Firefox < 37.0.2 Failed Plugin Memory Corruption (Mac OS X)
High Nessus Plugin ID 82997
SynopsisThe remote Mac OS X host contains a web browser that is affected by a memory corruption vulnerability.
DescriptionThe version of Firefox installed on the remote Mac OS X host is prior to 37.0.2. It is, therefore, affected by a use-after-free error, related to the AsyncPaintWaitEvent() method, due to a race condition caused when plugin initialization fails. A remote attacker, using a crafted web page, can exploit this to execute arbitrary code.
SolutionUpgrade to Firefox 37.0.2 or later.