Firefox 3.x < 3.0.1 Multiple Vulnerabilities

This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The installed version of Firefox is affected by various security
issues :

- By creating a very large number of references to a
common CSS object, an attacker can overflow the CSS
reference counter, causing a crash when the browser
attempts to free the CSS object while still in use
and allowing for arbitrary code execution
(MFSA 2008-34).

- If Firefox is not already running, passing it a
command-line URI with pipe ('|') symbols will open
multiple tabs, which could be used to launch
'chrome:i' URIs from the command-line or to pass URIs
to Firefox that would normally be handled by a vector
application (MFSA 2008-35).

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2008-34/
https://www.mozilla.org/en-US/security/advisories/mfsa2008-35/

Solution :

Upgrade to Firefox 3.0.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.3
(CVSS2#E:ND/RL:U/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 33522 ()

Bugtraq ID: 29802
30242
30244

CVE ID: CVE-2008-2785
CVE-2008-2933
CVE-2008-3198

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now