Test ID:	1.3.6.1.4.1.25623.1.0.804090
Category:	General
Title:	Mozilla Firefox ESR Multiple Vulnerabilities-01 Feb14 (Windows)
Summary:	This host is installed with Mozilla Firefox and is prone to multiple; vulnerabilities.
Description:	Summary: This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An error when handling XML Binding Language (XBL) content scopes - An error when handling discarded images within the 'RasterImage' class - A use-after-free error related to certain content types when used with the 'imgRequestProxy()' function - An error when handling web workers error messages - A race condition error when handling session tickets within libssl - An error when handling JavaScript native getters on window objects Vulnerability Impact: Successful exploitation will allow attackers to bypass certain security restrictions and compromise a user's system. Affected Software/OS: Mozilla Firefox ESR version 24.x before 24.3 on Windows. Solution: Upgrade to Mozilla Firefox ESR version 24.3 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	BugTraq ID: 65317 BugTraq ID: 65320 BugTraq ID: 65326 BugTraq ID: 65328 BugTraq ID: 65334 BugTraq ID: 65330 BugTraq ID: 65335 BugTraq ID: 65332 Common Vulnerability Exposure (CVE) ID: CVE-2014-1477 http://www.securityfocus.com/bid/65317 Debian Security Information: DSA-2858 (Google Search) http://www.debian.org/security/2014/dsa-2858 http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html https://security.gentoo.org/glsa/201504-01 http://osvdb.org/102864 RedHat Security Advisories: RHSA-2014:0132 http://rhn.redhat.com/errata/RHSA-2014-0132.html RedHat Security Advisories: RHSA-2014:0133 http://rhn.redhat.com/errata/RHSA-2014-0133.html http://www.securitytracker.com/id/1029717 http://www.securitytracker.com/id/1029720 http://www.securitytracker.com/id/1029721 http://secunia.com/advisories/56706 http://secunia.com/advisories/56761 http://secunia.com/advisories/56763 http://secunia.com/advisories/56767 http://secunia.com/advisories/56787 http://secunia.com/advisories/56858 http://secunia.com/advisories/56888 SuSE Security Announcement: SUSE-SU-2014:0248 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html SuSE Security Announcement: openSUSE-SU-2014:0212 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html SuSE Security Announcement: openSUSE-SU-2014:0213 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html SuSE Security Announcement: openSUSE-SU-2014:0419 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://www.ubuntu.com/usn/USN-2102-1 http://www.ubuntu.com/usn/USN-2102-2 http://www.ubuntu.com/usn/USN-2119-1 XForce ISS Database: firefox-cve20141477-code-exec(90899) https://exchange.xforce.ibmcloud.com/vulnerabilities/90899 Common Vulnerability Exposure (CVE) ID: CVE-2014-1479 http://www.securityfocus.com/bid/65320 http://osvdb.org/102866 http://secunia.com/advisories/56922 XForce ISS Database: firefox-cve20141479-sec-bypass(90898) https://exchange.xforce.ibmcloud.com/vulnerabilities/90898 Common Vulnerability Exposure (CVE) ID: CVE-2014-1481 http://www.securityfocus.com/bid/65326 http://osvdb.org/102863 XForce ISS Database: firefox-cve20141481-sec-bypass(90883) https://exchange.xforce.ibmcloud.com/vulnerabilities/90883 Common Vulnerability Exposure (CVE) ID: CVE-2014-1482 http://www.securityfocus.com/bid/65328 http://osvdb.org/102868 XForce ISS Database: firefox-cve20141482-code-exec(90894) https://exchange.xforce.ibmcloud.com/vulnerabilities/90894 Common Vulnerability Exposure (CVE) ID: CVE-2014-1486 http://www.securityfocus.com/bid/65334 http://osvdb.org/102872 XForce ISS Database: firefox-cve20141486-code-exec(90890) https://exchange.xforce.ibmcloud.com/vulnerabilities/90890 Common Vulnerability Exposure (CVE) ID: CVE-2014-1487 http://www.securityfocus.com/bid/65330 http://osvdb.org/102873 XForce ISS Database: mozilla-cve20141487-info-disc(90889) https://exchange.xforce.ibmcloud.com/vulnerabilities/90889 Common Vulnerability Exposure (CVE) ID: CVE-2014-1490 http://www.securityfocus.com/bid/65335 Bugtraq: 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/534161/100/0/threaded http://seclists.org/fulldisclosure/2014/Dec/23 http://osvdb.org/102876 XForce ISS Database: mozilla-nss-cve20141490-code-exec(90885) https://exchange.xforce.ibmcloud.com/vulnerabilities/90885 Common Vulnerability Exposure (CVE) ID: CVE-2014-1491 http://www.securityfocus.com/bid/65332 Debian Security Information: DSA-2994 (Google Search) http://www.debian.org/security/2014/dsa-2994 XForce ISS Database: firefox-nss-cve20141491-unspecified(90886) https://exchange.xforce.ibmcloud.com/vulnerabilities/90886
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.