Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox < 32.0 / Firefox ESR < 24.8 Multiple Vulnerabilities

Medium

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 32.0 (or ESR version 24.8 or 31.1) are unpatched for the following vulnerabilities :

- Use-after-free vulnerabilities -- when setting text direction, and when interacting with SVG content through the DOM -- which can be leveraged for arbitrary code execution (CVE-2014-1567, CVE-2014-1563) - Out-of-bounds read in the Web Audio audio timeline that can trigger a crash and potentially disclose memory content (CVE-2014-1565) - Incomplete memory initialization when rendering a malformed GIF image could expose that memory to scripts via web content using the '<canvas>' feature, resulting in information disclosure (CVE-2014-1564) - Other undisclosed memory issues that have since been patched (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562)

Solution

Upgrade to Firefox 32.0 (or Firefox ESR versions 24.8 or 31.1, as appropriate), or later.