Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Firefox < 3.0.2 Multiple Vulnerabilities

High

Synopsis

The remote Windows host contains a web browser that is affected by multiple vulnerabilities.

Description

The installed version of Firefox is affected by various security issues :

- An attacker can cause the content window to move while the mouse is being clicked, causing an item to be dragged rather than clicked-on (MFSA 2008-40). - Privilege escalation is possible via 'XPCnativeWrapper' pollution (MFSA 2008-41). - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption (MFSA 2008-42). - Certain BOM characters and low surrogate characters, if HTML-escaped, are stripped from JavaScript code before it is executed, which could allow for cross-site scripting attacks (MFSA 2008-43). - The 'resource: ' protocol allows directory traversal on Linux when using URL-encoded slashes, and it can by used to bypass restrictions on local HTML files (MFSA 2008-44).

Solution

Upgrade to version 3.0.2 or higher.