Description: | Summary: This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Vulnerability Insight: Multiple flaws are due to:
- Flaw in WebChannel.jsm module in Mozilla Firefox.
- Integer overflow in libstagefright in Mozilla Firefox.
- Buffer overflow in the XML parser in Mozilla Firefox.
- Race condition in the 'nsThreadManager::RegisterCurrentThread' function in Mozilla Firefox.
- Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox.
- Flaw in Mozilla Firefox so that does not recognize a referrer policy delivered by a referrer META element.
- Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox.
- Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox.
- Flaw in asm.js implementation in Mozilla Firefox.
- Flaw in GStreamer in Mozilla Firefox.
- Multiple integer overflows in libstagefright in Mozilla Firefox.
Vulnerability Impact: Successful exploitation will allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code, bypass security restrictions, bypass origin restrictions, gain knowledge of sensitive information, run custom code, cause the server to crash and gain privileged access.
Affected Software/OS: Mozilla Firefox before version 38.0 on Mac OS X
Solution: Upgrade to Mozilla Firefox version 38.0 or later.
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|