Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_FIREFOX_24_6_ESR.NASL
HistoryJun 11, 2014 - 12:00 a.m.

Firefox ESR 24.x < 24.6 Multiple Vulnerabilities (Mac OS X)

2014-06-1100:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
JSON

The version of Firefox ESR 24.x installed on the remote Mac OS X host is prior to 24.6 and is, therefore, affected by the following vulnerabilities :

  • A memory issue exists that could lead to arbitrary code execution. Note that this issue only affects Firefox ESR 24.5. (CVE-2014-1533)

  • Use-after-free memory issues exist in ‘nsTextEditRules::CreateMozBR’ and the SMIL Animation Controller that could lead to code execution.
    (CVE-2014-1538, CVE-2014-1541)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(74436);
  script_version("1.5");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id("CVE-2014-1533", "CVE-2014-1538", "CVE-2014-1541");
  script_bugtraq_id(67965, 67976, 67979);

  script_name(english:"Firefox ESR 24.x < 24.6 Multiple Vulnerabilities (Mac OS X)");
  script_summary(english:"Checks version of Firefox.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Mac OS X host contains a web browser that is potentially
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox ESR 24.x installed on the remote Mac OS X host
is prior to 24.6 and is, therefore, affected by the following
vulnerabilities :

  - A memory issue exists that could lead to arbitrary code
    execution. Note that this issue only affects Firefox
    ESR 24.5. (CVE-2014-1533)

  - Use-after-free memory issues exist in
    'nsTextEditRules::CreateMozBR' and the SMIL Animation
    Controller that could lead to code execution.
    (CVE-2014-1538, CVE-2014-1541)");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-48.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-49.html");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/security/announce/2014/mfsa2014-52.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Firefox ESR 24.6 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1541");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_firefox_installed.nasl");
  script_require_keys("MacOSX/Firefox/Installed");

  exit(0);
}

include("mozilla_version.inc");

kb_base = "MacOSX/Firefox";
get_kb_item_or_exit(kb_base+"/Installed");

version = get_kb_item_or_exit(kb_base+"/Version", exit_code:1);
path = get_kb_item_or_exit(kb_base+"/Path", exit_code:1);

is_esr = get_kb_item(kb_base+"/is_esr");
if (isnull(is_esr)) audit(AUDIT_NOT_INST, "Mozilla Firefox ESR");

mozilla_check_version(product:'firefox', version:version, path:path, esr:TRUE, fix:'24.6', min:'24.0', severity:SECURITY_HOLE, xss:FALSE);
VendorProductVersionCPE
mozillafirefox_esrcpe:/a:mozilla:firefox_esr

Related

openvas 26
veracode 3
nessus 27
mageia 2
centos 2
oraclelinux 2
redhat 2
ubuntu 2
osv 2
debian 2
suse 6
prion 3
ubuntucve 3
cve 3
mozilla 3
ibm 2
securityvulns 2
freebsd 1
gentoo 1
openvas
openvas
CentOS Update for thunderbird CESA-2014:0742 centos5
2014-06-17 00:00:00
Mozilla Firefox ESR Multiple Vulnerabilities-01 July14 (Windows)
2014-07-01 00:00:00
CentOS Update for thunderbird CESA-2014:0742 centos6
2014-06-17 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:58:34
Use-After-Free
2019-05-02 04:58:34
Remote Code Execution (RCE)
2019-01-15 08:53:46
nessus
nessus
CentOS 5 / 6 : firefox (CESA-2014:0741)
2014-06-12 00:00:00
Ubuntu 14.04 LTS : Thunderbird vulnerabilities (USN-2250-1)
2014-06-20 00:00:00
Oracle Linux 5 / 6 / 7 : firefox (ELSA-2014-0741)
2014-06-11 00:00:00
mageia
mageia
Updated firefox & thunderbird packages fix multiple security vulnerabilities
2014-06-11 21:13:59
Updated iceape package fixes security vulnerabilities
2014-10-23 17:27:57
centos
centos
firefox security update
2014-06-11 10:49:01
thunderbird security update
2014-06-11 10:54:29
oraclelinux
oraclelinux
thunderbird security update
2014-06-10 00:00:00
firefox security update
2014-06-10 00:00:00
redhat
redhat
(RHSA-2014:0741) Critical: firefox security update
2014-06-10 00:00:00
(RHSA-2014:0742) Important: thunderbird security update
2014-06-10 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2014-06-19 00:00:00
Firefox vulnerabilities
2014-06-11 00:00:00
osv
osv
iceweasel - security update
2014-06-11 00:00:00
icedove - security update
2014-06-16 00:00:00
debian
debian
[SECURITY] [DSA 2955-1] iceweasel security update
2014-06-11 14:33:41
[SECURITY] [DSA 2960-1] icedove security update
2014-06-16 17:13:24
suse
suse
Security update for MozillaFirefox (important)
2014-06-21 01:04:47
Security update for MozillaFirefox (important)
2014-06-25 00:04:17
Security update for Mozilla Firefox (important)
2014-07-17 02:04:25
prion
prion
Memory corruption
2014-06-11 10:57:00
Design/Logic Flaw
2014-06-11 10:57:00
Design/Logic Flaw
2014-06-11 10:57:00
ubuntucve
ubuntucve
CVE-2014-1541
2014-06-11 00:00:00
CVE-2014-1533
2014-06-11 00:00:00
CVE-2014-1538
2014-06-11 00:00:00
cve
cve
CVE-2014-1533
2014-06-11 10:57:00
CVE-2014-1541
2014-06-11 10:57:00
CVE-2014-1538
2014-06-11 10:57:00
mozilla
mozilla
Use-after-free with SMIL Animation Controller — Mozilla
2014-06-10 00:00:00
Miscellaneous memory safety hazards (rv:30.0 / rv:24.6) — Mozilla
2014-06-10 00:00:00
Use-after-free and out of bounds issues found using Address Sanitizer — Mozilla
2014-06-10 00:00:00
ibm
ibm
Security Bulletin: Mozilla firefox vulnerability issues on IBM SONAS (CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
2018-06-18 00:08:33
Security Bulletin: IBM Storwize V7000 Unified security vulnerabilities related to Mozilla Firefox (CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
2018-06-18 00:08:28
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2014-06-13 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2014-06-10 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
JSON
Related for MACOSX_FIREFOX_24_6_ESR.NASL
openvas26veracode3nessus27mageia2centos2oraclelinux2redhat2ubuntu2osv2debian2suse6prion3ubuntucve3cve3mozilla3ibm2securityvulns2freebsd1gentoo1