Detections
Analytics
Firefox < 21.0 Multiple Vulnerabilities (Mac OS X)
critical Nessus Plugin ID 66476
Language:
Synopsis
The remote Mac OS X host contains a web browser that is potentially affected by multiple vulnerabilities.Description
The installed version of Firefox is earlier than 21.0 and is, therefore, potentially affected by multiple vulnerabilities :- Various memory safety issues exist. (CVE-2013-0801, CVE-2013-1669)
- It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670)
- An information leakage exists because the file input control has access to the full path. (CVE-2013-1671)
- A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672)
- The Mozilla Maintenance Service on Windows is vulnerable to a previously fixed privilege escalation attack. Note that new installations of Firefox after version 12 are not affected by this issue. (CVE-2013-1673, CVE-2012-1942)
- A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674)
- Some 'DOMSVGZoomEvent' functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675)
- Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
Solution
Upgrade to Firefox 21.0 or later.See Also
https://www.mozilla.org/en-US/security/advisories/mfsa2013-41/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-42/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-43/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-45/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-46/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-47/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-48/
Plugin Details
Severity: Critical
ID: 66476
File Name: macosx_firefox_21.nasl
Version: 1.13
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 5/16/2013
Updated: 4/25/2023
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2013-1681
Vulnerability Information
CPE: cpe:/a:mozilla:firefox
Required KB Items: MacOSX/Firefox/Installed
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/14/2013
Vulnerability Publication Date: 5/14/2013
CISA Known Exploited Vulnerability Due Dates: 3/24/2022
Reference Information
CVE: CVE-2012-1942, CVE-2013-0801, CVE-2013-1669, CVE-2013-1670, CVE-2013-1671, CVE-2013-1672, CVE-2013-1673, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
BID: 59872, 59873, 53803, 59852, 59855, 59858, 59859, 59860, 59861, 59862, 59863, 59864, 59865, 59868, 59869, 59870