icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mozilla Firefox < 3.0.14 / 3.5.3 Multiple Vulnerabilities

Medium

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

The installed version of Mozilla Firefox is earlier than 3.0.14 / 3.5.3. Such versions are potentially affected by multiple issues :

- Multiple memory corruption vulnerabilities in the browser engine. (MFSA 2009-47) - When security modules are added or removed via pkcs11.addmodule or pkcs11.deletemodule, the resulting dialogue was not sufficiently informative which could lead an attacker to entice a victim to install a malicious PKCS11 module. Note that Firefox 3.5.x releases are not affected. (MFSA 2009-38) - The columns of a XUL tree element could be manipulated in a particular way which would leave a pointer owned by the column pointing to freed memory. (MFSA 2009-49) - The default Windows font used to render the locationbar and other text fields was improperly displaying certain Unicode characters with tall line-height. (MFSA 2009-50) - The 'BrowserFeedWriter' could be leveraged to run JavaScript code from web content with elevated privileges. (MFSA 2009-51)

Solution

Upgrade to Mozilla Firefox 3.5.3/3.0.14 or later.