Test ID:	1.3.6.1.4.1.25623.1.0.804042
Category:	General
Title:	Mozilla Firefox ESR Multiple Vulnerabilities-01 Dec13 (Mac OS X)
Summary:	This host is installed with Mozilla Firefox ESR and is prone to multiple; vulnerabilities.
Description:	Summary: This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function - JavaScript implementation does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs - Use-after-free vulnerability in the nsEventListenerManager::HandleEvent SubType function - unspecified error in nsGfxScrollFrameInner::IsLTR function - Flaw is due to the program ignoring the setting to remove the trust for extended validation (EV) capable root certificates Vulnerability Impact: Successful exploitation will allow attackers to conduct cross-site scripting attacks, bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system. Affected Software/OS: Mozilla Firefox ESR version 24.x before 24.2 on Mac OS X. Solution: Upgrade to Mozilla Firefox ESR version 24.2 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	BugTraq ID: 64204 BugTraq ID: 64203 BugTraq ID: 64216 BugTraq ID: 64209 BugTraq ID: 64211 BugTraq ID: 64212 BugTraq ID: 64213 Common Vulnerability Exposure (CVE) ID: CVE-2013-5609 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html https://security.gentoo.org/glsa/201504-01 RedHat Security Advisories: RHSA-2013:1812 http://rhn.redhat.com/errata/RHSA-2013-1812.html http://www.securitytracker.com/id/1029470 http://www.securitytracker.com/id/1029476 SuSE Security Announcement: SUSE-SU-2013:1919 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html SuSE Security Announcement: openSUSE-SU-2013:1916 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html SuSE Security Announcement: openSUSE-SU-2013:1917 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html SuSE Security Announcement: openSUSE-SU-2013:1918 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html SuSE Security Announcement: openSUSE-SU-2013:1957 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html SuSE Security Announcement: openSUSE-SU-2013:1958 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html SuSE Security Announcement: openSUSE-SU-2013:1959 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html SuSE Security Announcement: openSUSE-SU-2014:0008 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html http://www.ubuntu.com/usn/USN-2052-1 http://www.ubuntu.com/usn/USN-2053-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-5613 Common Vulnerability Exposure (CVE) ID: CVE-2013-5615 Common Vulnerability Exposure (CVE) ID: CVE-2013-5616 Common Vulnerability Exposure (CVE) ID: CVE-2013-5618 Common Vulnerability Exposure (CVE) ID: CVE-2013-6671 http://www.securityfocus.com/bid/64212 Common Vulnerability Exposure (CVE) ID: CVE-2013-6673 http://www.securityfocus.com/bid/64213
Copyright	Copyright (C) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.