Firefox ESR < 17.0.10 Multiple Vulnerabilities
High Nessus Plugin ID 70714
SynopsisThe remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities.
DescriptionThe installed version of Firefox ESR is earlier than 17.0.10, and is, therefore, potentially affected by the following vulnerabilities :
- The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (2013-1739)
- Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592)
- Multiple use-after-free vulnerabilities exist that could result in a denial of service or arbitrary code execution. (CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601)
- A stack-based buffer overflow in txXPathNodeUtils::getBaseURI is possible due to uninitialized data during XSLT processing.
SolutionUpgrade to Firefox ESR 17.0.10 or later.