SynopsisThe remote Mac OS X host contains a web browser that is affected by multiple vulnerabilities.
DescriptionThe version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.6. It is, therefore, affected by the following vulnerabilities :
- A privilege escalation vulnerability exists which relates to anchor navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context. Note that this is a variant of CVE-2015-0818 that was fixed in Firefox ESR 31.5.3.
- A cross-site request forgery (XSRF) vulnerability exists in the sendBeacon() function due to cross-origin resource sharing (CORS) requests following 30x redirections. (CVE-2015-0807)
- Multiple memory safety issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and possibly execute arbitrary code.
SolutionUpgrade to Firefox ESR 31.6 or later.