icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Pale Moon < 24.3.2 Unspecified Security Vulnerability

High

Synopsis

The remote host was detected running an outdated version of Pale Moon.

Description

Versions of Pale Moon browser earlier than 24.3.2 are outdated and thus unpatched for a buffer overflow. A flaw exists in the function 'cairo_dwrite_load_truetype_table()' in 'cairo-dwrite-font.cpp' that is triggered as user-supplied input is not properly validated. This may allow a context-dependent attacker to trigger a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

Solution

Upgrade to Pale Moon browser version 24.3.2, or later.