Mozilla Firefox ESR < 24.1 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 701256


The remote host has a web browser installed that is vulnerable to multiple attack vectors.


Versions of Mozilla Firefox ESR versions earlier than 24.1 are affected by the following vulnerabilities :

- Miscellaneous use-after-free issues in the browsing engine (CVE-2013-5599, CVE-2013-5600, CVE-2013-5601)
- Memory corruption in the Javascript engine when using workers with direct proxy (CVE-2013-5602)
- Use-after-free issues when interacting with HTML templates (CVE-2013-5603)
- Security bypass via iframe injection using PDF.js (CVE-2013-5598)
- Miscellaneous memory safety issues in the browser engine (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-1739)
- Address spoofing in the addressbar via SELECT element, which can lead to clickjacking and other spoof attacks (CVE-2013-5593)
- Access violation due to uninitialized data in XSLT processing (CVE-2013-5604)
- Potential buffer/memory overflows in the Javascript engine (CVE-2013-5595)
- Race condition causing a crash on extremely large pages (CVE-2013-5596)
- A use-after-free issue during state change events when updating the offline cache (CVE-2013-5597)


Upgrade to Firefox ESR versions 24.1, or later.

See Also

Plugin Details

Severity: Critical

ID: 701256

Family: Web Clients

Published: 2019/11/06

Updated: 2019/11/06

Dependencies: 9131

Nessus ID: 70702

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox_esr

Patch Publication Date: 2012/10/29

Vulnerability Publication Date: 2012/10/29

Reference Information

CVE: CVE-2013-1739, CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604

BID: 62966, 63405, 63415, 63416, 63417, 63418, 63419, 63420, 63421, 63422, 63423, 63424, 63427, 63428, 63429, 63430

IAVA: 2016-A-0293