This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.
The remote Windows host contains a web browser that is affected by
The installed version of Firefox is affected by various security
- By creating a very large number of references to a
common CSS object, an attacker can overflow the CSS
reference counter, causing a crash when the browser
attempts to free the CSS object while still in use
and allowing for arbitrary code execution
- If Firefox is not already running, passing it a
command-line URI with pipe ('|') symbols will open
multiple tabs, which could be used to launch
'chrome:i' URIs from the command-line or to pass URIs
to Firefox that would normally be handled by a vector
application (MFSA 2008-35).
See also :
Upgrade to Firefox 18.104.22.168 / 3.0.1 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false