Firefox < 29.0 Multiple Vulnerabilities

critical Nessus Plugin ID 73769

Synopsis

The remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities.

Description

The installed version of Firefox is a version prior to 29.0 and is, therefore, potentially affected by the following vulnerabilities :

- An issue exists in the Network Security (NSS) library due to improper handling of IDNA domain prefixes for wildcard certificates. This issue could allow man-in- the-middle attacks. (CVE-2014-1492)

- Memory issues exist that could lead to arbitrary code execution. (CVE-2014-1518, CVE-2014-1519)

- An issue exists related to the 'Mozilla Maintenance Service' that could lead to privilege escalation due to the creation of a writeable temporary directory during the update process. (CVE-2014-1520)

- An out-of-bounds read issue exists in the Web Audio feature that could lead to information disclosure.
(CVE-2014-1522)

- An out-of-bounds read issue exists when decoding certain JPG images that could lead to a denial of service. (CVE-2014-1523)

- A memory corruption issue exists due to improper validation of XBL objects that could lead to arbitrary code execution. (CVE-2014-1524)

- A use-after-free memory issue exists in the Text Track Manager during HTML video processing that could lead to arbitrary code execution. (CVE-2014-1525)

- An issue exists related to the debugger bypassing XrayWrappers that could lead to privilege escalation.
(CVE-2014-1526)

- An out-of-bounds write issue exists in the Cairo graphics library that could lead to arbitrary code execution. Note that this issue only affects Firefox 28 and SeaMonkey 2.25. (CVE-2014-1528)

- A security bypass issue exists in the Web Notification API that could lead to arbitrary code execution.
(CVE-2014-1529)

- A cross-site scripting issue exists that could allow an attacker to load another website other than the URL for the website that is shown in the address bar.
(CVE-2014-1530)

- A use-after-free issue exists due to an 'imgLoader' object being freed when being resized. This issue could lead to arbitrary code execution. (CVE-2014-1531)

- A use-after-free issue exists during host resolution that could lead to arbitrary code execution.
(CVE-2014-1532)

Solution

Upgrade to Firefox 29.0 or later.

See Also

https://www.mozilla.org/en-US/security/advisories/mfsa2014-34/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-35/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-36/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-37/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-38/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-39/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-41/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-42/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-43/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-44/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-45/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-46/

https://www.mozilla.org/en-US/security/advisories/mfsa2014-47/

Plugin Details

Severity: Critical

ID: 73769

File Name: mozilla_firefox_29.nasl

Version: 1.12

Type: local

Agent: windows

Family: Windows

Published: 4/29/2014

Updated: 11/26/2019

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-1532

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Required KB Items: Mozilla/Firefox/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/29/2014

Vulnerability Publication Date: 3/28/2014

Reference Information

CVE: CVE-2014-1492, CVE-2014-1518, CVE-2014-1519, CVE-2014-1520, CVE-2014-1522, CVE-2014-1523, CVE-2014-1524, CVE-2014-1525, CVE-2014-1526, CVE-2014-1528, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532

BID: 66356, 67123, 67125, 67126, 67127, 67129, 67130, 67133, 67134, 67135, 67136, 67137, 67131, 67132

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990