icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mozilla Firefox < 3.0.19 Multiple Vulnerabilities

Medium

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

The remote host is running a version of Mozilla Firefox earlier than 3.0.19. Such versions are potentially affected by multiple security issues :

- Multiple crashes can result in arbitrary code execution. (MFSA 2010-16) - A select event handler for XUL tree items can be called after the item is deleted. (MFSA 2010-17) - An error exists in the way '<option>' elements are inserted into a XUL tree '<optgroup>'. (MFSA 2010-18) - An error exists in the implementation of the 'windows.navigator.plugins' object. (MFSA 2010-19) - A browser applet can be used to turn a simple mouse click into a drag-and-drop action, potentially resulting in the unintended loading of resources in a user's browser. (MFSA 2010-20) - The XMLHttpRequestSpy module in the Firebug add-on exposes an underlying chrome privilege escalation vulnerability. (MFSA 2010-21)

Solution

Upgrade to Mozilla Firefox 3.0.19 or later.