Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Pale Moon < 24.3.2 Unspecified Security Vulnerability

High

Synopsis

The remote host was detected running an outdated version of Pale Moon.

Description

Versions of Pale Moon browser earlier than 24.3.2 are outdated and thus unpatched for a buffer overflow. A flaw exists in the function 'cairo_dwrite_load_truetype_table()' in 'cairo-dwrite-font.cpp' that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to trigger a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

Solution

Upgrade to Pale Moon browser version 24.3.2, or later.