Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mozilla Firefox Security Updates(mfsa_2017-10_2017-12)-MAC OS X
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Insight
Insight
The multiple flaws exists due to, - An use-after-free in SMIL animation functions, - An use-after-free during transaction processing in the editor, - An uut-of-bounds write with malicious font in Graphite 2, - An Out-of-bounds write in Base64 encoding in NSS, - The buffer overflow in WebGL, - The origin confusion when reloading isolated data:text/html URL, - An use-after-free during focus handling, - An use-after-free in text input selection, - An use-after-free in frame selection, - An use-after-free in nsAutoPtr during XSLT processing, - An use-after-free in nsTArray Length() during XSLT processing, - An use-after-free in txExecutionState destructor during XSLT processing, - An use-after-free with selection during scroll events, - An use-after-free during style changes, - The memory corruption with accessibility and DOM manipulation, - The out-of-bounds write during BinHex decoding, - The buffer overflow while parsing application/http-index-format content, - An out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data, - An out-of-bounds read during glyph processing, - An out-of-bounds read in ConvolvePixel, - An out-of-bounds write in ClearKeyDecryptor, - The vulnerabilities in Libevent library, - The sandbox escape allowing file system read access through file picker, - The sandbox escape through internal feed reader APIs, - The sandbox escape allowing local file system access, - The Potential Buffer overflow in flex-generated code, - An uninitialized values used while parsing application/http-index-format content, - The crash during bidirectional unicode manipulation with animation, - An addressbar spoofing using javascript: URI on Firefox for Android, - An addressbar spoofing with onblur event, - The DRBG flaw in NSS, - The memory corruption when drawing Skia content, - The addressbar spoofing during scrolling with editable content on Firefox for Android, - The HTML injection into RSS Reader feed preview page through TITLE element, - The drag and drop of javascript: URLs can allow for self-XSS, - An incorrect ownership model for Private Browsing information and - The memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1.
Affected Software
Affected Software
Mozilla Firefox version before 53.0 on MAC OS X.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Upgrade to Mozilla Firefox version 53.0 or later.
Common Vulnerabilities and Exposures (CVE)
- CVE-2017-5433
- CVE-2017-5435
- CVE-2017-5436
- CVE-2017-5461
- CVE-2017-5459
- CVE-2017-5466
- CVE-2017-5434
- CVE-2017-5432
- CVE-2017-5460
- CVE-2017-5438
- CVE-2017-5439
- CVE-2017-5440
- CVE-2017-5441
- CVE-2017-5442
- CVE-2017-5464
- CVE-2017-5443
- CVE-2017-5444
- CVE-2017-5446
- CVE-2017-5447
- CVE-2017-5465
- CVE-2017-5448
- CVE-2017-5437
- CVE-2016-1019
- CVE-2017-5454
- CVE-2017-5455
- CVE-2017-5456
- CVE-2017-5469
- CVE-2016-6354
- CVE-2017-5445
- CVE-2017-5449
- CVE-2017-5450
- CVE-2017-5451
- CVE-2017-5462
- CVE-2017-5463
- CVE-2017-5467
- CVE-2017-5452
- CVE-2017-5453
- CVE-2017-5458
- CVE-2017-5468
- CVE-2017-5430
- CVE-2017-5429