Detections
Analytics
Firefox ESR < 17.0.10 Multiple Vulnerabilities
critical Nessus Plugin ID 70714
Language:
Synopsis
The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities.Description
The installed version of Firefox ESR is earlier than 17.0.10, and is, therefore, potentially affected by the following vulnerabilities :- The implementation of Network Security Services (NSS) does not ensure that data structures are initialized, which could result in a denial of service or disclosure of sensitive information. (2013-1739)
- Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592)
- Memory issues exist in the JavaScript engine that could result in a denial of service or arbitrary code execution. (CVE-2013-5595, CVE-2013-5602)
- Multiple use-after-free vulnerabilities exist that could result in a denial of service or arbitrary code execution. (CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601)
- A stack-based buffer overflow in txXPathNodeUtils::getBaseURI is possible due to uninitialized data during XSLT processing.
(CVE-2013-5604)
Solution
Upgrade to Firefox ESR 17.0.10 or later.See Also
https://www.mozilla.org/en-US/security/advisories/mfsa2013-93/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-95/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-96/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-98/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-100/
https://www.mozilla.org/en-US/security/advisories/mfsa2013-101/
Plugin Details
Severity: Critical
ID: 70714
File Name: mozilla_firefox_17010_esr.nasl
Version: 1.9
Type: local
Agent: windows
Family: Windows
Published: 10/31/2013
Updated: 11/27/2019
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2013-5602
Vulnerability Information
CPE: cpe:/a:mozilla:firefox_esr
Required KB Items: Mozilla/Firefox/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 10/29/2013
Vulnerability Publication Date: 10/29/2013
Reference Information
CVE: CVE-2013-1739, CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604
BID: 62966, 63405, 63415, 63417, 63418, 63421, 63422, 63423, 63424, 63427, 63428, 63430