Tenable701245.PRMMozilla Firefox ESR < 24.6 Multiple Vulnerabilities
Versions of Mozilla Firefox ESR prior to 24.6 are unpatched against the following vulnerabilities :
- Buffer overflows due to insufficient input validation in Gamepad API and Web Audio Speex resampler, which can be leveraged to execute arbitrary code or cause denial of service conditions (CVE-2014-1543, CVE-2014-1542)
- Use-after-free errors in SMIL Animation Controller, Event Listener Manager, and various other locations, which may be triggered via web content to cause a potentially exploitable crash (CVE-2014-1540, CVE-2014-1539, CVE-2014-1536, CVE-2014-1537)
- Clickjacking through cursor invisibility when the cursor leaves the embedded flash object (OS X platform only) (CVE-2014-1539)
- Miscellaneous memory safety hazards (CVE-2014-1533, CVE-2014-1534)
Binary data 701245.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| mozilla | firefox_esr | cpe:/a:mozilla:firefox_esr |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1534
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1536
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1540
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1542
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1543
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545
www.mozilla.org/security/announce/2014/mfsa2014-48.html
www.mozilla.org/security/announce/2014/mfsa2014-49.html
www.mozilla.org/security/announce/2014/mfsa2014-50.html
www.mozilla.org/security/announce/2014/mfsa2014-51.html
www.mozilla.org/security/announce/2014/mfsa2014-52.html
www.mozilla.org/security/announce/2014/mfsa2014-53.html
www.mozilla.org/security/announce/2014/mfsa2014-54.html
www.mozilla.org/security/announce/2014/mfsa2014-55.html
Related
