Firefox < 25.0 Multiple Vulnerabilities (Mac OS X)

High Nessus Plugin ID 70711

Synopsis

The remote Mac OS X host contains a web browser that is potentially affected by multiple vulnerabilities.

Description

The installed version of Firefox is earlier than 25.0 and is, therefore, potentially affected by multiple vulnerabilities :

- The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (2013-1739)

- Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592)

- Arbitrary HTML content can be put into 'select' elements. This can be used to spoof the displayed address bar, leading to clickjacking and other spoofing attacks. (CVE-2013-5593)

- Memory issues exist in the JavaScript engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5595, CVE-2013-5602)

- A race condition exists during image collection on large web pages that could result in a denial of service or arbitrary code execution. (CVE-2013-5596)

- Multiple use-after-free vulnerabilities exist that could result in a denial of service or arbitrary code execution. (CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5603)

- Improper handling of the 'IFRAME' element in PDF.js could result in reading arbitrary files and arbitrary JavaScript code execution. (CVE-2013-5598)

- A stack-based buffer overflow in txXPathNodeUtils::getBaseURI is possible due to uninitialized data during XSLT processing.
(CVE-2013-5604)

Solution

Upgrade to Firefox 25.0 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2013-93/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-94/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-95/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-96/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-97/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-98/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-99/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-100/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-101/

https://www.mozilla.org/en-US/security/advisories/mfsa2013-102/

Plugin Details

Severity: High

ID: 70711

File Name: macosx_firefox_25.nasl

Version: 1.8

Type: local

Agent: macosx

Published: 2013/10/31

Updated: 2018/07/14

Dependencies: 55417

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Required KB Items: MacOSX/Firefox/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/10/29

Vulnerability Publication Date: 2013/10/29

Reference Information

CVE: CVE-2013-1739, CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604

BID: 62966, 63405, 63415, 63416, 63417, 63418, 63419, 63420, 63421, 63422, 63423, 63424, 63427, 63428, 63429, 63430