Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox < 34.0 / Firefox ESR < 31.3 Multiple Vulnerabilities

Medium

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 34.0 (or ESR version 31.3) are unpatched for the following vulnerabilities :

- Security Bypass that can be leveraged when processing specially crafted Chrome-based CSS stylesheets with improperly declared namespaces. (CVE-2014-1589) - Information Disclosure due to the way Content Security Policy leaks data through violation reports. (CVE-2014-1591) - Multiple Unspecified Memory Corruption Vulnerabilities. (CVE-2014-1587)(CVE-2014-1588) - Multiple Local Information Disclosure Vulnerabilities requiring interactive access to exploit. (CVE-2014-1595) - Security Vulnerability due to bad casting from 'BasicThebesLayer' to 'BasicContainerLayer'. (CVE-2014-1594) - Denial of Service Vulnerability can occur when passing a js object to 'XMLHttpRequest' that mimics an input stream. (CVE-2014-1590) - Use After Free Memory Corruption Vulnerability when creating a second root element during the parsing of an HTML5 document which contains 'document.open()'. (CVE-2014-1592) - Buffer Overflow Vulnerability when handling specially crafted media content. (CVE-2014-1593) - A flaw exists and is triggered as 'XrayWrappers' filter objects are not properly validated when stored in the program. This may allow a context-dependent attacker to bypass security protection mechanisms. (CVE-2014-8632)

Solution

Upgrade to Firefox 34.0 (or Firefox ESR version 31.3, as appropriate), or later.