icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Firefox < 3.0.1 Multiple Vulnerabilities

High

Synopsis

The remote Windows host contains a web browser that is affected by multiple vulnerabilities.

Description

The installed version of Firefox is affected by various security issues :

- By creating a very large number of references to a common CSS object, an attacker can overflow the CSS reference counter, causing a crash when the browser attempts to free the CSS object while still in use and allowing for arbitrary code execution (MFSA 2008-34). - If Firefox is not already running, passing it a command-line URI with pipe ('|') symbols will open multiple tabs, which could be used to launch 'chrome:i' URIs from the command-line or to pass URIs to Firefox that would normally be handled by a vector application (MFSA 2008-35).

Solution

Upgrade to version 3.0.1 or higher.