Lucene search

K
nessusTenable8070.PRM
HistoryDec 16, 2013 - 12:00 a.m.

Mozilla Firefox < 26.0 Multiple Vulnerabilities

2013-12-1600:00:00
Tenable
www.tenable.com
12

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.026 Low

EPSS

Percentile

90.4%

Versions of Mozilla Firefox earlier than 26.0 are prone to the following vulnerabilities :

  • Miscellaneous memory safety hazards (CVE-2013-5609, CVE-2013-5610)
  • Application Installation doorhanger does not get properly dismissed, which can be leveraged to trick a user into installing an application from one site while thinking it originated from another (CVE-2013-5611)
  • Potential XSS vulnerability via cross-domain inheritance of charset (CVE-2013-5612)
  • Sandbox restrictions are not properly applied to nested object elements, which could be leveraged to bypass restrictions (CVE-2013-5614)
  • Use-after-free in event listeners, table editing user interface, synthetic mouse movement can lead to a potentially exploitable crash (CVE-2013-5616, CVE-2013-5613, CVE-2013-5618)
  • Binary search algorithms in the Javascript engine contain potential out-of-bounds array access, though these are not directly exploitable (CVE-2013-5619)
  • Segmentation violation when replacing ordered list elements in a document via script can lead to a potentially exploitable crash (CVE-2013-6671)
  • On Linux systems, clipboard content may be made accessible to web content when a user pastes a selection with a middle-click, which can lead to information disclosure (CVE-2013-6672)
  • Extended validation root certificates remain trusted even if the user has explicitly removes the trust. (CVE-2013-6673)
  • GetElementIC typed arrays can be generated outside observed typesets, with unknown security impact (CVE-2013-5615)
  • Issues in the JPEG image processing library can allow arbitrary memory to be read, as well as cross-domain theft (CVE-2013-6629, CVE-2013-6630)
  • An intermediary CA that is chained up to a root within Mozilla’s root store was revoked for supplying an intermediate certificate that allowed a man-in-the-middle proxy to perform traffic management of domain names and IP addresses the certificate holder did not own or control.
Binary data 8070.prm
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.026 Low

EPSS

Percentile

90.4%