icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mozilla Firefox < 3.0.15 / 3.5.4 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

The remote host has a version of Mozilla Firefox earlier than 3.0.15 / 3.5.4 installed. Such versions are potentially affected by multiple vulnerabilities :

- A user's form history, both from web content as well as the smart location bar, was vulnerable to theft. (MFSA 2009-52)

- The file naming scheme used for downloading a file which already exists in the download folder is predictable. An attacker with local access could exploit this to trick the browser into opening the incorrect downloaded file. (MFSA 2009-53)

- Recursive creation of JavaScript web-workers can be used to create a set of objects whose memory could be freed prior to their use. Note that this only affects Firefox 3.5.x. (MFSA 2009-54)

- A flaw exists in the parsing of regular expressions used in Proxy Auto-configuration (PAC) files. (MFSA 2009-55)

- A heap-based overflow exists in Mozilla's GIF image parser. (MFSA 2009-56)

- The XPCOM utility 'XPCVariant: : VariantDataToJS' unwrapped doubly-wrapped objects before returning them to chrome callers which could lead to chrome privileged code calling methods on an object which had previously been created or modified by web content. (MFSA 2009-57)

- A heap-based overflow exists in Mozilla's string to floating point number conversion routines. (MFSA 2009-59)

- The text within a selection on a web page can be read by JavaScript in a different domain using the 'document.getSelection' function, violating the same-origin policy. (MFSA 2009-61)

- When downloading a file containing a right-to-left override character (RTL) in the filename, the name displayed in the dialog title bar conflicts with the name of the file shown in the dialog body. (MFSA 2009-62)

- Multiple memory safety and stability bugs exist in the 'liboggz', 'libvorbis', and 'liboggplay' libraries. Note that this issue only affects Firefox 3.5.x. (MFSA 2009-63)

- Several memory corruption issues exist in the browser engine. (MFSA 2009-64)

Solution

Upgrade to Mozilla Firefox 3.0.15, 3.5.4, or later.