Firefox < 28.0 Multiple Vulnerabilities (Mac OS X)

high Nessus Plugin ID 73096

Synopsis

The remote Mac OS X host contains a web browser that is potentially affected by multiple vulnerabilities.

Description

The installed version of Firefox is a version prior to version 28.0.
It is, therefore, potentially affected by multiple vulnerabilities :

- Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1493, CVE-2014-1494)

- An issue exists where extracted files for updates are not read-only while updating. An attacker may be able to modify these extracted files resulting in privilege escalation. (CVE-2014-1496)

- An out-of-bounds read error exists when decoding WAV format audio files that could lead to a denial of service attack or information disclosure.
(CVE-2014-1497)

- An issue exists in the 'crypto.generateCRFMRequest' method due to improper validation of the KeyParams argument when generating 'ec-dual-use' requests. This could lead to a denial of service attack.
(CVE-2014-1498)

- An issue exists that could allow for spoofing attacks to occur during a WebRTC session. Exploitation of this issue could allow an attacker to gain access to the user's webcam or microphone. (CVE-2014-1499)

- An issue exists with JavaScript 'onbeforeunload' events that could lead to denial of service attacks.
(CVE-2014-1500)

- An issue exists where WebGL context from one website can be injected into the WebGL context of another website, which could result in arbitrary content being rendered from the second website. (CVE-2014-1502)

- A cross-site scripting issue exists due to the Content Security Policy (CSP) of 'data:' documents not being saved for a session restore. Under certain circumstances, an attacker may be able to evade the CSP of a remote website resulting in a cross-scripting attack. (CVE-2014-1504)

- An out-of-bounds read error exists when polygons are rendered in 'MathML' that could lead to information disclosure. (CVE-2014-1508)

- A memory corruption issue exists in the Cairo graphics library when rendering a PDF file that could lead to arbitrary code execution or a denial of service attack.
(CVE-2014-1509)

- An issue exists in the SVG filters and the feDisplacementMap element that could lead to information disclosure via timing attacks.
(CVE-2014-1505)

- An issue exists that could allow malicious websites to load chrome-privileged pages when JavaScript implemented WebIDL calls the 'window.open()' function, which may result in arbitrary code execution.
(CVE-2014-1510)

- An issue exists that could allow a malicious website to bypass the pop-up blocker. (CVE-2014-1511)

- A use-after-free memory issue exists in 'TypeObjects' in the JavaScript engine during Garbage Collection that could lead to arbitrary code execution.
(CVE-2014-1512)

- An out-of-bounds write error exists due to 'TypedArrayObject' improperly handling 'ArrayBuffer' objects that could result in arbitrary code execution.
(CVE-2014-1513)

- An out-of-bounds write error exists when copying values from one array to another that could result in arbitrary code execution. (CVE-2014-1514)

Solution

Upgrade to Firefox 28.0 or later.

See Also

http://www.securityfocus.com/archive/1/531617/30/0/threaded

https://www.mozilla.org/en-US/security/advisories/mfsa2014-15/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-16/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-17/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-18/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-19/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-20/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-22/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-23/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-27/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-28/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-29/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-30/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-31/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-32/

Plugin Details

Severity: High

ID: 73096

File Name: macosx_firefox_28.nasl

Version: 1.17

Type: local

Agent: macosx

Published: 3/19/2014

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Required KB Items: MacOSX/Firefox/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/18/2014

Vulnerability Publication Date: 3/18/2014

Exploitable With

Metasploit (Firefox WebIDL Privileged Javascript Injection)

Reference Information

CVE: CVE-2014-1493, CVE-2014-1494, CVE-2014-1496, CVE-2014-1497, CVE-2014-1498, CVE-2014-1499, CVE-2014-1500, CVE-2014-1502, CVE-2014-1504, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514

BID: 66203, 66206, 66207, 66209, 66240, 66412, 66416, 66417, 66418, 66419, 66421, 66422, 66423, 66425, 66426, 66428, 66429

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990