Mozilla Firefox Multiple Vulnerabilities-01 May15 (Mac OS X)

Vulnerability Severity

Host Location Actions

Mozilla Firefox Multiple Vulnerabilities-01 May15 (Mac OS X)

7.5 (High)
192.168.1.106 general/tcp
Add Note
Add Override
SummaryThis host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.

Vulnerability Detection Result

Installed version: 35.0.1
Fixed version:     38.0
ImpactSuccessful exploitation will allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code, bypass security restrictions, bypass origin restrictions, gain knowledge of sensitive information, run custom code, cause the server to crash and gain privileged access.

Impact Level: System/Application

SolutionUpgrade to Mozilla Firefox version 38.0 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html

Vulnerability InsightMultiple flaws are due to: – Flaw in WebChannel.jsm module in Mozilla Firefox. – Integer overflow in libstagefright in Mozilla Firefox. – Buffer overflow in the XML parser in Mozilla Firefox. – Race condition in the ‘nsThreadManager::RegisterCurrentThread’ function in Mozilla Firefox. – Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox. – Flaw in Mozilla Firefox so that does not recognize a referrer policy delivered by a referrer META element. – Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox. – Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox. – Flaw in asm.js implementation in Mozilla Firefox. – Flaw in GStreamer in Mozilla Firefox.

Vulnerability Detection MethodGet the installed version with the help of detect NVT and check the version is vulnerable or not.

Details: Mozilla Firefox Multiple Vulnerabilities-01 May15 (Mac OS X) (OID: 1.3.6.1.4.1.25623.1.0.805626)

Version used: $Revision: 1271 $

References

CVE: CVE-2015-2708, CVE-2015-2709, CVE-2015-2710, CVE-2015-2711, CVE-2015-2712, CVE-2015-2713, CVE-2015-2715, CVE-2015-2716, CVE-2015-2717, CVE-2015-2718, CVE-2015-0797
BID: 74615, 74611
CERT: DFN-CERT-2015-0692 , DFN-CERT-2015-0683 , DFN-CERT-2015-0566
Other: http://osvdb.org/122021
http://osvdb.org/122022
http://osvdb.org/122038
https://www.mozilla.org/en-US/security/advisories/mfsa2015-46
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.