Firefox ESR 24.x < 24.5 Multiple Vulnerabilities

High Nessus Plugin ID 73768


The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities.


The installed version of Firefox ESR 24.x is a version prior to 24.5.
It is, therefore, potentially affected by the following vulnerabilities :

- Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1518, CVE-2014-1519)

- An issue exists related to the 'Mozilla Maintenance Service' that could lead to privilege escalation due to the creation of a writeable temporary directory during the update process. (CVE-2014-1520)

- An out-of-bounds read issue exists when decoding certain JPG images that could lead to a denial of service. (CVE-2014-1523)

- A memory corruption issue exists due to improper validation of XBL objects that could lead to arbitrary code execution. (CVE-2014-1524)

- A security bypass issue exists in the Web Notification API that could lead to arbitrary code execution.

- A cross-site scripting issue exists that could allow an attacker to load another website other than the URL for the website that is shown in the address bar.

- A use-after-free issue exists due to an 'imgLoader' object being freed when being resized. This issue could lead to arbitrary code execution. (CVE-2014-1531)

- A use-after-free issue exists during host resolution that could lead to arbitrary code execution.


Upgrade to Firefox ESR 24.5 or later.

See Also

Plugin Details

Severity: High

ID: 73768

File Name: mozilla_firefox_24_5_esr.nasl

Version: $Revision: 1.10 $

Type: local

Agent: windows

Family: Windows

Published: 2014/04/29

Modified: 2017/12/28

Dependencies: 20862

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_esr

Required KB Items: Mozilla/Firefox/Version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/04/29

Vulnerability Publication Date: 2014/04/29

Reference Information

CVE: CVE-2014-1518, CVE-2014-1519, CVE-2014-1520, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532

BID: 67123, 67125, 67126, 67129, 67130, 67131, 67134, 67135, 67137

OSVDB: 106395, 106397, 106401, 106402, 106403, 106404, 106406

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990