Updated Nessus Network Monitor Plugins from Tenable https://www.tenable.com/plugins/feeds?sort=updated&type=nnm Get the latest plugin updates from Tenable Tue, 17 Mar 2026 09:42:54 GMT https://validator.w3.org/feed/docs/rss2.html Tenable Plugins Updated Nessus Network Monitor Plugins from Tenable https://www.tenable.com/themes/custom/tenable/img/favicons/apple-touch-icon.png https://www.tenable.com/plugins/feeds?sort=updated&type=nnm Copyright 2026 Tenable, Inc. All rights reserved. <![CDATA[Deepseek API Detection]]> https://www.tenable.com/plugins/nnm/701497 https://www.tenable.com/plugins/nnm/701497 Tue, 28 Jan 2025 00:00:00 GMT Nessus Network Monitor Plugin ID 701497 with Info Severity

Synopsis

Traffic observed from the remote host indicates a potential violation of company policy.

Description

The remote host has been observed using the DeepSeek API.

Solution

Ensure that such behavior is in alignment with corporate policies and guidelines.

Read more at https://www.tenable.com/plugins/nnm/701497

]]> <![CDATA[Cisco IOS XR Software Cisco Discovery Protocol RCE (cisco-sa-20200205-iosxr-cdp-rce)]]> https://www.tenable.com/plugins/nnm/701265 https://www.tenable.com/plugins/nnm/701265 Tue, 18 Aug 2020 00:00:00 GMT Nessus Network Monitor Plugin ID 701265 with High Severity

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version, the Cisco IOS XR Software is affected by a remote code execution vulnerability within the Cisco Discovery Protocol due to improper validation of string input. An unauthenticated, adjacent attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvr09190.

Read more at https://www.tenable.com/plugins/nnm/701265

]]> <![CDATA[Safari Detection]]> https://www.tenable.com/plugins/nnm/7297 https://www.tenable.com/plugins/nnm/7297 Mon, 27 Jul 2020 00:00:00 GMT Nessus Network Monitor Plugin ID 7297 with Info Severity

Synopsis

Safari Detection Generator

Description

The remote host is running Safari web browser.

Solution

N/A

Read more at https://www.tenable.com/plugins/nnm/7297

]]> <![CDATA[Mozilla Firefox < 74.0.1 Race Condition]]> https://www.tenable.com/plugins/nnm/701275 https://www.tenable.com/plugins/nnm/701275 Fri, 01 May 2020 00:00:00 GMT Nessus Network Monitor Plugin ID 701275 with High Severity

Synopsis

A web browser installed on the remote host is affected by a race condition vulnerability.

Description

The version of Firefox installed on the remote host is prior to 74.0.1. It is affected by a race condition when handling a ReadableStream or running the nsDocShell destructor that can cause a use-after-free. There are known targeted attacks in the wild abusing this flaw.

Solution

Upgrade to Mozilla Firefox version 74.0.1 or later.

Read more at https://www.tenable.com/plugins/nnm/701275

]]> <![CDATA[Mozilla Firefox ESR < 68.6.1 Race Condition]]> https://www.tenable.com/plugins/nnm/701273 https://www.tenable.com/plugins/nnm/701273 Fri, 01 May 2020 00:00:00 GMT Nessus Network Monitor Plugin ID 701273 with High Severity

Synopsis

A web browser installed on the remote host is affected by a race condition vulnerability.

Description

The version of Firefox ESR installed on the remote host is prior to 68.6.1. It is affected by a race condition when handling a ReadableStream or running the nsDocShell destructor that can cause a use-after-free. There are known targeted attacks in the wild abusing this flaw.

Solution

Upgrade to Mozilla Firefox ESR version 68.6.1 or later.

Read more at https://www.tenable.com/plugins/nnm/701273

]]> <![CDATA[Trend Micro Apex One and OfficeScan XG Arbitrary Code Execution]]> https://www.tenable.com/plugins/nnm/701274 https://www.tenable.com/plugins/nnm/701274 Fri, 20 Mar 2020 00:00:00 GMT Nessus Network Monitor Plugin ID 701274 with High Severity

Synopsis

The remote host contains an application that is affected by an arbitrary code execution vulnerability.

Description

Trend Micro OfficeScan is installed on the remote host and is affected by an arbitrary code execution vulnerability. An attempted attack requires user authentication.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

Read more at https://www.tenable.com/plugins/nnm/701274

]]> <![CDATA[Client Data Leakage Detection (Credit Card Number)]]> https://www.tenable.com/plugins/nnm/7064 https://www.tenable.com/plugins/nnm/7064 Thu, 16 Jan 2020 00:00:00 GMT Nessus Network Monitor Plugin ID 7064 with Info Severity

Synopsis

The remote host sent a message which appears to contain a credit card number.

Description

The remote host sent a message which appears to contain a credit card number.

Solution

Ensure that confidential data is encrypted both in transit and in storage.

Read more at https://www.tenable.com/plugins/nnm/7064

]]> <![CDATA[Cisco IOS Device Detection]]> https://www.tenable.com/plugins/nnm/700533 https://www.tenable.com/plugins/nnm/700533 Thu, 05 Dec 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 700533 with Info Severity

Synopsis

A Cisco IOS device has been detected.

Description

The SNMP System Description of the remote host indicates a Cisco IOS Device.

Solution

N/A

Read more at https://www.tenable.com/plugins/nnm/700533

]]> <![CDATA[Cisco IOS-XR Device Detection]]> https://www.tenable.com/plugins/nnm/700532 https://www.tenable.com/plugins/nnm/700532 Thu, 05 Dec 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 700532 with Info Severity

Synopsis

A Cisco IOS-XR device has been detected.

Description

The SNMP System Description of the remote host indicates a Cisco IOS-XR Device.

Solution

N/A

Read more at https://www.tenable.com/plugins/nnm/700532

]]> <![CDATA[Cisco IOS-XE Device Detection]]> https://www.tenable.com/plugins/nnm/700531 https://www.tenable.com/plugins/nnm/700531 Thu, 05 Dec 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 700531 with Info Severity

Synopsis

A Cisco IOS-XE device has been detected.

Description

The SNMP System Description of the remote host indicates a Cisco IOS-XE Device.

Solution

N/A

Read more at https://www.tenable.com/plugins/nnm/700531

]]> <![CDATA[Mozilla Firefox ESR < 45.8 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/9987 https://www.tenable.com/plugins/nnm/9987 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 9987 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox ESR earlier than 45.8 are unpatched for the following vulnerabilities :

 - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in 'js/src/jsgc.cpp' that is triggered as certain input is not properly validated when handling zone groups. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists in 'netwerk/streamconv/converters/nsMultiMixedConv.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in 'netwerk/cache/nsDiskCacheDeviceSQL.cpp' that is triggered when handling cache eviction. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.- A use-after-free condition exists that is triggered when handling NPAPI plugin references. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists in 'dom/base/nsDocument.cpp' that is triggered when handling frame request callbacks rescheduling. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'js::array_sort()' function in 'js/src/jsarray.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'cairo_cff_font_write_cid_fontdict()' function in 'cairo-cff-subset.c' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and crash a process linked against the library or potentially execute arbitrary code.
 - A use-after-free error exists in the 'FontFaceSet' class in 'layout/style/FontFaceSet.cpp' that is triggered when handling events for FontFace objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists in the JavaScript Garbage Collection mechanism that is triggered during incremental sweeping on memory cleanups. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in 'dom/bindings/ErrorResult.h' that is triggered when handling ErrorResult references. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A use-after-free error exists that is triggered when handling ranges in selections with one node inside and one node outside of a native anonymous tree. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists in the 'HTMLTrackElement::LoadResource()' function in 'dom/html/HTMLTrackElement.cpp' that is triggered as CORS headers are not checked when loading video captions. This may allow a context-dependent attacker to disclose video captions.
 - A path truncation flaw exist in the 'NS_main()' function in 'toolkit/mozapps/update/updater/updater.cpp' that is triggered when passing callback parameters through the Mozilla Maintenance Service. This may allow a local attacker to delete arbitrary files with elevated privileges.
 - A flaw exists in the 'FilterNodeLightingSoftware::SetAttribute()' function template in 'gfx/2d/FilterNodeSoftware.cpp' that is triggered when handling subnormal surfaceScale values. With a specially crafted SVG filter, a context-dependent attacker can perform a side-channel attack, potentially resulting in disclosure of history information or text values across domains.

Solution

Upgrade to Firefox version 45.8 or later.

Read more at https://www.tenable.com/plugins/nnm/9987

]]> <![CDATA[Mozilla Firefox ESR < 45.7 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/9928 https://www.tenable.com/plugins/nnm/9928 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 9928 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox ESR earlier than 45.7 are unpatched for the following vulnerabilities :

 - A flaw exists in JIT code allocation that may allow a context-dependent attacker to bypass the Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) protection mechanisms.
 - A use-after-free error exists in the 'txExecutionState::getVariable()' function in 'dom/xslt/xslt/txExecutionState.cpp' that is triggered when handling XSL in XSLT documents. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists that is due to the program sharing hashed codes of JavaScripts objects between pages. This may allow a context-dependent attacker to gain access to potentially sensitive data by discovering the object's address through a pointer leak.
 - A use-after-free error exists in the 'PresShell::FlushPendingNotifications()' function in 'layout/base/PresShell.cpp' that is triggered during DOM manipulation of SVG content. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists that is due to the JSON viewer in the Developer Tools insecurely creating communication channels for copying and viewing JSON or HTTP headers. This may allow an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) can disclose and optionally manipulate transmitted data.
 - A flaw exists in the 'ICCallStubCompiler::guardFunApply()' function in 'js/src/jit/BaselineIC.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'IonBuilder::createThisScriptedSingleton()' function in 'js/src/jit/IonBuilder.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'AddLazyFunctionsForCompartment()' function in 'js/src/jscompartment.cpp' that is triggered when handling references to a compartment's lazy functions. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'js::DefineTypedArrayElement()' function in 'js/src/vm/TypedArrayObject.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'DataViewObject::create()' function in 'js/src/vm/TypedArrayObject.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'IonBuilder::initEnvironmentChain()' function in 'js/src/jit/IonBuilder.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists in the JavaScript JIT compiler that is triggered when handling windows. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'nsDOMConstructor::HasInstance()' function in 'dom/base/nsDOMClassInfo.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A use-after-free flaw exists in the 'nsDocument::SetScriptGlobalObject()' function in 'dom/base/nsDocument.cpp' that is triggered when handling specially crafted media files. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists that is triggered during the handling of a specially crafted URL that contains certain unicode glyphs for alternative hyphens and quotes. This may allow a context-dependent attacker to spoof the location bar.
 - A flaw exists that may allow WebExtension scripts to use the 'data: protocol' to affect pages loaded by other extensions. This may allow a context-dependent attacker to potentially disclose sensitive information or gain elevated privileges related to other extensions.

Solution

Upgrade to Firefox version 45.7 or later.

Read more at https://www.tenable.com/plugins/nnm/9928

]]> <![CDATA[Mozilla Firefox ESR < 45.6 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/9853 https://www.tenable.com/plugins/nnm/9853 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 9853 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox ESR earlier than 45.6 are unpatched for the following vulnerabilities :

 - A flaw exists in the 'GetNPObjectWrapper()' function in 'dom/plugins/base/nsJSNPRuntime.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'ObjectGroup::defaultNewGroup()' function in 'js/src/vm/ObjectGroup.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists that is triggered as certain input is not properly validated when handling HTML5 content. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists in the 'nsDocShell::RestoreFromHistory()' function in 'docshell/base/nsDocShell.cpp'. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists in the 'Factory::CreateDrawTargetForData()' function in 'gfx/2d/Factory.cpp'. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in 'dom/media/MediaRecorder.cpp' that is triggered when handling a document's activity state changes. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'nsHttpChunkedDecoder::ParseChunkRemaining()' function in 'netwerk/protocol/http/nsHttpChunkedDecoder.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A use-after-free error exists that is triggered when handling media content. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists in the 'nsDocument::EnumerateSubDocuments()' function in 'dom/base/nsDocument.cpp' that is triggered when adding and removing sub-documents. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code.
 - A flaw exists in 'dom/bindings/BindingUtils.h' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A use-after-free error exists in 'editor/libeditor/HTMLEditor.cpp' that is triggered when handling DOM subtrees. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists in the 'VaryingPacking::packVarying()' function in 'libANGLE/renderer/d3d/hlsl/VaryingPacking.cpp'. This may allow a context-dependent attacker to corrupt memory and crash a process linked against the library or potentially execute arbitrary code.
 - A use-after-free error exists in the 'nsNodeUtils::CloneAndAdopt()' function in 'dom/base/nsNodeUtils.cpp' that is triggered when handling failing node adoption. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists that is triggered as event handlers for marquee elements are executed despite restrictions against inline JavaScript. This may allow a context-dependent attacker to bypass the Content Security Policy (CSP).
 - A flaw exists in the 'nsDataDocumentContentPolicy::ShouldLoad()' function in 'dom/base/nsDataDocumentContentPolicy.cpp', as external resources may be inappropriately loaded by SVG images by utilizing 'data: URLs'. This may allow a context-dependent attacker to disclose potentially sensitive cross-domain information.
 - A flaw exists that is triggered as HTML tags from the Pocket server are not properly sanitized before use. This may allow a context-dependent attacker to inject content and gain access to the Pocket Messaging API.
 - A flaw exists in 'browser/extensions/pocket/content/main.js' related to the Pocket toolbar button, as it fails to properly verify the origin of events. This may potentially allow a context-dependent attacker to execute commands from other contexts.
 - A flaw exists that is triggered as atom information may be exposed. This may allow a context-dependent attacker to use a JavaScript Map/Set timing attack to determine if atoms are used by other compartments or zones, potentially disclosing cross-domain information.

Solution

Upgrade to Firefox version 45.6 or later.

Read more at https://www.tenable.com/plugins/nnm/9853

]]> <![CDATA[Mozilla Firefox ESR < 45.5.1 RCE]]> https://www.tenable.com/plugins/nnm/9852 https://www.tenable.com/plugins/nnm/9852 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 9852 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to a remote code execution (RCE) attack vector.

Description

Versions of Mozilla Firefox ESR earlier than 45.5.1 are unpatched for a use-after-free condition in 'dom/smil/nsSMILTimeContainer.cpp' that is triggered when handling SVG animations. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and execute arbitrary code.

Solution

Upgrade to Firefox version 45.5.1 or later.

Read more at https://www.tenable.com/plugins/nnm/9852

]]> <![CDATA[Mozilla Firefox ESR < 45.5 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/9805 https://www.tenable.com/plugins/nnm/9805 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 9805 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox ESR earlier than 45.5 are unpatched for the following vulnerabilities :

 - An overflow condition exists in the 'RASTERIZE_EDGES()' function in 'gfx/cairo/libpixman/src/pixman-edge-imp.h'. The issue is triggered as certain input is not properly validated when handling SVG content. This may allow a context-dependent attacker to cause a heap-based overflow, potentially allowing the execution of arbitrary code.
 - A flaw exists that is triggered when the Mozilla Updater is run with the updater's log file in the working directory pointing to a hardlink. This may allow a local attacker to append data to an arbitrary local file.
 - A flaw exists in the Mozilla Updater that is triggered as it may select an arbitrary target working directory to output files from the update process. No further details have been provided by the vendor.
 - A flaw exists that is triggered when length checking JavaScript arguments. This may allow a context-dependent attacker to have an unspecified impact.
 - A flaw exists that is triggered as add-on update IDs are not properly validated. This may allow an attacker with the ability to intercept network traffic '(e.g'. MitM, DNS cache poisoning) to provide malicious add-on updates.
 - An integer overflow condition exists in the 'nsScriptLoadHandler::TryDecodeRawData()' function in 'dom/base/nsScriptLoader.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code.
 - A flaw exists in the 'nsBaseChannel::Redirect()' function in 'netwerk/base/nsBaseChannel.cpp'. The issue is triggered as local shortcut files may be used to bypass the same-origin policy and load local content from the disk.
 - An unspecified flaw exists in 'divSpoiler' that may allow an attacker to conduct a side-channel attack. No further details have been provided by the vendor.
 - A flaw exists that is triggered when handling DOM tree operations for 'insertBefore()' method calls. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists that is triggered when handling Ion-compiling of scripts with too many typesets. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists related to tracing of script pointers in off-thread compilation tasks. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists that is triggered when handling runtime checks for helper threads tracing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'GlobalHelperThreadState::finishParseTask()' function in 'js/src/vm/HelperThreads.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists that is triggered as certain input is not properly validated when handling frames. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists that is triggered as certain input is not properly validated when handling HTML5 tokenizing. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists in 'dom/events/IMEStateManager.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.

Solution

Upgrade to Firefox version 45.5 or later.

Read more at https://www.tenable.com/plugins/nnm/9805

]]> <![CDATA[Mozilla Firefox ESR < 45.4 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/9623 https://www.tenable.com/plugins/nnm/9623 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 9623 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 45.4 are unpatched for the following vulnerabilities :

 - A flaw exists as the certificate pinning policy for built-in sites like 'addons.mozilla.org' is not honored due to the pins having expired. This may allow a Man-in-the-Middle (MitM) attacker able to generate a trusted certificate to conduct spoofing attacks.
 - A flaw exists in 'netwerk/sctp/src/netinet/sctputil.c' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the WebRTC component that is triggered as certain input is not properly validated when handling H.264 STAP-A content. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'nsNodeUtils::CloneAndAdopt()' function in 'dom/base/nsNodeUtils.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'parse()' function in 'libavcodec/vp9_parser.c' that is triggered when handling input frame sizes. This may allow a context-dependent attacker to corrupt memory, crashing a process linked against the library and potentially allowing the execution of arbitrary code.
 - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in 'netwerk/sctp/src/netinet/sctputil.c' that is triggered when handling association failures. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'nsHttpChannelAuthProvider::OnAuthCancelled()' function in 'netwerk/protocol/http/nsHttpChannelAuthProvider.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An unspecified flaw exists that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists that is triggered as certain input is not properly validated when handling APNG images. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A use-after-free error exists that is triggered when handling SVG format content being manipulated through script code. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A use-after-free error exists in the 'nsTextNodeDirectionalityMap::RemoveElementFromMap()' function in 'dom/base/DirectionalityUtils.cpp' that is triggered when handling changing of text direction. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A use-after-free error exists in the 'nsRefreshDriver::Tick()' function that is triggered when handling web animations destroying a timeline. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A type confusion flaw exists in 'layout/forms/nsRangeFrame.cpp' that triggered when handling layout with input elements. This may allow a context-dependent attacker to potentially execute arbitrary code.
 - An overflow condition exists in the 'nsCaseTransformTextRunFactory::TransformString()' function in 'layout/generic/nsTextRunTransformations.cpp' that is triggered when converting text containing certain unicode characters. This may allow a context-dependent attacker to cause a heap-based buffer overflow, potentially allowing the execution of arbitrary code.
 - An overflow condition exists in the 'nsBMPEncoder::AddImageFrame()' function in 'dom/base/ImageEncoder.cpp' that is triggered when encoding image frames to images. This may allow a context-dependent attacker to cause a heap-based buffer overflow and potentially execute arbitrary code.
 - A use-after-free error exists in the 'DocAccessible::ProcessInvalidationList()' function in 'accessible/generic/DocAccessible.cpp' that is triggered when setting an aria-owns attribute. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A use-after-free error exists in 'layout/style/nsRuleNode.cpp' that is triggered when handling web animations during restyling. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.

Solution

Upgrade to Firefox version 45.4 or later.

Read more at https://www.tenable.com/plugins/nnm/9623

]]> <![CDATA[Mozilla Firefox ESR < 45.3 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/9485 https://www.tenable.com/plugins/nnm/9485 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 9485 with Medium Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox ESR less than or equal to 45.2 are unpatched for the following vulnerabilities :

 - A flaw exists due to the program failing to close connections after requesting favicons. This may allow a context-dependent attacker to continue to send requests to the user's browser and gain access to potentially sensitive information.
 - A flaw exists in 'js/src/frontend/Parser.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists in the 'js::array_splice_impl()' function in 'js/src/jsarray.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A flaw exists that is triggered as certain unspecified user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
- A flaw exists in the 'OSXNotificationCenter::ShowAlertWithIconData()' function in 'widget/cocoa/OSXNotificationCenter.mm' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - A use-after-free condition exists in 'dom/media/GraphDriver.cpp' that is triggered as certain input is not properly validated. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.
 - A flaw exists in the 'Http2Session::TransactionHasDataToWrite()' function in 'netwerk/protocol/http/Http2Session.cpp' and 'SpdySession31::TransactionHasDataToWrite()' function in 'netwerk/protocol/http/SpdySession31.cpp'. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.
 - An overflow condition exists in the 'ClearKeyDecryptor::Decrypt()' function in 'media/gmp-clearkey/0.1/ClearKeyDecryptionManager.cpp' used by the Encrypted Media Extensions (EME) API. The issue is triggered as user-supplied input is not properly validated when handling video files. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2016-2837)
 - A use-after-free error exists in the 'nsXULPopupManager::KeyDown()' function in 'layout/xul/nsXULPopupManager.cpp'. The issue is triggered when using the alt key in conjunction with top level menu items in Firefox. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code.(CVE-2016-5254)
 - A use-after-free error exists in 'WebRTC'. The issue is triggered when handling 'DTLS' objects. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5258)
 - A flaw exists that is due to event handler attributes on a 'marquee' tag being executed inside a sandboxed iframe that does not have the allow-scripts flag set. This may allow a context-dependent attacker to bypass XSS protection mechanisms. (CVE-2016-5262)
 - A use-after-free error exists in the 'nsNodeUtils::NativeAnonymousChildListChange()' function. The issue is triggered when applying effects to SVG element. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-5264)

Solution

Upgrade to Firefox ESR version 45.3 or later.

Read more at https://www.tenable.com/plugins/nnm/9485

]]> <![CDATA[Mozilla Firefox ESR < 45.2 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/9382 https://www.tenable.com/plugins/nnm/9382 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 9382 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 45.2 are unpatched for the following vulnerabilities :

 - Multiple memory corruption issues exist that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2016-2815, CVE-2016-2818)
 - An overflow condition exists that is triggered when handling HTML5 fragments in foreign contexts (e.g., under nodes). An unauthenticated, remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2016-2819)
 - A use-after-free error exists that is triggered when deleting DOM table elements in 'contenteditable' mode. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-2821)
 - A spoofing vulnerability exists due to improper handling of SELECT elements. An unauthenticated, remote attacker can exploit this to spoof the contents of the address bar. (CVE-2016-2822)
 - An out-of-bounds write flaw in 'TSymbolTableLevel' is triggered when size values for array writes are not properly checked during WebGL shader operations. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-2824)
 - A flaw exists in the Windows updater utility's 'toolkit/mozapps/update/updater/updater.cpp' extraction of files from MAR archives. These files are not properly locked for writing, which may allow a local attacker to replace these files and potentially leverage them to gain elevated privileges. (CVE-2016-2826)
 - A use-after-free error exists that is triggered when destroying the recycle pool of a texture used during the processing of WebGL content. An unauthenticated, remote attacker can exploit this to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2016-2828)
 - A flaw exists that is triggered when handling paired fullscreen and pointerlock requests in combination with closing windows. An unauthenticated, remote attacker can exploit this to create an unauthorized pointerlock, resulting in a denial of service condition. Additionally, an attacker can exploit this to conduct spoofing and clickjacking attacks. (CVE-2016-2831)

Solution

Upgrade to Firefox version 45.2 or later.

Read more at https://www.tenable.com/plugins/nnm/9382

]]> <![CDATA[Mozilla Firefox ESR < 24.4 RCE]]> https://www.tenable.com/plugins/nnm/9381 https://www.tenable.com/plugins/nnm/9381 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 9381 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to a remote code execution (RCE) attack vectors.

Description

Versions of Mozilla Firefox ESR earlier than 24.4 are unpatched for a flaw that exists in the 'checkHandshake()' function in 'security/manager/ssl/src/nsNSSIOLayer.cpp'. The issue is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code.

Solution

Upgrade to Firefox ESR version 24.4 or later.

Read more at https://www.tenable.com/plugins/nnm/9381

]]> <![CDATA[Mozilla Firefox ESR 45.x < 45.1 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/9379 https://www.tenable.com/plugins/nnm/9379 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 9379 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox ESR 4.x earlier than 45.1 are unpatched for the following vulnerabilities :

 - Multiple memory corruption issues exist that allow an attacker to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2805, CVE-2016-2807)
 - Multiple flaws exist in that are triggered as user-supplied input is not properly validated. These flaws may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-2806)
 - A flaw exists due to improper validation of user-supplied input when handling the 32-bit generation count of the underlying HashMap. A context-dependent attacker can exploit this to cause a buffer overflow condition, resulting in a denial of service or the execution of arbitrary code. (CVE-2016-2808)
 - A heap buffer overflow condition exists in the Google Stagefright component due to improper validation of user-supplied input when handling CENC offsets and the sizes table. A context-dependent attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-2814)

Solution

Upgrade to Firefox ESR version 45.1 or later.

Read more at https://www.tenable.com/plugins/nnm/9379

]]> <![CDATA[Mozilla Firefox ESR < 38.8 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/9378 https://www.tenable.com/plugins/nnm/9378 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 9378 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox ESR earlier than 38.8 are unpatched for the following vulnerabilities :

- Multiple memory corruption issues exist that allow an attacker to corrupt memory, resulting in the execution of arbitrary code. (CVE-2016-2805, CVE-2016-2807)
 - A flaw exists due to improper validation of user-supplied input when handling the 32-bit generation count of the underlying HashMap. A context-dependent attacker can exploit this to cause a buffer overflow condition, resulting in a denial of service or the execution of arbitrary code. (CVE-2016-2808)
 - A heap buffer overflow condition exists in the Google Stagefright component due to improper validation of user-supplied input when handling CENC offsets and the sizes table. A context-dependent attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-2814)

Solution

Upgrade to Firefox ESR 38.8 or later.

Read more at https://www.tenable.com/plugins/nnm/9378

]]> <![CDATA[Mozilla Firefox < 38.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8865 https://www.tenable.com/plugins/nnm/8865 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8865 with Critical Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 38.0 are unpatched for the following vulnerabilities :

- A privilege escalation vulnerability exists in the Inter-process Communications (IPC) implementation due to a failure to validate the identity of a listener process. (MFSA2015-57)
- An issue exists in the Mozilla updater in which DLL files in the current working directory or Windows temporary directories will be loaded, allowing the execution of arbitrary code. (CVE-2015-0833, CVE-2015-2720)
- Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code. (CVE-2015-2708, CVE-2015-2709)
- A buffer overflow condition exists in 'SVGTextFrame.cpp' when rendering SVG graphics that are combined with certain CSS properties due to improper validation of user-supplied input. A remote attacker can exploit this to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2710)
- A security bypass vulnerability exists due to the referrer policy not being enforced in certain situations when opening links (e.g. using the context menu or a middle-clicks by mouse). A remote attacker can exploit this to bypass intended policy settings. (CVE-2015-2711)
- An out-of-bounds read and write issue exists in the 'CheckHeapLengthCondition()' function due to improper JavaScript validation of heap lengths. A remote attacker can exploit this, via a specially crafted web page, to disclose memory contents. (CVE-2015-2712)
- A use-after-free error exists due to improper processing of text when vertical text is enabled. A remote attacker can exploit this to dereference already freed memory. (CVE-2015-2713) - A use-after-free error exists in the 'RegisterCurrentThread()' function in 'nsThreadManager.cpp' due to a race condition related to media decoder threads created during the shutdown process. A remote attacker can exploit this to dereference already freed memory. (CVE-2015-2715)
- A buffer overflow condition exists in the 'XML_GetBuffer()' function in xmlparse.c due to improper validation of user-supplied input when handling compressed XML content. An attacker can exploit this to cause a buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2716)
- An integer overflow condition exists in the 'parseChunk()' function in 'MPEG4Extractor.cpp' due to improper handling of MP4 video metadata in chunks. A remote attacker can exploit this, via specially crafted media content, to cause a heap-based buffer overflow, resulting in the execution of arbitrary code. (CVE-2015-2717)
- A security bypass vulnerability exists in 'WebChannel.jsm' due to improper handling of message traffic. An untrusted page hosting a trusted page within an iframe can intercept webchannel responses for the trusted page. This allows a remote attacker, via a specially crafted web page, to bypass origin restrictions, resulting in the disclosure of sensitive information. (CVE-2015-2718)
- Multiple integer overflow conditions exist in the bundled libstagefright component due to improper validation of user-supplied input when processing MPEG4 sample metadata. A remote attacker can exploit this, via specially crafted media content, to execute arbitrary code. (CVE-2015-4496)

Solution

Upgrade to Firefox 38.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8865

]]> <![CDATA[Mozilla Firefox < 37.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8742 https://www.tenable.com/plugins/nnm/8742 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8742 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 37.0 are unpatched for the following vulnerabilities :

- A privilege escalation vulnerability exists which relates to anchor navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context. Note that this is a variant of CVE-2015-0818 that was fixed in Firefox 36.0.4. (CVE-2015-0801)
 - Access to certain privileged internal methods is retained when navigating from windows created to contain privileged UI content to unprivileged pages. An attacker can exploit this to execute arbitrary JavaScript with elevated privileges. (CVE-2015-0802)
 - Multiple type confusion issues exist that can lead to use-after-free errors, which a remote attacker can exploit to execute arbitrary code or cause a denial of service. (CVE-2015-0803, CVE-2015-0804)
 - Multiple memory corruption issues exist related to off-main-thread compositing when rendering 2D graphics, which a remote attacker can exploit to execute arbitrary code or cause a denial of service. (CVE-2015-0805, CVE-2015-0806)
 - A cross-site request forgery (XSRF) vulnerability exists in the sendBeacon() function due to cross-origin resource sharing (CORS) requests following 30x redirections. (CVE-2015-0807)
 - An issue exists in WebRTC related to memory management for simple-style arrays, which may be used by a remote attacker to cause a denial of service. (CVE-2015-0808)
 - An issue exists that allows a remote attacker to make the user's cursor invisible, possibly resulting in a successful clickjacking attack. Only OS X installations of Firefox are affected. (CVE-2015-0810)
 - An out-of-bounds read issue exists in the QCMS color management library that could lead to an information disclosure. (CVE-2015-0811)
 - An issue exists that can allow a man-in-the-middle attacker to bypass user-confirmation and install a Firefox lightweight theme by spoofing a Mozilla sub-domain. (CVE-2015-0812)
 - A use-after-free vulnerability affects the AppendElements() function when the Fluendo MP3 plugin for GStreamer is used. A remote attacker could exploit this to execute arbitrary code or cause a denial of service (heap memory corruption) via a specially crafted MP3 file. (CVE-2015-0813)
 - Multiple memory safety issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and possibly execute arbitrary code. (CVE-2015-0814, CVE-2015-0815)
 - A privilege escalation vulnerability exists related to documents loaded through a 'resource:' URL. An attacker can exploit this to load pages and execute JavaScript with elevated privileges. (CVE-2015-0816)

Solution

Upgrade to Firefox 37.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8742

]]> <![CDATA[Mozilla Firefox < 36.0.3 JIT Code Execution]]> https://www.tenable.com/plugins/nnm/8688 https://www.tenable.com/plugins/nnm/8688 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8688 with High Severity

Synopsis

The remote host has a web browser that is affected by a remote code execution vulnerability.

Description

Versions of Mozilla Firefox earlier than 36.0.3 are affected by a remote code execution vulnerability due to an out-of-bounds error in typed array bounds checking within 'asmjs/AsmJSValidate.cpp', which relates to just-in-time compilation for JavaScript. A remote attacker, using a specially crafted web page, can exploit this to execute arbitrary code by reading and writing to memory.

Solution

Upgrade to Firefox 36.0.3, or later.

Read more at https://www.tenable.com/plugins/nnm/8688

]]> <![CDATA[Mozilla Firefox < 36.0.4 SVG Bypass Privilege Escalation]]> https://www.tenable.com/plugins/nnm/8685 https://www.tenable.com/plugins/nnm/8685 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8685 with High Severity

Synopsis

The remote Windows host contains a web browser that is affected by a privilege escalation vulnerability.

Description

Versions of Mozilla Firefox earlier than 36.0.4 are affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context.

Solution

Upgrade to Firefox 36.0.4, or later.

Read more at https://www.tenable.com/plugins/nnm/8685

]]> <![CDATA[Mozilla Firefox < 36.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8653 https://www.tenable.com/plugins/nnm/8653 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8653 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 36.0 are unpatched for the following vulnerabilities :

- An information disclosure vulnerability exists related to the autocomplete feature that allows an attacker to read arbitrary files. (CVE-2015-0822)
 - An out-of-bounds read and write issue exists when processing invalid SVG graphic files. This allows an attacker to disclose sensitive information. (CVE-2015-0827)
 - A use-after-free issue exists when running specific web content with 'IndexedDB' to create an index, resulting in a denial of service condition or arbitrary code execution. (CVE-2015-0831)
 - An issue exists in the Mozilla updater in which DLL files in the current working directory or Windows temporary directories will be loaded, allowing the execution of arbitrary code. Note that hosts are only affected if the updater is not run by the Mozilla Maintenance Service. (CVE-2015-0833)
 - Multiple unspecified memory safety issues exist within the browser engine. (CVE-2015-0835, CVE-2015-0836)


NOTE : The following vulnerabilities exist only within the stable release, and do not affect any Firefox ESR releases :

 - An issue exists when a period is appended to a hostname that results in a bypass of the Public Key Pinning Extension for HTTP (HPKP) and HTTP Strict Transport Security (HSTS) when certificate pinning is set to strict mode. An attacker can exploit this issue to perform man-in-the-middle attacks if the attacker has a security certificate for a domain with the added period. (CVE-2015-0832)
 - An unspecified issue exists that allows an attacker, via specially crafted WebGL content, to cause a denial of service condition. (CVE-2015-0830)
 - An information disclosure vulnerability exists due to the lack of TLS support for connections to TURN and STUN servers, resulting in plaintext connections. (CVE-2015-0834)
 - A buffer overflow issue exists in the 'libstagefright' library when processing invalid MP4 video files, resulting in a denial of service condition or arbitrary code execution. (CVE-2015-0829)
 - A double-free issue exists when sending a zero-length 'XmlHttpRequest' (XHR) object due to errors in memory allocation when using different memory allocator libraries than 'jemalloc'. This allows an attacker to crash the application. (CVE-2015-0828)
 - A buffer underflow issue exists during audio playback of invalid MP3 audio files. (CVE-2015-0825)
 - An out-of-bounds read issue exists while restyling and reflowing changes of web content with CSS, resulting in a denial of service condition or arbitrary code execution. (CVE-2015-0826)
 - An issue exists in the 'DrawTarget()' function of the Cairo graphics library that allows an attacker cause a segmentation fault, resulting in a denial of service. (CVE-2015-0824)
 - A use-after-free error exists with the OpenType Sanitiser (OTS) when expanding macros. (CVE-2015-0823)
 - An issue exists when opening hyperlinks on a page with the mouse and specific keyboard key combinations that allows a Chrome privileged URL to be opened without context restrictions being preserved. Additionally, the issue allows the opening of local files and resources from a known location to be opened with local privileges, bypassing security protections. (CVE-2015-0821)

Solution

Upgrade to Firefox 36.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8653

]]> <![CDATA[Mozilla Firefox < 35.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8624 https://www.tenable.com/plugins/nnm/8624 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8624 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 35.0 are unpatched for the following vulnerabilities :

- Multiple unspecified memory safety issues exist within the browser engine. (CVE-2014-8634, CVE-2014-8635)
 - A flaw exists where DOM objects with some specific properties can bypass XrayWrappers. This can allow web content to confuse privileged code, potentially enabling privilege escalation. (CVE-2014-8636)
 - A flaw exists in the rendering of bitmap images. When rending a malformed bitmap image, memory may not always be properly initialized, which can result in a leakage of data to web content. (CVE-2014-8637)
 - A flaw exists in 'navigator.sendBeacon()' in which it does not follow the cross-origin resource sharing specification. This results in requests from 'sendBeacon()' lacking an 'origin' header, which allows malicious sites to perform XSRF attacks. (CVE-2014-8638)
 - A flaw exists when receiving 407 Proxy Authentication responses with a 'set-cookie' header. This can allow a session-fixation attack. (CVE-2014-8639)
 - A flaw exists in Web Audio that can allow a small block of memory to be read. (CVE-2014-8640)
 - A read-after-free flaw exists in WebRTC due to the way tracks are handled, which can result in a potentially exploitable crash or incorrect WebRTC behavior. (CVE-2014-8641)
 - A flaw exists where delegated Online Certificate Status Protocol responder certificates fail to recognize the id-pkix-ocsp-nocheck extension. This can result in a user connecting to a site with a revoked certificate. (CVE-2014-8642)
 - A flaw exists in the Gecko Media Plugin which can allow an attacker to break out of the sandbox. (CVE-2014-8643)

Solution

Upgrade to Firefox 35.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8624

]]> <![CDATA[Mozilla Firefox < 34.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8588 https://www.tenable.com/plugins/nnm/8588 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8588 with Medium Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 34.0 are unpatched for the following vulnerabilities :

 - Security Bypass that can be leveraged when processing specially crafted Chrome-based CSS stylesheets with improperly declared namespaces. (CVE-2014-1589)
 - Information Disclosure due to the way Content Security Policy leaks data through violation reports. (CVE-2014-1591)
 - Multiple Unspecified Memory Corruption Vulnerabilities. (CVE-2014-1587)(CVE-2014-1588)
 - Multiple Local Information Disclosure Vulnerabilities requiring interactive access to exploit. (CVE-2014-1595)
 - Security Vulnerability due to bad casting from 'BasicThebesLayer' to 'BasicContainerLayer'. (CVE-2014-1594)
 - Denial of Service Vulnerability can occur when passing a js object to 'XMLHttpRequest' that mimics an input stream. (CVE-2014-1590)
 - Use After Free Memory Corruption Vulnerability when creating a second root element during the parsing of an HTML5 document which contains 'document.open()'. (CVE-2014-1592)
 - Buffer Overflow Vulnerability when handling specially crafted media content. (CVE-2014-1593)
 - A flaw exists and is triggered as 'XrayWrappers' filter objects are not properly validated when stored in the program. This may allow a context-dependent attacker to bypass security protection mechanisms. (CVE-2014-8632)

Solution

Upgrade to Firefox 34.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8588

]]> <![CDATA[Mozilla Firefox < 33.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8553 https://www.tenable.com/plugins/nnm/8553 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8553 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 33.0 are unpatched for the following vulnerabilities :

 - Buffer overflow vulnerability exists when capitalization style changes occur during CSS parsing. (CVE-2014-1576)
 - Out-of-bounds read error in the Web Audio component when invalid values are used in custom waveforms can lead to denial of service or information disclosure. (CVE-2014-1577)
 - Out-of-bounds write error when processing invalid tile sizes in 'WebM' format videos can be leveraged for arbitrary code execution. (CVE-2014-1578)
 - Memory is not properly initialized during GIF rendering within a '' element, which can be leveraged via a specially crafted web script to acquire sensitive information from the process memory. (CVE-2014-1580)
 - Use-after-free error in the 'DirectionalityUtils' component when text direction is used in the text layout can be leveraged for arbitrary code execution. (CVE-2014-1581)
 - Multiple security bypass vulnerabilities exist in the implementation of Public Key Pinning (PKP); one issue can be triggered via SPDY's or HTTP/2's connection-coalescing property in the case of a shared IP address, and another issue is exposed by an unspecified issuer-verification error. Both scenarios can be leveraged for man-in-the-middle attacks. Note that key pinning was introduced in Firefox 32. (CVE-2014-1582, CVE-2014-1584)
 - A cross-origin policy bypass exists that could allow a malicious app to use 'AlarmAPI' to read cross-origin references and possibly perform unauthorized actions through the victim user's session. (CVE-2014-1583)
 - Multiple issues exist in WebRTC when the session is running within an 'iframe' element that will allow the session to be accessible even when sharing is stopped and when returning to the website. This could result in the video inadvertently being shared. (CVE-2014-1585, CVE-2014-1586)
 - Multiple memory safety flaws exist within the browser engine, which can likely be leveraged for denial of service or arbitrary code execution. (CVE-2014-1574, CVE-2014-1575)

Solution

Upgrade to Firefox 33.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8553

]]> <![CDATA[Mozilla Thunderbird < 31.1.2 RSA Signature Forgery in NSS]]> https://www.tenable.com/plugins/nnm/8412 https://www.tenable.com/plugins/nnm/8412 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8412 with High Severity

Synopsis

The remote host is running a mail client that is vulnerable to a critical issue within the Network Security Services (NSS) library.

Description

Versions of Mozilla Thunderbird prior to 31.1.2 utilize a vulnerable version of the Network Security Services library for cryptographic functionality. The issue occurs from incorrectly check on signature padding, leading to potential signature forgery that can be leveraged for man-in-the-middle attacks over SSL.

Solution

Upgrade to Thunderbird 31.1.2, or later.

Read more at https://www.tenable.com/plugins/nnm/8412

]]> <![CDATA[Mozilla Firefox < 32.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8361 https://www.tenable.com/plugins/nnm/8361 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8361 with Medium Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 32.0 are unpatched for the following vulnerabilities :

 - Use-after-free vulnerabilities -- when setting text direction, and when interacting with SVG content through the DOM -- which can be leveraged for arbitrary code execution (CVE-2014-1567, CVE-2014-1563)
 - Out-of-bounds read in the Web Audio audio timeline that can trigger a crash and potentially disclose memory content (CVE-2014-1565)
 - Incomplete memory initialization when rendering a malformed GIF image could expose that memory to scripts via web content using the '' feature, resulting in information disclosure (CVE-2014-1564)
 - Other undisclosed memory issues that have since been patched (CVE-2014-1553, CVE-2014-1554, CVE-2014-1562)

Solution

Upgrade to Firefox 32.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8361

]]> <![CDATA[Mozilla Thunderbird < 31.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8339 https://www.tenable.com/plugins/nnm/8339 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8339 with High Severity

Synopsis

The remote host has an email client installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Thunderbird prior to 31.0 are unpatched for the following vulnerabilities :

 - An exploitable crash when using the Cesium JavaScript library to generate WebGL content could be leveraged to execute arbitrary code (CVE-2014-1556)
 - A potentially exploitable crash when scaling high quality images, due to image data being discarded while in use by the scaling operation (CVE-2014-1557)
 - Use-after-free errors when handling certificates in the trusted cache, triggering a FireOnStateChang event in certain circumstances, when rendering MathML content in DirectWrite handling certain fonts, and buffering Web Audio playback can be leveraged to crash the application and, in some cases, execute arbitrary code (CVE-2014-1544, CVE-2014-1555, CVE-2014-1551, CVE-2014-1550)
 - Bypass of the iframe element sandbox via network-level redirects, which can allow unauthorized access to content without explicit approval (CVE-2014-1552)
 - Issues with parsing SSL certificates when non-standard characters are present, which can lead to a potential inability to use valid SSL certificates (CVE-2014-1558, CVE-2014-1559, CVE-2014-1560)
 - Potentially exploitable buffer overflow when interacting with Web Audio buffer for playback, due to an error in the amount of memory allocated for buffers (CVE-2014-1549)
 - Other miscellaneous memory issues that have since been fixed (CVE-2014-1547, CVE-2014-1548)

While most of these vulnerabilities are browser-oriented, Thunderbird's built-in browser capabilities may be susceptible vectors for attack.

Solution

Upgrade to Thunderbird 31.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8339

]]> <![CDATA[Mozilla Firefox < 31.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8333 https://www.tenable.com/plugins/nnm/8333 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8333 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 31.0 are unpatched for the following vulnerabilities :

 - An exploitable crash when using the Cesium JavaScript library to generate WebGL content could be leveraged to execute arbitrary code (CVE-2014-1556)
 - A potentially exploitable crash when scaling high quality images, due to image data being discarded while in use by the scaling operation (CVE-2014-1557)
 - Use-after-free errors when handling certificates in the trusted cache, triggering a FireOnStateChang event in certain circumstances, when rendering MathML content in DirectWrite handling certain fonts, and buffering Web Audio playback can be leveraged to crash the application and, in some cases, execute arbitrary code (CVE-2014-1544, CVE-2014-1555, CVE-2014-1551, CVE-2014-1550)
 - Bypass of the iframe element sandbox via network-level redirects, which can allow unauthorized access to content without explicit approval (CVE-2014-1552)
 - Issues with parsing SSL certificates when non-standard characters are present, which can lead to a potential inability to use valid SSL certificates (CVE-2014-1558, CVE-2014-1559, CVE-2014-1560)
 - Potentially exploitable buffer overflow when interacting with Web Audio buffer for playback, due to an error in the amount of memory allocated for buffers (CVE-2014-1549)
 - Other miscellaneous memory issues that have since been fixed (CVE-2014-1547, CVE-2014-1548)

Solution

Upgrade to Firefox version 31.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8333

]]> <![CDATA[Mozilla Firefox < 30.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8290 https://www.tenable.com/plugins/nnm/8290 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8290 with Medium Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 30.0 are unpatched against the following vulnerabilities :

 - Buffer overflows due to insufficient input validation in Gamepad API and Web Audio Speex resampler, which can be leveraged to execute arbitrary code or cause denial of service conditions (CVE-2014-1543, CVE-2014-1542)
 - Use-after-free errors in SMIL Animation Controller, Event Listener Manager, and various other locations, which may be triggered via web content to cause a potentially exploitable crash (CVE-2014-1540, CVE-2014-1539, CVE-2014-1538; on non-ESR Firefox only: CVE-2014-1536, CVE-2014-1537)
 - Clickjacking through cursor invisibility when the cursor leaves the embedded flash object (OS X platform only) (CVE-2014-1539)
 - Miscellaneous memory safety hazards (CVE-2014-1533, CVE-2014-1534)

Solution

Upgrade to Firefox 30.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8290

]]> <![CDATA[Mozilla Firefox < 29.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8213 https://www.tenable.com/plugins/nnm/8213 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8213 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 29.0 are unpatched against the following vulnerabilities :

 - Use-after-free vulnerabilities in nsHostResolver, imgLoader, and Text Track Manager (for HTML video), which can crash with a potentially exploitable condition (CVE-2014-1532, CVE-2014-1531, CVE-2014-1525)
 - A potentially exploitable out-of-bounds write in Cairo, a potentially exploitable out-of-bounds read issue with Web Audio, and a non-exploitable out-of-bounds read when decoding JPG images (CVE-2014-1528, CVE-2014-1522, CVE-2014-1523)
 - Improper wildcard matching of domains in the Network Security Services (NSS library), which has since been fixed by updating to version 3.16 (CVE-2014-1492)
 - Potential privilege escalation via Xray Wrappers bypass, which can occur if a user used the debugger to interact with a malicious page (CVE-2014-1526)
 - Privilege escalation for scripts when sites that have been granted notification permissions by a user can bypass security checks on source components for the Web Notification API (CVE-2014-1529)
 - Privilege escalation via the Mozilla Maintenance Service Installer, which writes to a globally writeable temporary directory during the update process (Windows only) (CVE-2014-1520)
 - A potentially exploitable buffer overflow when a script uses a non-XBL object as an XBL object (CVE-2014-1524)
 - A cross-site scripting vulnerability using browser navigations through history to load a website with the page's base URI pointing to a different site (CVE-2014-1530)
 - Various memory safety hazards (CVE-2014-1518, CVE-2014-1519)

Solution

Upgrade to Firefox 29.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8213

]]> <![CDATA[Mozilla Firefox < 28.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8171 https://www.tenable.com/plugins/nnm/8171 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8171 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox prior to 28.0 have been patched against multiple vulnerabilities, the most critical of which include:

 - Out-of-bounds read/write access through ArrayBuffer objects, as well as out-of-bounds write access through TypedArrayObject, which enable remote code execution (CVE-2014-1513, CVE-2014-1514)
 - Use-after-free error in TypeObject due to possible memory corruption during Garbage Collection in the JS engine, which can be exploited for arbitrary code execution (CVE-2014-1512)
 - Privilege escalation using Web-IDL to call JS function 'window.open()', as well as a bug allowing bypass of the popup-blocker without user interaction, could allow an attacker to run arbitrary code with full privileges of the browser (CVE-2014-1510, CVE-2014-1511)
 - Out-of-bounds read during polygon rendering in MathML can be leveraged for information disclosure of protected memory address, especially when combined with timing attacks via SVG filters and displacement input to 'feDisplacementMap' (CVE-2014-1505, CVE-2014-1508)
 - Out-of-bounds read access during WAV file decoding could allow web countent to access heap data or cause a crash (CVE-2014-1497)

 - Miscellaneous memory safety hazards (CVE-2014-1493, CVE-2014-1494)

Additionally, numerous other vulnerabilities have been patched. See reference links for details.

Solution

Upgrade to Firefox 28.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8171

]]> <![CDATA[Mozilla Firefox < 27.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8098 https://www.tenable.com/plugins/nnm/8098 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8098 with High Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 27.0 are prone to the following vulnerabilities :

 - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. (CVE-2014-1477, CVE-2014-1478)
 - An error exists related to System Only Wrappers (SOW) and the XML Binding Language (XBL) that could allow XUL content to be disclosed. (CVE-2014-1479)
 - An error exists related to the 'open file' dialog that could allow users to take unintended actions. (CVE-2014-1480)
 - An error exists related to the JavaScript engine and 'window' object handling that has unspecified impact. (CVE-2014-1481)
 - An error exists related to 'RasterImage' and image decoding that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1482)
 - Errors exist related to IFrames, 'document.caretPositionFromPoint' and 'document.elementFromPoint' that could allow cross-origin information disclosure. (CVE-2014-1483)
 - An error exists related to the Content Security Policy (CSP) and XSLT stylesheets that could allow unintended script execution. (CVE-2014-1485)
 - A use-after-free error exists related to image handling and 'imgRequestProxy' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1486)
 - An error exists related to 'web workers' that could allow cross-origin information disclosure. (CVE-2014-1487)
 - An error exists related to 'web workers' and 'asm.js' that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1488)
 - An error exists that could allow webpages to access activate content from the 'about:home' page that could lead to data loss. (CVE-2014-1489)
 - Errors exist related to the included Network Security Services (NSS) libraries, 'NewSessionTicket' handshakes and public Diffie-Hellman values that could allow application crashes and possibly arbitrary code execution. (CVE-2014-1490, CVE-2014-1491)

Solution

Upgrade to Firefox 27.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8098

]]> <![CDATA[Mozilla Firefox < 26.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8070 https://www.tenable.com/plugins/nnm/8070 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8070 with Critical Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 26.0 are prone to the following vulnerabilities :

 - Miscellaneous memory safety hazards (CVE-2013-5609, CVE-2013-5610)
 - Application Installation doorhanger does not get properly dismissed, which can be leveraged to trick a user into installing an application from one site while thinking it originated from another (CVE-2013-5611)
 - Potential XSS vulnerability via cross-domain inheritance of charset (CVE-2013-5612)
 - Sandbox restrictions are not properly applied to nested object elements, which could be leveraged to bypass restrictions (CVE-2013-5614)
 - Use-after-free in event listeners, table editing user interface, synthetic mouse movement can lead to a potentially exploitable crash (CVE-2013-5616, CVE-2013-5613, CVE-2013-5618)
 - Binary search algorithms in the Javascript engine contain potential out-of-bounds array access, though these are not directly exploitable (CVE-2013-5619)
 - Segmentation violation when replacing ordered list elements in a document via script can lead to a potentially exploitable crash (CVE-2013-6671)
 - On Linux systems, clipboard content may be made accessible to web content when a user pastes a selection with a middle-click, which can lead to information disclosure (CVE-2013-6672)
 - Extended validation root certificates remain trusted even if the user has explicitly removes the trust. (CVE-2013-6673)
 - GetElementIC typed arrays can be generated outside observed typesets, with unknown security impact (CVE-2013-5615)
 - Issues in the JPEG image processing library can allow arbitrary memory to be read, as well as cross-domain theft (CVE-2013-6629, CVE-2013-6630)
 - An intermediary CA that is chained up to a root within Mozilla's root store was revoked for supplying an intermediate certificate that allowed a man-in-the-middle proxy to perform traffic management of domain names and IP addresses the certificate holder did not own or control.

Solution

Upgrade to Firefox 26.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8070

]]> <![CDATA[Mozilla Thunderbird < 24.1 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8046 https://www.tenable.com/plugins/nnm/8046 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8046 with Critical Severity

Synopsis

The remote host has an email client installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Thunderbird prior to version 24.1 are prone to the following vulnerabilities :

 - Miscellaneous use-after-free issues in the browsing engine (CVE-2013-5599, CVE-2013-5600, CVE-2013-5601)
 - Memory corruption in the Javascript engine when using workers with direct proxy (CVE-2013-5602)
 - Use-after-free issues when interacting with HTML templates (CVE-2013-5603)
 - Security bypass via iframe injection using PDF.js (CVE-2013-5598)
 - Miscellaneous memory safety issues in the browser engine (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-1739)
 - Address spoofing in the addressbar via SELECT element, which can lead to clickjacking and other spoof attacks (CVE-2013-5593)
 - Access violation due to uninitialized data in XSLT processing (CVE-2013-5604)
 - Potential buffer/memory overflows in the Javascript engine (CVE-2013-5595)
 - Race condition causing a crash on extremely large pages (CVE-2013-5596)
 - A use-after-free issue during state change events when updating the offline cache (CVE-2013-5597)

Solution

Upgrade to Thunderbird 24.1, or later.

Read more at https://www.tenable.com/plugins/nnm/8046

]]> <![CDATA[Mozilla Firefox < 25.0 Multiple Vulnerabilities]]> https://www.tenable.com/plugins/nnm/8044 https://www.tenable.com/plugins/nnm/8044 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8044 with Critical Severity

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Firefox earlier than 25.0 are affected by the following vulnerabilities :

 - Miscellaneous use-after-free issues in the browsing engine (CVE-2013-5599, CVE-2013-5600, CVE-2013-5601)
 - Memory corruption in the Javascript engine when using workers with direct proxy (CVE-2013-5602)
 - Use-after-free issues when interacting with HTML templates (CVE-2013-5603)
 - Security bypass via iframe injection using PDF.js (CVE-2013-5598)
 - Miscellaneous memory safety issues in the browser engine (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-1739)
 - Address spoofing in the addressbar via SELECT element, which can lead to clickjacking and other spoof attacks (CVE-2013-5593)
 - Access violation due to uninitialized data in XSLT processing (CVE-2013-5604)
 - Potential buffer/memory overflows in the Javascript engine (CVE-2013-5595)
 - Race condition causing a crash on extremely large pages (CVE-2013-5596)
 - A use-after-free issue during state change events when updating the offline cache (CVE-2013-5597)

Solution

Upgrade to Firefox 25.0, or later.

Read more at https://www.tenable.com/plugins/nnm/8044

]]> <![CDATA[Mozilla Thunderbird < 24.0]]> https://www.tenable.com/plugins/nnm/8011 https://www.tenable.com/plugins/nnm/8011 Wed, 06 Nov 2019 00:00:00 GMT Nessus Network Monitor Plugin ID 8011 with High Severity

Synopsis

The remote host has an email client installed that is vulnerable to multiple attack vectors.

Description

Versions of Mozilla Thunderbird prior to version 24.0 (or ESR 17.0.9) are prone to the following vulnerabilities :

 - use-after-free vulnerability in the Garbage Collector could allow a remote attacker to execute arbitrary code in the context of the user. (CVE-2013-1738)
 - user-defined getters on DOM proxies would incorrectly get the expando object when accessing the "this" object, which may not be directly exploitable but could lead to incorrect security sensitive decisions. (CVE-2013-1737)
 - Combining lists, floats, and multiple columns in a layout could trigger a potentially exploitable buffer overflow. (CVE-2013-1732)
 - Compartment mismatch when moving XBL-backed nodes into a new document can lead cause a crash (CVE-2013-1730)
 - uninitialized data and variables in the IonMonkey Javascript engine can be used with additional exploits to allow access to previously allocated memory (CVE-2013-1728)
 - the MAR update file is not write-locked when used by the Mozilla Updater, which can allow the altering of the MAR file content after its signature has been checked but before it has been used. (CVE-2013-1726)
 - Calling scope for new Javascript objects with compartments can lead to memory corruption (CVE-2013-1725)
 - A use-after-free vulnerability via the