English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.903218
Category:General
Title:Mozilla Firefox Multiple Vulnerabilities (Jun 2013) - Mac OS X
Summary:Mozilla Firefox is prone to multiple vulnerabilities.
Description:Summary:
Mozilla Firefox is prone to multiple vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- PreserveWrapper does not handle lack of wrapper

- Error in processing of SVG format images with filters to read pixel values

- Does not prevent inclusion of body data in XMLHttpRequest HEAD request

- Multiple unspecified vulnerabilities in the browser engine

- Does not properly handle onreadystatechange events in conjunction with page reloading

- Profiler parses untrusted data during UI rendering

- System Only Wrapper (SOW) and Chrome Object Wrapper (COW), does not restrict XBL user-defined
functions

- Use-after-free vulnerability in 'nsIDocument::GetRootElement' and
'mozilla::dom::HTMLMediaElement::LookupMediaElementURITable' functions

- Multiple unspecified vulnerabilities in the browser engine

- Internationalized Domain Name (IDN) does not properly handle the .com, .name, and .net top-level
domains

- Does not properly implement DocShell inheritance behavior for sandbox attribute of an IFRAME
element

- 'getUserMedia' permission references the URL of top-level document instead of a specific page

- XrayWrapper does not properly restrict use of DefaultValue for method calls

- Does not properly enforce the X-Frame-Options protection mechanism

- Crash @xul!nsDOMEvent::GetTargetFromFrame on poison value

Vulnerability Impact:
Successful exploitation will allow attackers to execute arbitrary
code, obtain potentially sensitive information, gain escalated privileges, bypass security
restrictions, and perform unauthorized actions. Other attacks may also be possible.

Affected Software/OS:
Mozilla Firefox before version 22.0 on Mac OS X.

Solution:
Update to version 22.0 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17173
SuSE Security Announcement: openSUSE-SU-2013:1140 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html
SuSE Security Announcement: openSUSE-SU-2013:1142 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html
http://www.ubuntu.com/usn/USN-1890-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1684
BugTraq ID: 60766
http://www.securityfocus.com/bid/60766
Debian Security Information: DSA-2716 (Google Search)
http://www.debian.org/security/2013/dsa-2716
Debian Security Information: DSA-2720 (Google Search)
http://www.debian.org/security/2013/dsa-2720
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16604
RedHat Security Advisories: RHSA-2013:0981
http://rhn.redhat.com/errata/RHSA-2013-0981.html
RedHat Security Advisories: RHSA-2013:0982
http://rhn.redhat.com/errata/RHSA-2013-0982.html
SuSE Security Announcement: SUSE-SU-2013:1152 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html
SuSE Security Announcement: SUSE-SU-2013:1153 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html
SuSE Security Announcement: openSUSE-SU-2013:1141 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html
SuSE Security Announcement: openSUSE-SU-2013:1143 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html
http://www.ubuntu.com/usn/USN-1891-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1685
BugTraq ID: 60773
http://www.securityfocus.com/bid/60773
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17330
Common Vulnerability Exposure (CVE) ID: CVE-2013-1686
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16576
Common Vulnerability Exposure (CVE) ID: CVE-2013-1687
BugTraq ID: 60777
http://www.securityfocus.com/bid/60777
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17117
Common Vulnerability Exposure (CVE) ID: CVE-2013-1688
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16427
Common Vulnerability Exposure (CVE) ID: CVE-2013-1690
BugTraq ID: 60778
http://www.securityfocus.com/bid/60778
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16996
Common Vulnerability Exposure (CVE) ID: CVE-2013-1692
BugTraq ID: 60783
http://www.securityfocus.com/bid/60783
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17096
Common Vulnerability Exposure (CVE) ID: CVE-2013-1693
BugTraq ID: 60787
http://www.securityfocus.com/bid/60787
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17075
Common Vulnerability Exposure (CVE) ID: CVE-2013-1694
BugTraq ID: 60776
http://www.securityfocus.com/bid/60776
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17405
Common Vulnerability Exposure (CVE) ID: CVE-2013-1695
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16433
Common Vulnerability Exposure (CVE) ID: CVE-2013-1696
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16992
Common Vulnerability Exposure (CVE) ID: CVE-2013-1697
BugTraq ID: 60784
http://www.securityfocus.com/bid/60784
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17243
Common Vulnerability Exposure (CVE) ID: CVE-2013-1698
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16791
Common Vulnerability Exposure (CVE) ID: CVE-2013-1699
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17296
Common Vulnerability Exposure (CVE) ID: CVE-2013-1682
BugTraq ID: 60765
http://www.securityfocus.com/bid/60765
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17392
Common Vulnerability Exposure (CVE) ID: CVE-2013-1689
https://security-tracker.debian.org/tracker/CVE-2013-1689
CopyrightCopyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.