Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Firefox 3.6.x < 3.6.4 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Firefox 3.6.x earlier than 3.6.4 are potentially affected by multiple vulnerabilities :

- Multiple crashes can result in code execution. (MFSA 2010-26)

- Freed object reuse across plugin instances. (MFSA 2010-28)

- A heap buffer overflow in nsGenericDOMDataNode::SetTextInternal. (MFSA 2010-29)

- An integer overflow in XSLT node sorting. (MFSA 2010-30)

The focus() behavior can be used to inject or steal keystrokes. (MFSA 2010-31)

- The 'Content-Disposition: attachment' HTTP header is ignored when 'Content-Type: multipart' is also present. (MFSA 2010-32)

It is possible to reverse engineer the value used to seed Math.random(). (MFSA 2008-33)

Solution

Upgrade to Mozilla Firefox 3.6.4 or later.