 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.805217 |
| Categoría: | General |
| Título: | Mozilla Firefox Multiple Vulnerabilities-01 Dec14 (Mac OS X) |
| Resumen: | This host is installed with Mozilla Firefox; and is prone to multiple vulnerabilities. |
| Descripción: | Summary: This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - The CoreGraphics framework logging potentially sensitive input data to the /tmp directory. - A bad cast issue from the BasicThebesLayer to BasicContainerLayer. - An error when parsing media content within the 'mozilla::FileBlockCache::Read' function. - A use-after-free error when parsing certain HTML within the 'nsHtml5TreeOperation' class. - An error that is triggered when handling JavaScript objects that are passed to XMLHttpRequest that mimics an input stream. - An error that is triggered when handling a CSS stylesheet that has its namespace improperly declared. - Multiple unspecified errors. - An error when filtering object properties via XrayWrappers. - An error when passing Chrome Object Wrappers (COW) protected chrome objects as native interfaces. Vulnerability Impact: Successful exploitation will allow attackers to disclose potentially sensitive information, compromise a user's system, bypass certain security restrictions and other unknown impacts. Affected Software/OS: Mozilla Firefox before version 34.0 on Mac OS X Solution: Upgrade to Mozilla Firefox version 34.0 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-1595 http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://www.reddit.com/r/netsec/comments/2ocxac/apple_coregraphics_framework_on_os_x_1010_is/ Common Vulnerability Exposure (CVE) ID: CVE-2014-1594 BugTraq ID: 71396 http://www.securityfocus.com/bid/71396 Debian Security Information: DSA-3090 (Google Search) http://www.debian.org/security/2014/dsa-3090 Debian Security Information: DSA-3092 (Google Search) http://www.debian.org/security/2014/dsa-3092 https://security.gentoo.org/glsa/201504-01 SuSE Security Announcement: openSUSE-SU-2015:0138 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1593 BugTraq ID: 71395 http://www.securityfocus.com/bid/71395 Common Vulnerability Exposure (CVE) ID: CVE-2014-1592 BugTraq ID: 71398 http://www.securityfocus.com/bid/71398 Common Vulnerability Exposure (CVE) ID: CVE-2014-1590 BugTraq ID: 71397 http://www.securityfocus.com/bid/71397 Common Vulnerability Exposure (CVE) ID: CVE-2014-1589 Common Vulnerability Exposure (CVE) ID: CVE-2014-1588 Common Vulnerability Exposure (CVE) ID: CVE-2014-1587 BugTraq ID: 71391 http://www.securityfocus.com/bid/71391 Common Vulnerability Exposure (CVE) ID: CVE-2014-8632 Common Vulnerability Exposure (CVE) ID: CVE-2014-8631 |
| Copyright | Copyright (C) 2014 Greenbone Networks GmbH |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |