Firefox < 3.0.10 Multiple Vulnerabilities

high Nessus Plugin ID 38200

Synopsis

The remote Windows host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Firefox installed on the remote host is earlier than 3.0.10. Such versions have multiple vulnerabilities :

- An error in function '@nsTextFrame::ClearTextRun()' could corrupt the memory. Successful exploitation of this issue may allow arbitrary code execution on the remote system. Note this reportedly only affects 3.0.9. (MFSA 2009-23)

- The browser processes a 3xx HTTP CONNECT response before a successful SSL handshake, which could allow a man-in- the-middle attacker to execute arbitrary web script in the context of a HTTPS server. (CVE-2009-2061)

Solution

Upgrade to Firefox 3.0.10 or later.

See Also

https://www.microsoft.com/en-us/research/publication/pretty-bad-proxy-an-overlooked-adversary-in-browsers-https-deployments/?from=http%3A%2F%2Fresearch.microsoft.com%2Fapps%2Fpubs%2Fdefault.aspx%3Fid%3D79323

https://www.mozilla.org/en-US/security/advisories/mfsa2009-23/

Plugin Details

Severity: High

ID: 38200

File Name: mozilla_firefox_3010.nasl

Version: 1.18

Type: local

Agent: windows

Family: Windows

Published: 4/28/2009

Updated: 11/15/2018

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Required KB Items: Mozilla/Firefox/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/27/2009

Reference Information

CVE: CVE-2009-1313, CVE-2009-2061

BID: 34743, 35412

CWE: 310, 399

Secunia: 34866