icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Firefox < 3.5.10 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Firefox earlier than 3.5.10 are potentially affected by multiple vulnerabilities :

- A re-use of a freed object due to scope confusion. (MFSA 2010-25)

- Multiple crashes can result in code execution. (MFSA 2010-26)

- A use-after-free error in nsCycleCollector::MarkRoots(). (MFSA 2010-27)

- Freed object reuse across plugin instances. (MFSA 2010-28)

- A heap buffer overflow in nsGenericDOMDataNode::SetTextInternal. (MFSA 2010-29)

- An integer overflow in XSLT node sorting. (MFSA 2010-30)

The focus() behavior can be used to inject or steal keystrokes. (MFSA 2010-31)

- The 'Content-Disposition: attachment' HTTP header is ignored when 'Content-Type: multipart' is also present. (MFSA 2010-32)

It is possible to reverse engineer the value used to seed Math.random(). (MFSA 2008-33)

Solution

Upgrade to Mozilla Firefox 3.5.10 or later.