The version of Firefox installed on the remote macOS or Mac OS X host is prior to 62.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2018-22 advisory.

  - A potentially exploitable crash in <code>TransportSecurityInfo</code> used for SSL can be triggered by     data stored in the local cache in the user profile directory. This issue is only exploitable in     combination with another vulnerability allowing an attacker to write data into the local cache or from     locally installed malware. This issue also triggers a non-exploitable startup crash for users switching     between the Nightly and Release versions of Firefox if the same profile is used. (CVE-2018-12385)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-17 advisory.

  - A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer     overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2     version 1.3.10. (CVE-2017-7778)

  - A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS     layout when attempting to use a node in the tree that no longer exists. This results in a potentially     exploitable crash. (CVE-2017-5472)

  - A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This     results in a potentially exploitable crash. (CVE-2017-7749)

  - A use-after-free vulnerability during video control operations when a <code><track></code> element     holds a reference to an older window if that window has been replaced in the DOM. This results in a     potentially exploitable crash. (CVE-2017-7750)

  - A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable     crash. (CVE-2017-7751)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-21 advisory.

  - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by     JavaScript code that is providing payload values to be stored. This results in a potentially exploitable     crash. (CVE-2018-12378)

  - A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances     during shutdown when the timer is deleted while still in use. This results in a potentially exploitable     crash. (CVE-2018-12377)

  - A same-origin policy violation allowing the theft of cross-origin URL entries when using a     <code><meta> meta http-equiv=refresh</code> on a page to cause a redirection to another site using     <code>performance.getEntries()</code>. This is a same-origin policy violation and could allow for data     theft. (CVE-2018-18499)

  - When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-     bounds write can be triggered, leading to a potentially exploitable crash. This requires running the     Mozilla Updater manually on the local system with the malicious MAR file in order to occur.
    (CVE-2018-12379)

  - Browser proxy settings can be bypassed by using the automount feature with autofs to create a mount point     on the local file system. Content can be loaded from this mounted file system directly using a     <code>file:</code> URI, bypassing configured proxy settings.  Note: this issue only affects OS X in     default configurations. On Linux systems, autofs must be installed for the vulnerability to occur and     Windows is not affected. (CVE-2017-16541)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 57.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-27 advisory.

  - When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB     and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this     stored data will persist across multiple private browsing mode sessions because it is not cleared when     exiting. (CVE-2017-7843)

  - A combination of an external SVG image referenced on a page and the coloring of anchor links stored within     this image can be used to determine which pages a user has in their history. This can allow a malicious     website to query user history.  Note: This issue only affects Firefox 57. Earlier releases are not     affected. (CVE-2017-7844)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-09 advisory.

  - Mozilla developers and community members Carsten Book, Calixte Denizet, Christian Holler, Andrew     McCreight, David Bolter, David Keeler, Jon Coppeard, Tyson Smith, Ronald Crane, Tooru Fujisawa, Ben Kelly,     Bob Owen, Jed Davis, Julian Seward, Julian Hector, Philipp, Markus Stange, and  Andr Bargull reported     memory safety bugs present in Firefox 51. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort that some of these could be exploited to run arbitrary code.
    (CVE-2017-5399)

  - A segmentation fault can occur during some bidirectional layout operations. (CVE-2017-5413)

  - JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections     leading to potential memory corruption attacks. (CVE-2017-5400)

  - A crash triggerable by web content in which an <code>ErrorResult</code> references unassigned memory due     to a logic error. The resulting crash may be exploitable. (CVE-2017-5401)

  - A use-after-free can occur when events are fired for a <code>FontFace</code> object after the object has     been already been destroyed while working with fonts. This results in a potentially exploitable crash.
    (CVE-2017-5402)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 60.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-11 advisory.

  - Mozilla developers and community members Christoph Diehl, Christian Holler, Jon Coppeard, Jason Kratzer,     Nathan Froyd, Paul Theriault, Ryan VanderMeulen, Tyson Smith, Sebastian Hengst, Byron Campen, Emilio Cobos     lvarez, Ronald Crane, and Phillipp reported memory safety bugs present in Firefox 59. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort that some of these could be     exploited to run arbitrary code. (CVE-2018-5151)

  - An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer     overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable     crash triggerable by web content. (CVE-2018-5159)

  - A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip     paths. This results in a potentially exploitable crash. (CVE-2018-5154)

  - A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths.
    This results in a potentially exploitable crash. (CVE-2018-5155)

  - Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept     messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an     authenticated user on a third-party website. (CVE-2018-5157)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 58.0.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2018-05 advisory.

  - Sanitize HTML fragments created for chrome-privileged documents(CVE-2018-5124) (CVE-2018-5124)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 51.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-01 advisory.

  - A use-after-free vulnerability in the Media Decoder when working with media files when some events are     fired after the media elements are freed from memory. (CVE-2017-5396)

  - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory     corruption attacks. (CVE-2017-5375)

  - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376)

  - A memory corruption vulnerability in Skia that can occur when using transforms to make gradients,     resulting in a potentially exploitable crash. (CVE-2017-5377)

  - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an     objects address can be discovered through hash codes, and also allows for data leakage of an objects     content using these hash codes. (CVE-2017-5378)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-07 advisory.

  - Mozilla developers Jet Villegas and Randell Jesup reported memory safety bugs present in Firefox ESR 52.6.
    These bugs showed evidence of memory corruption and we presume that with enough effort that some of these     could be exploited to run arbitrary code. (CVE-2018-5145)

  - A buffer overflow can occur when manipulating the SVG <code>animatedPathSegList</code> through script.
    This results in a potentially exploitable crash. (CVE-2018-5127)

  - A lack of parameter validation on IPC messages results in a potential out-of-bounds write through     malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the     parent process. (CVE-2018-5129)

  - When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a     potentially exploitable crash is triggered. (CVE-2018-5130)

  - Under certain circumstances the <code>fetch()</code> API can return transient local copies of resources     that were sent with a <code>no-store</code> or <code>no-cache</code> cache header instead of downloading a     copy from the network as it should. This can result in previously stored, locally cached data of a website     being accessible to users if they share a common profile while browsing. (CVE-2018-5131)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-03 advisory.

  - A use-after-free vulnerability can occur during font face manipulation when a font face is freed while     still in use, resulting in a potentially exploitable crash. (CVE-2018-5104)

  - A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers.
    This results in a potentially exploitable crash. (CVE-2018-5091)

  - An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some     systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a     potentially exploitable crash. (CVE-2018-5095)

  - A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a     potentially exploitable crash. (CVE-2018-5096)

  - A use-after-free vulnerability can occur during XSL transformations when the source document for the     transformation is manipulated by script content during the transformation. This results in a potentially     exploitable crash. (CVE-2018-5097)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-04 advisory.

  - A use-after-free vulnerability can occur during font face manipulation when a font face is freed while     still in use, resulting in a potentially exploitable crash. (CVE-2018-5104)

  - An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some     systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a     potentially exploitable crash. (CVE-2018-5095)

  - A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a     potentially exploitable crash. (CVE-2018-5096)

  - A use-after-free vulnerability can occur during XSL transformations when the source document for the     transformation is manipulated by script content during the transformation. This results in a potentially     exploitable crash. (CVE-2018-5097)

  - A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated     by script content. This results in a potentially exploitable crash. (CVE-2018-5098)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 60.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-31 advisory.

  - A potential vulnerability leading to an integer overflow can occur during buffer size calculations for     images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds     write. (CVE-2018-18498)

  - A buffer overflow and out-of-bounds read can occur in <code>TextureStorage11</code> within the ANGLE     graphics library, used for WebGL content. This results in a potentially exploitable crash.
    (CVE-2018-17466)

  - A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the     <code>select</code> element in the <code>options</code> collection. This results in a potentially     exploitable crash. (CVE-2018-18492)

  - A buffer overflow can occur in the Skia library during buffer offset calculations with hardware     accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a     potentially exploitable crash. (CVE-2018-18493)

  - A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript     <code>location</code> property to cause a redirection to another site using     <code>performance.getEntries()</code>. This is a same-origin policy violation and could allow for data     theft. (CVE-2018-18494)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 52.0.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2017-08 advisory.

  - An integer overflow in <code>createImageBitmap()</code> was reported through the Pwn2Own contest. The fix     for this vulnerability disables the experimental extensions to the <code>createImageBitmap</code> API.
    This function runs in the content sandbox, requiring a second vulnerability to compromise a user's     computer. (CVE-2017-5428)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2018-14 advisory.

  - A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted     SVG file with anti-aliasing turned off. This results in a potentially exploitable crash. (CVE-2018-6126)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.5.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-30 advisory.

  - It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via     View -> Feed article -> Website or in the standard format of View -> Feed article -> default     format. (CVE-2017-7846)

  - A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics     library, used for WebGL content. This is due to an incorrect value being passed within the library during     checks and results in a potentially exploitable crash.  Note: This attack only affects Windows operating     systems. Other operating systems are unaffected. (CVE-2017-7845)

  - Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name.
    (CVE-2017-7847)

  - RSS fields can inject new lines into the created email structure, modifying the message body.
    (CVE-2017-7848)

  - It is possible to spoof the sender's email address and display an arbitrary sender address to the email     recipient. The real sender's address is not displayed if preceded by a null character in the display     string. (CVE-2017-7829)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 45.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-11 advisory.

  - Fixed potential buffer overflows in generated Firefox code due to     [CVE-2016-6354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354) issue in Flex.
    (CVE-2017-5469)

  - A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in     an array are dropped from the animation controller while still in use. This results in a potentially     exploitable crash. (CVE-2017-5433)

  - A use-after-free vulnerability occurs during transaction processing in the editor during design mode     interactions. This results in a potentially exploitable crash. (CVE-2017-5435)

  - An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This     results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as     Mozilla products. (CVE-2017-5436)

  - An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due     to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The     NSS library has been updated to fix this issue to address this issue and Firefox ESR 45.9 has been updated     with NSS version 3.21.4. (CVE-2017-5461)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.8.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-17 advisory.

  - Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import     task. If the task runs into a failure, the secret key may remain in memory in its unprotected state.
    (CVE-2021-29950)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-23 advisory.

  - A potentially exploitable crash in <code>TransportSecurityInfo</code> used for SSL can be triggered by     data stored in the local cache in the user profile directory. This issue is only exploitable in     combination with another vulnerability allowing an attacker to write data into the local cache or from     locally installed malware. This issue also triggers a non-exploitable startup crash for users switching     between the Nightly and Release versions of Firefox if the same profile is used. (CVE-2018-12385)

  - If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of     these passwords is still accessible. This is because the older stored password file was not deleted when     the data was copied to a new format starting in Firefox 58. The new master password is added only on the     new file. This could allow the exposure of stored password data outside of user expectations.
    (CVE-2018-12383)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.7.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-06 advisory.

  - In the Angle graphics library, depth pitch computations did not take into account the block size and     simply multiplied the row pitch with the pixel height.  This caused the load functions to use a very high     depth pitch, reading past the end of the user-supplied buffer. Note: This issue only affected Windows     operating systems. Other operating systems are unaffected. (CVE-2020-16048)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 53.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2017-14 advisory.

  - A use-after-free can occur during Buffer11 API calls within the ANGLE graphics library, used for WebGL     content. This can lead to a potentially exploitable crash.  Note: This issue is in <code>libGLES</code>,     which is only in use on Windows. Other operating systems are not affected. (CVE-2017-5031)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 53.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-10 advisory.

  - Fixed potential buffer overflows in generated Firefox code due to     [CVE-2016-6354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354) issue in Flex.
    (CVE-2017-5469)

  - A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in     an array are dropped from the animation controller while still in use. This results in a potentially     exploitable crash. (CVE-2017-5433)

  - A use-after-free vulnerability occurs during transaction processing in the editor during design mode     interactions. This results in a potentially exploitable crash. (CVE-2017-5435)

  - An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This     results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as     Mozilla products. (CVE-2017-5436)

  - An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due     to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The     NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with     NSS version 3.29.5. (CVE-2017-5461)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 45.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-07 advisory.

  - Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard,     Randell Jesup, Andr Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in     Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough     effort that some of these could be exploited to run arbitrary code. (CVE-2017-5398)

  - Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due     errors in how incremental sweeping is managed for memory cleanup. (CVE-2017-5410)

  - JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections     leading to potential memory corruption attacks. (CVE-2017-5400)

  - A crash triggerable by web content in which an <code>ErrorResult</code> references unassigned memory due     to a logic error. The resulting crash may be exploitable. (CVE-2017-5401)

  - A use-after-free can occur when events are fired for a <code>FontFace</code> object after the object has     been already been destroyed while working with fonts. This results in a potentially exploitable crash.
    (CVE-2017-5402)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-16 advisory.

  - A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer     overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2     version 1.3.10. (CVE-2017-7778)

  - A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS     layout when attempting to use a node in the tree that no longer exists. This results in a potentially     exploitable crash. (CVE-2017-5472)

  - A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This     results in a potentially exploitable crash. (CVE-2017-7749)

  - A use-after-free vulnerability during video control operations when a <code><track></code> element     holds a reference to an older window if that window has been replaced in the DOM. This results in a     potentially exploitable crash. (CVE-2017-7750)

  - A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable     crash. (CVE-2017-7751)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-22 advisory.

  - Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom     Ritter, Tyson Smith, and Sebastian Hengst reported memory safety bugs present in Firefox 55 and Firefox     ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort     that some of these could be exploited to run arbitrary code. (CVE-2017-7810)

  - A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for     WebGL content. This is due to an incorrect value being passed within the library during checks and results     in a potentially exploitable crash. (CVE-2017-7824)

  - A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are     freed when still in use, resulting in a potentially exploitable crash. (CVE-2017-7793)

  - A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications     (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash.
    (CVE-2017-7818)

  - A use-after-free vulnerability can occur in design mode when image objects are resized if objects     referenced during the resizing have been freed from memory. This results in a potentially exploitable     crash. (CVE-2017-7819)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 45.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-03 advisory.

  - A use-after-free vulnerability in the Media Decoder when working with media files when some events are     fired after the media elements are freed from memory. (CVE-2017-5396)

  - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory     corruption attacks. (CVE-2017-5375)

  - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376)

  - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an     objects address can be discovered through hash codes, and also allows for data leakage of an objects     content using these hash codes. (CVE-2017-5378)

  - A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-16 advisory.

  - Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer,     David Major, Jon Coppeard, Nicolas B. Pierron, Jason Kratzer, Marcia Knous, and Ronald Crane reported     memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed     evidence of memory corruption and we presume that with enough effort that some of these could be exploited     to run arbitrary code. (CVE-2018-5188)

  - Windows 10 does not warn users before opening executable files with the <code>SettingContent-ms</code>     extension even when they have been downloaded from the internet and have the Mark of the Web. Without     the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This     also allows a WebExtension with the limited <code>downloads.open</code> permission to execute arbitrary     code without user interaction on Windows 10 systems  Note: this issue only affects Windows operating     systems. Other operating systems are unaffected. (CVE-2018-12368)

  - A buffer overflow can occur when rendering canvas content while adjusting the height and width of the     <code><canvas></code> element dynamically, causing data to be written outside of the currently     computed boundaries. This results in a potentially exploitable crash. (CVE-2018-12359)

  - A use-after-free vulnerability can occur when deleting an <code>input</code> element during a mutation     event handler triggered by focusing that element. This results in a potentially exploitable crash.
    (CVE-2018-12360)

  - An integer overflow can occur in the <code>SwizzleData</code> code while calculating buffer sizes. The     overflowed value is used for subsequent graphics computations when their inputs are not sanitized which     results in a potentially exploitable crash. (CVE-2018-12361)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 85.0.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2021-06 advisory.

  - In the Angle graphics library, depth pitch computations did not take into account the block size and     simply multiplied the row pitch with the pixel height.  This caused the load functions to use a very high     depth pitch, reading past the end of the user-supplied buffer. Note: This issue only affected Windows     operating systems. Other operating systems are unaffected. (CVE-2020-16048)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.1.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2017-14 advisory.

  - A use-after-free can occur during Buffer11 API calls within the ANGLE graphics library, used for WebGL     content. This can lead to a potentially exploitable crash.  Note: This issue is in <code>libGLES</code>,     which is only in use on Windows. Other operating systems are not affected. (CVE-2017-5031)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 61.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-15 advisory.

  - Mozilla developers and community members Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer,     David Major, Jon Coppeard, Nicolas B. Pierron, Jason Kratzer, Marcia Knous, and Ronald Crane reported     memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed     evidence of memory corruption and we presume that with enough effort that some of these could be exploited     to run arbitrary code. (CVE-2018-5188)

  - Windows 10 does not warn users before opening executable files with the <code>SettingContent-ms</code>     extension even when they have been downloaded from the internet and have the Mark of the Web. Without     the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. This     also allows a WebExtension with the limited <code>downloads.open</code> permission to execute arbitrary     code without user interaction on Windows 10 systems  Note: this issue only affects Windows operating     systems. Other operating systems are unaffected. (CVE-2018-12368)

  - A buffer overflow can occur when rendering canvas content while adjusting the height and width of the     <code><canvas></code> element dynamically, causing data to be written outside of the currently     computed boundaries. This results in a potentially exploitable crash. (CVE-2018-12359)

  - A use-after-free vulnerability can occur when deleting an <code>input</code> element during a mutation     event handler triggered by focusing that element. This results in a potentially exploitable crash.
    (CVE-2018-12360)

  - An integer overflow can occur in the <code>SwizzleData</code> code while calculating buffer sizes. The     overflowed value is used for subsequent graphics computations when their inputs are not sanitized which     results in a potentially exploitable crash. (CVE-2018-12361)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 59.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-06 advisory.

  - A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during     editor operations. This results in a potentially exploitable crash. (CVE-2018-5128)

  - A buffer overflow can occur when manipulating the SVG <code>animatedPathSegList</code> through script.
    This results in a potentially exploitable crash. (CVE-2018-5127)

  - A lack of parameter validation on IPC messages results in a potential out-of-bounds write through     malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the     parent process. (CVE-2018-5129)

  - When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a     potentially exploitable crash is triggered. (CVE-2018-5130)

  - Under certain circumstances the <code>fetch()</code> API can return transient local copies of resources     that were sent with a <code>no-store</code> or <code>no-cache</code> cache header instead of downloading a     copy from the network as it should. This can result in previously stored, locally cached data of a website     being accessible to users if they share a common profile while browsing. (CVE-2018-5131)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 57.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-24 advisory.

  - Mozilla developers and community members Boris Zbarsky, Carsten Book, Christian Holler, Byron Campen, Jan     de Mooij, Jason Kratzer, Jesse Schwartzentruber, Marcia Knous, Randell Jesup, Tyson Smith, and Ting-Yu     Chou reported memory safety bugs present in Firefox 56. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort that some of these could be exploited to run arbitrary     code. (CVE-2017-7827)

  - A use-after-free vulnerability can occur when flushing and resizing layout because the     <code>PressShell</code> object has been freed while still in use. This results in a potentially     exploitable crash during these operations. (CVE-2017-7828)

  - The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin     policy violation and could allow for data theft of URLs loaded by users. (CVE-2017-7830)

  - A vulnerability where the security wrapper does not deny access to some exposed properties using the     deprecated <code>exposedProps</code> mechanism on proxy objects. These properties should be explicitly     unavailable to proxy objects. (CVE-2017-7831)

  - The combined, single character, version of the letter 'i' with any of the potential accents in unicode,     such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the     same accent as a second character with most font sets. This allows for domain spoofing attacks because     these combined domain names do not display as punycode. (CVE-2017-7832)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 57.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2017-29 advisory.

  - A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics     library, used for WebGL content. This is due to an incorrect value being passed within the library during     checks and results in a potentially exploitable crash.  Note: This attack only affects Windows operating     systems. Other operating systems are unaffected. (CVE-2017-7845)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-27 advisory.

  - During the worker lifecycle, a use-after-free condition could have occured, which could have led to a     potentially exploitable crash. (CVE-2023-3600)

  - Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could     be incorrectly shown as being a document file, while in  fact it was an executable file. Newer versions of     Thunderbird will strip the character and show the correct file extension. (CVE-2023-3417)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.5.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-28 advisory.

  - A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics     library, used for WebGL content. This is due to an incorrect value being passed within the library during     checks and results in a potentially exploitable crash.  Note: This attack only affects Windows operating     systems. Other operating systems are unaffected. (CVE-2017-7845)

  - When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB     and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this     stored data will persist across multiple private browsing mode sessions because it is not cleared when     exiting. (CVE-2017-7843)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 45.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-02 advisory.

  - A use-after-free vulnerability in the Media Decoder when working with media files when some events are     fired after the media elements are freed from memory. (CVE-2017-5396)

  - JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory     corruption attacks. (CVE-2017-5375)

  - Use-after-free while manipulating XSL in XSLT documents (CVE-2017-5376)

  - Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an     objects address can be discovered through hash codes, and also allows for data leakage of an objects     content using these hash codes. (CVE-2017-5378)

  - A potential use-after-free found through fuzzing during DOM manipulation of SVG content. (CVE-2017-5380)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-12 advisory.

  - Fixed potential buffer overflows in generated Firefox code due to     [CVE-2016-6354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354) issue in Flex.
    (CVE-2017-5469)

  - A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in     an array are dropped from the animation controller while still in use. This results in a potentially     exploitable crash. (CVE-2017-5433)

  - A use-after-free vulnerability occurs during transaction processing in the editor during design mode     interactions. This results in a potentially exploitable crash. (CVE-2017-5435)

  - An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This     results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as     Mozilla products. (CVE-2017-5436)

  - An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due     to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The     NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated     with NSS version 3.28.4. (CVE-2017-5461)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-26 advisory.

  - Mozilla developers and community members Christian Holler, David Keeler, Jon Coppeard, Julien Cristau, Jan     de Mooij, Jason Kratzer, Philipp, Nicholas Nethercote, Oriol Brufau, Andr Bargull, Bob Clary, Jet     Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and Ryan VanderMeulen reported memory safety bugs     present in Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort that some of these could be exploited to run     arbitrary code. (CVE-2017-7826)

  - A use-after-free vulnerability can occur when flushing and resizing layout because the     <code>PressShell</code> object has been freed while still in use. This results in a potentially     exploitable crash during these operations. (CVE-2017-7828)

  - The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin     policy violation and could allow for data theft of URLs loaded by users. (CVE-2017-7830)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-44 advisory.

  - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in     a potential use-after-free. This occurs because the function     <code>APZCTreeManager::ComputeClippedCompositionBounds</code> did not follow iterator invalidation rules.
    (CVE-2020-15678)

  - By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site     displayed in the download file dialog to show the original site (the one suffering from the open redirect)     rather than the site the file was actually downloaded from. (CVE-2020-15677)

  - Thunderbird sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove,     resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable     element. (CVE-2020-15676)

  - Mozilla developer Jason Kratzer reported memory safety bugs present in Thunderbird 78.2. Some of these     bugs showed evidence of memory corruption and we presume that with enough effort some of these could have     been exploited to run arbitrary code. (CVE-2020-15673)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-85 advisory.

  - Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2025-11715)

  - A compromised web process using malicious IPC messages could have caused the privileged browser process to     reveal blocks of its memory to the compromised process. (CVE-2025-11710)

  - Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)

  - A compromised web process was able to trigger out of bounds reads and writes in a more privileged process     using manipulated WebGL textures. (CVE-2025-11709)

  - There was a way to change the value of JavaScript Object properties that were supposed to be non-     writeable. (CVE-2025-11711)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-10 advisory.

  - Mozilla developers Byron Campen, Jason Kratzer, and Christian Holler reported memory safety bugs present     in Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. (CVE-2020-6814)

  - When removing data about an origin whose tab was recently closed, a use-after-free could occur in the     Quota manager, resulting in a potentially exploitable crash. (CVE-2020-6805)

  - By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of     an array resized during script execution. This could have led to memory corruption and a potentially     exploitable crash. (CVE-2020-6806)

  - When a device was changed while a stream was about to be destroyed, the <code>stream-reinit</code> task     may have been executed after the stream was destroyed, causing a use-after-free and a potentially     exploitable crash. (CVE-2020-6807)

  - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request,     which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command     into a terminal, it could have resulted in command injection and arbitrary command execution.
    (CVE-2020-6811)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 60.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2018-14 advisory.

  - A heap buffer overflow can occur in the Skia library when rasterizing paths using a maliciously crafted     SVG file with anti-aliasing turned off. This results in a potentially exploitable crash. (CVE-2018-6126)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 52.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-23 advisory.

  - Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom     Ritter, Tyson Smith, and Sebastian Hengst reported memory safety bugs present in Firefox 55, Firefox ESR     52.3, and Thunderbird 52.3. Some of these bugs showed evidence of memory corruption and we presume that     with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-7810)

  - A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for     WebGL content. This is due to an incorrect value being passed within the library during checks and results     in a potentially exploitable crash. (CVE-2017-7824)

  - A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are     freed when still in use, resulting in a potentially exploitable crash. (CVE-2017-7793)

  - A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications     (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash.
    (CVE-2017-7818)

  - A use-after-free vulnerability can occur in design mode when image objects are resized if objects     referenced during the resizing have been freed from memory. This results in a potentially exploitable     crash. (CVE-2017-7819)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 68.10.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-27 advisory.

  - A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a     remote webpage, leading to sensitive data disclosure, including cookies for other origins.
    (CVE-2020-15647)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-19 advisory.

  - Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight,     Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp,     Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox     ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort     that some of these could be exploited to run arbitrary code. (CVE-2017-7779)

  - A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree     traversal while still bound to the document. This results in a potentially exploitable crash.
    (CVE-2017-7809)

  - The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the     web page source code. In the worst case, this could allow arbitrary code execution when opening a     malicious page with the style editor tool. (CVE-2017-7798)

  - A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed     before the disconnection operation is finished. This results in an exploitable crash. (CVE-2017-7800)

  - A use-after-free vulnerability can occur while re-computing layout for a <code>marquee</code> element     during window resizing where the updated style object is freed while still in use. This results in a     potentially exploitable crash. (CVE-2017-7801)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-24 advisory.

  - A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments     that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the     calling function which can be used as part of an exploit inside the sandboxed content process.
    (CVE-2018-12387)

  - A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary     read and write. This leads to remote code execution inside the sandboxed content process when triggered.
    (CVE-2018-12386)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 62.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-20 advisory.

  - A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by     JavaScript code that is providing payload values to be stored. This results in a potentially exploitable     crash. (CVE-2018-12378)

  - A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances     during shutdown when the timer is deleted while still in use. This results in a potentially exploitable     crash. (CVE-2018-12377)

  - A same-origin policy violation allowing the theft of cross-origin URL entries when using a     <code><meta> meta http-equiv=refresh</code> on a page to cause a redirection to another site using     <code>performance.getEntries()</code>. This is a same-origin policy violation and could allow for data     theft. (CVE-2018-18499)

  - When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-     bounds write can be triggered, leading to a potentially exploitable crash. This requires running the     Mozilla Updater manually on the local system with the malicious MAR file in order to occur.
    (CVE-2018-12379)

  - Browser proxy settings can be bypassed by using the automount feature with autofs to create a mount point     on the local file system. Content can be loaded from this mounted file system directly using a     <code>file:</code> URI, bypassing configured proxy settings.  Note: this issue only affects OS X in     default configurations. On Linux systems, autofs must be installed for the vulnerability to occur and     Windows is not affected. (CVE-2017-16541)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 58.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-02 advisory.

  - Mozilla developers and community members Calixte Denizet, Christian Holler, Alex Gaynor, Yoshi Huang, Bob     Clary, Nils Ohlmeier, Jason Kratzer, Jesse Ruderman, Philipp, Mike Taylor, Marcia Knous, Paul Adenot,     Randell Jesup, JW Wang, Tyson Smith, Emilio Cobos lvarez, Ted Campbell, Stephen Fewer, Tristan Bourvon,     and Jet Villegas reported memory safety bugs present in Firefox 57. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort that some of these could be exploited to run     arbitrary code. (CVE-2018-5090)

  - A potential integer overflow in the <code>DoCrypt</code> function of WebCrypto was identified. If a means     was found of exploiting it, it could result in an out-of-bounds write. (CVE-2018-5122)

  - A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers.
    This results in a potentially exploitable crash. (CVE-2018-5091)

  - A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely     instead of from memory in the main thread while cancelling fetch operations. (CVE-2018-5092)

  - A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a     potentially exploitable crash. (CVE-2018-5093)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 51.0.3. It is, therefore, affected by a vulnerability as referenced in the mfsa2017-04 advisory.

  - The cache directory on the local file system is set to be world writable. Firefox defaults to extracting     libraries from this cache. This allows for the possibility of an installed malicious application or tools     with write access to the file system to replace files used by Firefox with their own versions.
    (CVE-2017-5397)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-41 advisory.

  - Mozilla developers Tyson Smith, Christian Holler, and Gabriele Svelto reported memory safety bugs present     in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with     enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-38495)

  - When delegating navigations to the operating system, Thunderbird would accept the `mk` scheme which might     allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode.  This bug     only affects Thunderbird for Windows. Other operating systems are unaffected. (CVE-2021-38492)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 56.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-21 advisory.

  - Mozilla developers and community members Christian Holler, Jason Kratzer, Tobias Schneider, Tyson Smith,     David Keeler, Nicolas B. Pierron, Mike Hommey, Ronald Crane, Tooru Fujisawa, and Philipp reported memory     safety bugs present in Firefox 55. Some of these bugs showed evidence of memory corruption and we presume     that with enough effort that some of these could be exploited to run arbitrary code. (CVE-2017-7811)

  - A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for     WebGL content. This is due to an incorrect value being passed within the library during checks and results     in a potentially exploitable crash. (CVE-2017-7824)

  - A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are     freed when still in use, resulting in a potentially exploitable crash. (CVE-2017-7793)

  - A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification,     allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually     loaded and in use.  Note: This attack only affects Firefox for Android. Other operating systems are not     affected. (CVE-2017-7817)

  - A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications     (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash.
    (CVE-2017-7818)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Severity
275700	Mozilla Firefox < 62.0.2	high
275699	Mozilla Thunderbird < 52.2	critical
275697	Mozilla Firefox ESR < 60.2	critical
275696	Mozilla Firefox < 57.0.1	high
275695	Mozilla Thunderbird < 52.0	critical
275694	Mozilla Firefox < 60.0	critical
275692	Mozilla Firefox < 58.0.1	medium
275691	Mozilla Firefox < 51.0	critical
275690	Mozilla Firefox ESR < 52.7	critical
275689	Mozilla Firefox ESR < 52.6	critical
275688	Mozilla Thunderbird < 52.6	critical
275687	Mozilla Thunderbird < 60.4	critical
275685	Mozilla Firefox < 52.0.1	critical
275684	Mozilla Firefox ESR < 60.0.2	high
275682	Mozilla Thunderbird < 52.5.2	high
275681	Mozilla Firefox ESR < 45.9	critical
275679	Mozilla Thunderbird < 78.8.1	high
275677	Mozilla Firefox ESR < 60.2.1	high
275673	Mozilla Firefox ESR < 78.7.1	medium
275672	Mozilla Firefox < 53.0.2	high
275671	Mozilla Firefox < 53.0	critical
275670	Mozilla Thunderbird < 45.8	critical
275669	Mozilla Firefox ESR < 52.2	critical
275667	Mozilla Firefox ESR < 52.4	critical
275665	Mozilla Thunderbird < 45.7	critical
275664	Mozilla Firefox ESR < 60.1	critical
275663	Mozilla Firefox < 85.0.1	medium
275662	Mozilla Firefox ESR < 52.1.1	high
275661	Mozilla Firefox < 61.0	critical
275660	Mozilla Firefox < 59.0	critical
275659	Mozilla Firefox < 57.0	critical
275658	Mozilla Firefox < 57.0.2	high
275656	Mozilla Thunderbird < 115.0.1	high
275655	Mozilla Firefox ESR < 52.5.2	high
275654	Mozilla Firefox ESR < 45.7	critical
275653	Mozilla Firefox ESR < 52.1	critical
275652	Mozilla Thunderbird < 52.5	critical
275651	Mozilla Thunderbird < 78.3	high
275650	Mozilla Thunderbird < 140.4	critical
275648	Mozilla Thunderbird < 68.6	critical
275647	Mozilla Firefox < 60.0.2	high
275644	Mozilla Thunderbird < 52.4	critical
275643	Mozilla Firefox < 68.10.1	high
275642	Mozilla Firefox ESR < 52.3	critical
275641	Mozilla Firefox ESR < 60.2.2	critical
275640	Mozilla Firefox < 62.0	critical
275639	Mozilla Firefox < 58.0	critical
275637	Mozilla Firefox < 51.0.3	critical
275636	Mozilla Thunderbird < 91.1	high
275634	Mozilla Firefox < 56.0	critical

Detections

Analytics

MacOS X Local Security Checks Family for Nessus

high

critical

critical

high

critical

critical

medium

critical

critical

critical

critical

critical

critical

high

high

critical

high

high

medium

high

critical

critical

critical

critical

critical

critical

medium

high

critical

critical

critical

high

high

high

critical

critical

critical

high

critical

critical

high

critical

high

critical

critical

critical

critical

critical

high

critical