Mozilla Firefox < 24.0 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 8010

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than version 24.0 are prone to the following vulnerabilities :

- use-after-free vulnerability in the Garbage Collector could allow a remote attacker to execute arbitrary code in the context of the user. (CVE-2013-1738)
- user-defined getters on DOM proxies would incorrectly get the expando object when accessing the "this" object, which may not be directly exploitable but could lead to incorrect security sensitive decisions. (CVE-2013-1737)
- Combining lists, floats, and multiple columns in a layout could trigger a potentially exploitable buffer overflow. (CVE-2013-1732)
- Compartment mismatch when moving XBL-backed nodes into a new document can lead cause a crash (CVE-2013-1730)
- flaw in the NVIDIA OS X graphic drivers would allow portions of a user's desktop or other visible applications to be incorporated into WebGL canvases, leading to potential information disclosure (CVE-2013-1729)
- uninitialized data and variables in the IonMonkey Javascript engine can be used with additional exploits to allow access to previously allocated memory (CVE-2013-1728)
- Same-origin bypass through symbolic links can allow for cross-site scripting and access to locally stored Firefox containing sensitive user data (CVE-2013-1727)
- the MAR update file is not write-locked when used by the Mozilla Updater, which can allow the altering of the MAR file content after its signature has been checked but before it has been used. (CVE-2013-1726)
- Calling scope for new Javascript objects with compartments can lead to memory corruption (CVE-2013-1725)
- A use-after-free vulnerability via the &lt;select&gt; element could lead to a potentially exploitable crash (CVE-2013-1724)
- the NativeKey widget continues handling key messages even when it is destroyed by dispatched event listeners, which can lead to an unexploitable crash (CVE-2013-1723)
- Use-after-free in Animation Manager during stylesheet cloning can lead to a potentially exploitable crash (CVE-2013-1722)
- An integer overflow in the Almost Native Graphics Layer Engine (ANGLE) can lead to a potentially exploitable crash (CVE-2013-1721)
- Incorrectly stored stack information in the HTML5 Tree Builder can lead to code execution (CVE-2013-1720) - Various memory corruption vulnerabilities (CVE-2013-1735, CVE-2013-1736, CVE-2013-1718, CVE-2013-1719)

Solution

Upgrade to Firefox 24.0 or later.

See Also

http://www.mozilla.org/security/announce/2013/mfsa2013-76.html

http://www.mozilla.org/security/announce/2013/mfsa2013-77.html

http://www.mozilla.org/security/announce/2013/mfsa2013-78.html

http://www.mozilla.org/security/announce/2013/mfsa2013-79.html

http://www.mozilla.org/security/announce/2013/mfsa2013-80.html

http://www.mozilla.org/security/announce/2013/mfsa2013-81.html

http://www.mozilla.org/security/announce/2013/mfsa2013-82.html

http://www.mozilla.org/security/announce/2013/mfsa2013-83.html

http://www.mozilla.org/security/announce/2013/mfsa2013-85.html

http://www.mozilla.org/security/announce/2013/mfsa2013-86.html

http://www.mozilla.org/security/announce/2013/mfsa2013-87.html

http://www.mozilla.org/security/announce/2013/mfsa2013-88.html

http://www.mozilla.org/security/announce/2013/mfsa2013-89.html

http://www.mozilla.org/security/announce/2013/mfsa2013-90.html

http://www.mozilla.org/security/announce/2013/mfsa2013-91.html

http://www.mozilla.org/security/announce/2013/mfsa2013-92.html

Plugin Details

Severity: High

ID: 8010

Family: Web Clients

Published: 2013/09/18

Modified: 2016/11/23

Dependencies: 9131

Nessus ID: 69941

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 7

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Patch Publication Date: 2012/09/17

Vulnerability Publication Date: 2012/09/17

Reference Information

CVE: CVE-2013-1738, CVE-2013-1737, CVE-2013-1735, CVE-2013-1736, CVE-2013-1732, CVE-2013-1730, CVE-2013-1731, CVE-2013-1729, CVE-2013-1728, CVE-2013-1726, CVE-2013-1725, CVE-2013-1724, CVE-2013-1723, CVE-2013-1722, CVE-2013-1721, CVE-2013-1720, CVE-2013-1718, CVE-2013-1719

BID: 62466, 62475, 62479, 62478, 62469, 62473, 62474, 62468, 62482, 62467, 62464, 62472, 62460, 62470, 62465, 62462, 62463