Beschreibung: | Summary: This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Vulnerability Insight: Multiple flaws are exists due to:
- Lack of status checking in CryptoKey interface implementation.
- Lack of status checking in 'AddWeightedPathSegLists' and 'SVGPathSegListSMILType::Interpolate' functions.
- Buffer overflow in the 'rx::TextureStorage11' class in ANGLE graphics library.
- An error in 'web worker' when creating WebSockets.
- Java plugin can deallocate a JavaScript wrapper when it is still in use, which leads to a JavaScript garbage collection crash.
- An error in URL parsing implementation.
- Buffer underflow in 'libjar' triggered through a maliciously crafted ZIP format file.
- An error in implementation of CORS cross-origin request algorithm
- Buffer overflow in the 'JPEGEncoder' function during script interactions with a canvas element.
- Trailing whitespaces are evaluated differently when parsing IP addresses instead of alphanumeric hostnames.
- Error in 'Add-on SDK' in while creating panel.
- Error in Reader View implementation in Mozilla Firefox.
- Error in NTLM-based HTTP authentication.
- Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox.
- NSS and NSPR Multiple memory corruption issues in NSS and NSPR.
- An error in how HTML tables are exposed to accessibility tools.
Vulnerability Impact: Successful exploitation will allow remote attackers to cause a denial of service, bypass security restrictions, to obtain sensitive information, execute arbitrary script code in a user's browser session and some unspecified impacts.
Affected Software/OS: Mozilla Firefox version before 42.0 on Mac OS X
Solution: Upgrade to Mozilla Firefox version 42.0 or later.
CVSS Score: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
|