Test ID:	1.3.6.1.4.1.25623.1.0.804138
Category:	General
Title:	Mozilla Firefox ESR Multiple Vulnerabilities-02 (Nov 2013) - Mac OS X
Summary:	Mozilla Firefox ESR is prone to multiple vulnerabilities.
Description:	Summary: Mozilla Firefox ESR is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws due to: - Improper data initialization in the 'txXPathNodeUtils::getBaseURI' function. - An error in 'Worker::SetEventListener' function in the Web workers implementation. - Use-after-free vulnerability in the 'nsEventListenerManager::SetEventHandler' function. - Use-after-free vulnerability in 'nsIOService::NewChannelFromURIWithProxyFlags' function. - Use-after-free vulnerability in the 'nsIPresShell::GetPresContext' function. - Use-after-free vulnerability in the 'nsDocLoader::doStopDocumentLoad' function. - Multiple unspecified vulnerabilities in the browser engine. - Improper memory allocation for unspecified functions by JavaScript engine. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary code, cause a denial of service and conduct buffer overflow attacks. Affected Software/OS: Mozilla Firefox ESR version 17.x before 17.0.10 and 24.x before 24.1 on Mac OS X Solution: Upgrade to Mozilla Firefox ESR version 17.0.10 or 24.1 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-5604 Debian Security Information: DSA-2788 (Google Search) http://www.debian.org/security/2013/dsa-2788 Debian Security Information: DSA-2797 (Google Search) http://www.debian.org/security/2013/dsa-2797 https://security.gentoo.org/glsa/201504-01 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19091 RedHat Security Advisories: RHSA-2013:1476 http://rhn.redhat.com/errata/RHSA-2013-1476.html RedHat Security Advisories: RHSA-2013:1480 http://rhn.redhat.com/errata/RHSA-2013-1480.html SuSE Security Announcement: SUSE-SU-2013:1678 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html SuSE Security Announcement: openSUSE-SU-2013:1633 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html SuSE Security Announcement: openSUSE-SU-2013:1634 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2013-5602 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19293 Common Vulnerability Exposure (CVE) ID: CVE-2013-5601 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18495 Common Vulnerability Exposure (CVE) ID: CVE-2013-5600 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19172 Common Vulnerability Exposure (CVE) ID: CVE-2013-5599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19315 Common Vulnerability Exposure (CVE) ID: CVE-2013-5597 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19277 Common Vulnerability Exposure (CVE) ID: CVE-2013-5590 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19001 Common Vulnerability Exposure (CVE) ID: CVE-2013-5595 BugTraq ID: 63421 http://www.securityfocus.com/bid/63421 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18694
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.