Firefox ESR 17.x < 17.0.7 Multiple Vulnerabilities
Critical Nessus Plugin ID 66992
Synopsis
The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities.
Description
The installed version of Firefox ESR 17.x is earlier than 17.0.7, and is, therefore, potentially affected by the following vulnerabilities :
- Various, unspecified memory safety issues exist.
(CVE-2013-1682)
- Heap-use-after-free errors exist related to 'LookupMediaElementURITable', 'nsIDocument::GetRootElement' and 'mozilla::ResetDir'.
(CVE-2013-1684, CVE-2013-1685, CVE-2013-1686)
- An error exists related to 'XBL scope', 'System Only Wrappers' (SOW) and chrome-privileged pages that could allow cross-site scripting attacks. (CVE-2013-1687)
- An error related to 'onreadystatechange' and unmapped memory could cause application crashes and allow arbitrary code execution. (CVE-2013-1690)
- The application sends data in the body of XMLHttpRequest (XHR) HEAD requests and could aid in cross-site request forgery attacks. (CVE-2013-1692)
- An error related to the processing of SVG content could allow a timing attack to disclose information across domains. (CVE-2013-1693)
- An error exists related to 'PreserveWrapper' and the 'preserved-wrapper' flag that could cause potentially exploitable application crashes. (CVE-2013-1694)
- An error exists related to the 'toString' and 'valueOf' methods that could allow 'XrayWrappers' to be bypassed.
(CVE-2013-1697)
Solution
Upgrade to Firefox 17.0.7 ESR or later.