New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
Synopsis
The remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities.
Description
The installed version of Firefox is earlier than 15.0 and thus, is potentially affected by the following security issues :
- An error exists related to 'Object.defineProperty' and the location object that could allow cross-site scripting attacks. (CVE-2012-1956)
- Unspecified memory safety issues exist. (CVE-2012-1970, CVE-2012-1971)
- Multiple use-after-free errors exist. (CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)
- An error exists related to 'about:newtab' and the browser's history. This error can allow a newly opened tab to further open a new window and navigate to the privileged 'about:newtab' page leading to possible privilege escalation. (CVE-2012-3965)
- An error exists related to bitmap (BMP) and icon (ICO) file decoding that can lead to memory corruption causing application crashes and potentially arbitrary code execution. (CVE-2012-3966)
- A use-after-free error exists related to WebGL shaders.
(CVE-2012-3968)
- A buffer overflow exists related to SVG filters.
(CVE-2012-3969)
- A use-after-free error exists related to elements having 'requiredFeatures' attributes. (CVE-2012-3970)
- A 'Graphite 2' library memory corruption error exists.
(CVE-2012-3971)
- An XSLT out-of-bounds read error exists related to 'format-number'. (CVE-2012-3972)
- Remote debugging is possible even when disabled and the 'HTTPMonitor' extension is enabled. (CVE-2012-3973)
- The DOM parser can unintentionally load linked resources in extensions. (CVE-2012-3975)
- Incorrect SSL certificate information can be displayed in the address bar when two 'onLocationChange' events fire out of order. (CVE-2012-3976)
- Security checks related to location objects can be bypassed if crafted calls are made to the browser chrome code. (CVE-2012-3978)
- Calling 'eval' in the web console can allow injected code to be executed with browser chrome privileges.
(CVE-2012-3980)
- SPDY's request header compression leads to information leakage, which can allow private data such as session cookies to be extracted, even over an SSL connection.
(CVE-2012-4930)
Solution
Upgrade to Firefox 15.0 or later.