| VID |
28875 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Mozilla Firefox which is 22.x before 23.0 has been installed on the host. Mozilla Firefox is an open-source based Web browser, developed by the Mozilla project. Mozilla Firefox 22.x before 23.0 versions are multiple vulnerable to vulnerability.
- Various errors exist that could allow memory corruption conditions. (CVE-2013-1701, CVE-2013-1702)
- Use-after-free errors exist related to DOM modification when using 'SetBody' and generating a 'Certificate Request Message'. (CVE-2013-1704, CVE-2013-1705)
- Errors exist related to the update service and 'maintenanceservice.exe' that could allow buffer overflows when handling unexpectedly long path values. (CVE-2013-1706, CVE-2013-1707)
- An error exists in the function 'nsCString::CharAt' that could allow application crashes when decoding specially crafted WAV audio files. (CVE-2013-1708)
- Unspecified errors exist related to HTML frames and history handling, 'XrayWrappers', JavaScript URI handling and web workers using 'XMLHttpRequest' that could allow cross-site scripting attacks. (CVE-2013-1709, CVE-2013-1711, CVE-2013-1713, CVE-2013-1714)
- An unspecified error exists related to generating 'Certificate Request Message Format' (CRMF) requests that could allow cross-site scripting attacks. (CVE-2013-1710)
- DLL path loading errors exist related to the update service, full installer and the stub installer that could allow execution of arbitrary code. (CVE-2013-1712, CVE-2013-1715)
- An error exists related to Java applets and 'file:///' URIs that could allow read-only access to arbitrary files. (CVE-2013-1717)
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.mozilla.org/security/announce/2013/mfsa2013-63.html
http://www.mozilla.org/security/announce/2013/mfsa2013-64.html
http://www.mozilla.org/security/announce/2013/mfsa2013-65.html
http://www.mozilla.org/security/announce/2013/mfsa2013-66.html
http://www.mozilla.org/security/announce/2013/mfsa2013-67.html
http://www.mozilla.org/security/announce/2013/mfsa2013-68.html
http://www.mozilla.org/security/announce/2013/mfsa2013-69.html
http://www.mozilla.org/security/announce/2013/mfsa2013-70.html
http://www.mozilla.org/security/announce/2013/mfsa2013-71.html
http://www.mozilla.org/security/announce/2013/mfsa2013-72.html
http://www.mozilla.org/security/announce/2013/mfsa2013-73.html
http://www.mozilla.org/security/announce/2013/mfsa2013-74.html
http://www.mozilla.org/security/announce/2013/mfsa2013-75.html
* Platforms Affected:
Mozilla Foundation, Firefox versions 22.x prior to 23.0
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Firefox (23.0 or later), available from the Mozilla Web site at http://www.mozilla.com/firefox/ |
| Related URL |
CVE-2013-1701,CVE-2013-1702,CVE-2013-1704,CVE-2013-1705,CVE-2013-1706,CVE-2013-1707,CVE-2013-1708,CVE-2013-1709,CVE-2013-1710,CVE-2013-1711 (CVE) |
| Related URL |
61864,61867,61869,61871,61872,61873,61874,61875,61876,61877,61878,61882,61883,61896,61900 (SecurityFocus) |
| Related URL |
(ISS) |
|
