Test ID:	1.3.6.1.4.1.25623.1.0.804136
Category:	General
Title:	Mozilla Firefox Multiple Vulnerabilities - 01 (Nov 2013) - Mac OS X
Summary:	Mozilla Firefox is prone to multiple vulnerabilities.
Description:	Summary: Mozilla Firefox is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - Use-after-free vulnerability in the 'nsContentUtils::ContentIsHostIncludingDescendantOf' function - Improper data initialization in the 'txXPathNodeUtils::getBaseURI' function - An error in 'Worker::SetEventListener' function in the Web workers implementation - Use-after-free vulnerability in 'nsEventListenerManager::SetEventHandler' function - Use-after-free vulnerability in 'nsIOService::NewChannelFromURIWithProxyFlags' function - Use-after-free vulnerability in the 'nsIPresShell::GetPresContext' function - Improper handling of the appending of an IFRAME element in 'PDF.js' - Use-after-free vulnerability in 'nsDocLoader::doStopDocumentLoad' function - Multiple unspecified vulnerabilities in the browser engine - Improper restriction of the nature or placement of HTML within a dropdown menu - Improper memory allocation for unspecified functions by JavaScript engine - Improper determination of the thread for release of an image object Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary code, cause a denial of service, spoof the address bar, conduct clickjacking attacks and conduct buffer overflow attacks. Affected Software/OS: Mozilla Firefox before version 25.0 on Mac OS X. Solution: Update to version 25.0 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-5603 https://security.gentoo.org/glsa/201504-01 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19302 SuSE Security Announcement: openSUSE-SU-2013:1633 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html SuSE Security Announcement: openSUSE-SU-2013:1634 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2013-5604 Debian Security Information: DSA-2788 (Google Search) http://www.debian.org/security/2013/dsa-2788 Debian Security Information: DSA-2797 (Google Search) http://www.debian.org/security/2013/dsa-2797 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19091 RedHat Security Advisories: RHSA-2013:1476 http://rhn.redhat.com/errata/RHSA-2013-1476.html RedHat Security Advisories: RHSA-2013:1480 http://rhn.redhat.com/errata/RHSA-2013-1480.html SuSE Security Announcement: SUSE-SU-2013:1678 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html Common Vulnerability Exposure (CVE) ID: CVE-2013-5602 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19293 Common Vulnerability Exposure (CVE) ID: CVE-2013-5601 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18495 Common Vulnerability Exposure (CVE) ID: CVE-2013-5600 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19172 Common Vulnerability Exposure (CVE) ID: CVE-2013-5599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19315 Common Vulnerability Exposure (CVE) ID: CVE-2013-5598 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19133 Common Vulnerability Exposure (CVE) ID: CVE-2013-5597 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19277 Common Vulnerability Exposure (CVE) ID: CVE-2013-5591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19015 Common Vulnerability Exposure (CVE) ID: CVE-2013-5590 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19001 Common Vulnerability Exposure (CVE) ID: CVE-2013-5592 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19148 Common Vulnerability Exposure (CVE) ID: CVE-2013-5593 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19263 Common Vulnerability Exposure (CVE) ID: CVE-2013-5594 https://bugzilla.mozilla.org/show_bug.cgi?id=914618 https://nki.gov.hu/en/figyelmeztetesek/serulekenysegek/mozilla-firefox-tobbszoros-serulekenysege-2/ Common Vulnerability Exposure (CVE) ID: CVE-2013-5595 BugTraq ID: 63421 http://www.securityfocus.com/bid/63421 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18694 Common Vulnerability Exposure (CVE) ID: CVE-2013-5596 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19066
Copyright	Copyright (C) 2013 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.