Mozilla Firefox < 25.0 / Firefox ESR < 24.1/17.0.10 Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 8044


The remote host has a web browser installed that is vulnerable to multiple attack vectors.


Versions of Mozilla Firefox earlier than 25.0 (or ESR versions earlier than 24.1 and 17.0.10) are affected by the following vulnerabilities :

- Miscellaneous use-after-free issues in the browsing engine (CVE-2013-5599, CVE-2013-5600, CVE-2013-5601)
- Memory corruption in the Javascript engine when using workers with direct proxy (CVE-2013-5602)
- Use-after-free issues when interacting with HTML templates (CVE-2013-5603)
- Security bypass via iframe injection using PDF.js (CVE-2013-5598)
- Miscellaneous memory safety issues in the browser engine (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-1739)
- Address spoofing in the addressbar via SELECT element, which can lead to clickjacking and other spoof attacks (CVE-2013-5593)
- Access violation due to uninitialized data in XSLT processing (CVE-2013-5604)
- Potential buffer/memory overflows in the Javascript engine (CVE-2013-5595)
- Race condition causing a crash on extremely large pages (CVE-2013-5596)
- A use-after-free issue during state change events when updating the offline cache (CVE-2013-5597)


Upgrade to Firefox 25.0 (or Firefox ESR versions 24.1 / 17.0.10, as appropriate), or later.

See Also

Plugin Details

Severity: Critical

ID: 8044

Family: Web Clients

Published: 2013/10/31

Updated: 2019/03/06

Dependencies: 9131

Nessus ID: 70702

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Patch Publication Date: 2012/10/29

Vulnerability Publication Date: 2012/10/29

Reference Information

CVE: CVE-2013-1739, CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5593, CVE-2013-5595, CVE-2013-5596, CVE-2013-5597, CVE-2013-5598, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5603, CVE-2013-5604

BID: 62966, 63405, 63415, 63416, 63417, 63418, 63419, 63420, 63421, 63422, 63423, 63424, 63427, 63428, 63429, 63430

IAVA: 2016-A-0293