Ubuntu Security Notice (C) 2012-2014 Canonical, Inc. / NASL script (C) 2012-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian
Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse
Ruderman, Marcia Knous, and Rober Longson discovered several memory
safety issues which could possibly be exploited to crash Firefox or
execute arbitrary code as the user that invoked Firefox.
Aki Helin discovered a crash in the YARR regular expression library
It was discovered that a flaw in the Mozilla SVG implementation could
result in an out-of-bounds memory access if SVG elements were removed
during a DOMAttrModified event handler. An attacker could potentially
exploit this vulnerability to crash Firefox. (CVE-2011-3658)
Mario Heiderich discovered it was possible to use SVG animation
disabled. A malicious web page could potentially exploit this to trick
a user into interacting with a prompt thinking it came from the
browser in a context where the user believed scripting was disabled.
It was discovered that it was possible to crash Firefox when scaling
an OGG <video> element to extreme sizes. (CVE-2011-3665).
Update the affected firefox package.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : true