Mozilla Firefox < 30.0 / Firefox ESR < 24.6 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 8290

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 30.0 (or ESR version 24.6) are unpatched against the following vulnerabilities :

- Buffer overflows due to insufficient input validation in Gamepad API and Web Audio Speex resampler, which can be leveraged to execute arbitrary code or cause denial of service conditions (CVE-2014-1543, CVE-2014-1542)
- Use-after-free errors in SMIL Animation Controller, Event Listener Manager, and various other locations, which may be triggered via web content to cause a potentially exploitable crash (CVE-2014-1540, CVE-2014-1539, CVE-2014-1538; on non-ESR Firefox only: CVE-2014-1536, CVE-2014-1537)
- Clickjacking through cursor invisibility when the cursor leaves the embedded flash object (OS X platform only) (CVE-2014-1539)
- Miscellaneous memory safety hazards (CVE-2014-1533, CVE-2014-1534)

Solution

Upgrade to Firefox 30.0 (or Firefox ESR versions 24.6, as appropriate), or later.

Mozilla Firefox < 30.0 / Firefox ESR < 24.6 Multiple Vulnerabilities

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSSv2

CVSSv3

Vulnerability Information

Reference Information