Firefox ESR 24.x < 24.3 Multiple Vulnerabilities

High Nessus Plugin ID 72330


The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities.


The installed version of Firefox ESR 24.x is earlier than 24.3, and is, therefore, potentially affected by the following vulnerabilities :

- Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477)

- An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479)

- An error exists related to the JavaScript engine and 'window' object handling that has unspecified impact.

- An error exists related to 'RasterImage' and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482)

- A use-after-free error exists related to image handling and 'imgRequestProxy' that could allow application crashes and possibly arbitrary code execution.

- An error exists related to 'web workers' that could allow cross-origin information disclosure.

- Network Security Services (NSS) contains a race condition in libssl that occurs during session ticket processing. A remote attacker can exploit this flaw to cause a denial of service. (CVE-2014-1490)

- Network Security Services (NSS) does not properly restrict public values in Diffie-Hellman key exchanges, allowing a remote attacker to bypass cryptographic protection mechanisms. (CVE-2014-1491)


Upgrade to Firefox ESR 24.3 or later.

See Also

Plugin Details

Severity: High

ID: 72330

File Name: mozilla_firefox_24_3_esr.nasl

Version: $Revision: 1.10 $

Type: local

Agent: windows

Family: Windows

Published: 2014/02/05

Modified: 2017/06/09

Dependencies: 20862

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_esr

Required KB Items: Mozilla/Firefox/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/02/04

Vulnerability Publication Date: 2014/02/04

Reference Information

CVE: CVE-2014-1477, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487, CVE-2014-1490, CVE-2014-1491

BID: 65317, 65320, 65326, 65328, 65330, 65332, 65334, 65335

OSVDB: 102863, 102864, 102866, 102868, 102872, 102873, 102876, 102877