This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
The remote Mac OS X host contains a web browser that is affected by
The installed version of Firefox 3.6 is earlier than 3.6.23. Such
versions are potentially affected by the following security issues :
- An integer underflow exists when handling a large
potentially exploitable crash. (CVE-2011-2998)
- If an attacker could trick a user into holding down the
'Enter' key, via a malicious game, for example, a
malicious application or extension could be downloaded
and executed. (CVE-2011-2372)
- Unspecified errors exist that can be exploited to
corrupt memory. No additional information is available
at this time. (CVE-2011-2995, CVE-2011-2996)
- There is an error in the implementation of the
frames. This can be exploited to bypass the same-origin
policy and potentially conduct cross-site scripting
- A weakness exists when handling the 'Location' header.
This can lead to response splitting attacks when
visiting a vulnerable web server. The same fix has been
applied to the headers 'Content-Length' and
See also :
Upgrade to Firefox 3.6.23 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false
Family: MacOS X Local Security Checks
Nessus Plugin ID: 56376 ()
Bugtraq ID: 498094981049811498454984849849
CVE ID: CVE-2011-2372CVE-2011-2995CVE-2011-2996CVE-2011-2998CVE-2011-2999CVE-2011-3000
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.