Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox < 19.0 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Firefox prior to 19.0 are potentially affected by the following security issues :

- Numerous memory safety errors exist. (CVE-2013-0783, CVE-2013-0784) - An out-of-bounds read error exists related to the handling of GIF images. (CVE-2013-0772) - An error exists related to 'WebIDL' object wrapping that has an unspecified impact. (CVE-2013-0765) - An error exists related to Chrome Object Wrappers (COW) or System Only Wrappers (SOW) that could allow security bypass. (CVE-2013-0773) - The file system location of the active browser profile could be disclosed and used in further attacks. (CVE-2013-0774) - A use-after-free error exists in the function 'nsImageLoadingContent'. (CVE-2013-0775) - Spoofing HTTPS URLs is possible due to an error related to proxy '407' responses and embedded script code. (CVE-2013-0776) - A heap-based use-after-free error exists in the function 'nsDisplayBoxShadowOuter::Paint'. (CVE-2013-0777) - An out-of-bounds read error exists in the function 'ClusterIterator::NextCluster'. (CVE-2013-0778) - An out-of-bounds read error exists in the function 'nsCodingStateMachine::NextState'. (CVE-2013-0779) - A heap-based use-after-free error exists in the function 'nsOverflowContinuationTracker::Finish'. (CVE-2013-0780) - A heap-based use-after-free error exists in the function 'nsPrintEngine::CommonPrint'. (CVE-2013-0781) - A heap-based buffer overflow error exists in the function 'nsSaveAsCharset::DoCharsetConversion'. (CVE-2013-0782)

Solution

Upgrade to Firefox 19.0 or later.