Firefox ESR 24.x < 24.1.1 NSS and NSPR Multiple Vulnerabilities (Mac OS X)
High Nessus Plugin ID 70945
SynopsisThe remote Mac OS X host contains a web browser that is potentially affected by multiple vulnerabilities.
DescriptionThe installed version of Firefox ESR 24.x is a version prior to 24.1.1 and is, therefore, potentially affected by the following vulnerabilities :
- An error exists related to handling input greater than half the maximum size of the 'PRUint32' value.
- An error exists in the 'Null_Cipher' function in the file 'ssl/ssl3con.c' related to handling invalid handshake packets that could allow arbitrary code execution. (CVE-2013-5605)
- An error exists in the 'CERT_VerifyCert' function in the file 'lib/certhigh/certvfy.c' that could allow invalid certificates to be treated as valid.
- An integer truncation error exists in the function 'PL_ArenaAllocate' in the Netscape Portable Runtime (NSPR) library. (CVE-2013-5607)
SolutionUpgrade to Firefox ESR 24.1.1 or later.