icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Firefox < 3.0.13/3.5.0 Multiple Vulnerabilities

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The installed version of Firefox is earlier than 3.0.13/3.5.0. Such versions are reportedly potentially affected by the following security issues :

- The browser can be fooled into trusting a malicious SSL server certificate with a null character in the host name. (MFSA 2009-42)

- A heap overflow in the code that handles regular expressions in certificate names can lead to arbitrary code execution. (MFSA 2009-43)

Solution

Upgrade to Firefox 3.5.0/3.0.13 or later.