Detections
Analytics
Firefox ESR 17.x < 17.0.6 Multiple Vulnerabilities
critical Nessus Plugin ID 66479
Language:
Synopsis
The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities.Description
The installed version of Firefox ESR 17.x is earlier than 17.0.6, and is, therefore, potentially affected by the following vulnerabilities :- Various memory safety issues exist. (CVE-2013-0801)
- It is possible to call a content level constructor that allows for the constructor to have chrome privileged access. (CVE-2013-1670)
- A local privilege escalation issues exists in the Mozilla Maintenance Service. (CVE-2013-1672)
- A use-after-free vulnerability exists when resizing video while playing. (CVE-2013-1674)
- Some 'DOMSVGZoomEvent' functions are used without being properly initialized, which could lead to information disclosure. (CVE-2013-1675)
- Multiple memory corruption issues exist. (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681)
Solution
Upgrade to Firefox 17.0.6 ESR or later.See Also
https://www.mozilla.org/en-US/security/advisories/mfsa2013-41/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-42/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-44/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-46/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-47/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-48/
Plugin Details
Severity: Critical
ID: 66479
File Name: mozilla_firefox_1706_esr.nasl
Version: 1.15
Type: local
Agent: windows
Family: Windows
Published: 5/16/2013
Updated: 4/25/2023
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2013-1681
Vulnerability Information
CPE: cpe:/a:mozilla:firefox_esr
Required KB Items: Mozilla/Firefox/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/14/2013
Vulnerability Publication Date: 5/14/2013
CISA Known Exploited Vulnerability Due Dates: 3/24/2022
Reference Information
CVE: CVE-2013-0801, CVE-2013-1670, CVE-2013-1672, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681
BID: 59855, 59858, 59859, 59860, 59861, 59862, 59863, 59864, 59865, 59868, 59872