icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mozilla Firefox 3.6.x < 3.6.13 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Firefox 3.6.x earlier than 3.6.13 are potentially affected by multiple vulnerabilities :

- Multiple memory corruption issues could lead to arbitrary code execution. (MFSA 2010-74) - On the Windows platform, when 'document.write()' is called witha very long string a buffer voerflow could be triggered. (MFSA 2010-75) - A privilege escalation vulnerability exists with 'window.open' and the '<isindex>' element. (MFSA 2010-76) - Arbitrary code execution is possible when using HTML tags inside a XUL tree. (MFSA 2010-77) - Downloadable fonts could expose vulnerabilities in the underlying OS font code. (MFSA 2010-78) - A Java security bypass vulnerability when LiveConnect is loaded via a 'data:' URL meta refresh. (MFSA 2010-79) - A use-after free error exists with nsDOMAttribute MutationObserver. (MFSA 2010-80) - An integer overflow exists in NewIdArray. (MFSA 2010-81) - It is possible to circumvent the fix for CVE-2010-0179. (MFSA 2010-82) - It is possible to spoof SSL in the location bar using the network error page. (MFSA 2010-83) - A cross-site scripting hazard exists in multiple character encodings. (MFSA 2010-84)

Solution

Upgrade to Firefox 3.6.13 or later.