icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Mozilla Firefox < 13.0 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Firefox prior to 13.0 are potentially affected by the following security issues :

- An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. (CVE-2012-0441) - Multiple memory corruption errors exist. (CVE-2012-1937, CVE-2012-1038) - Two heap-based buffer overflows and one heap-based use-after-free error exist and are potentially exploitable. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947) - Two arbitrary DLL load issues exist related to the application update and update service functionality. (CVE-2012-1942, CVE-2012-1943) - The inline-script blocking feature of the 'Content Security Policy' (CSP) does not properly block inline event handlers. This error allows remote attackers to more easily carry out cross-site scripting attacks. (CVE-2012-1944) - A use-after-free error exists related to replacing or inserting a node into a web document. (CVE-2012-1946)

Solution

Upgrade to Firefox 13.0 or later.