Firefox 3.x < 3.0.1 Multiple Vulnerabilities

This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The installed version of Firefox is affected by various security
issues :

- By creating a very large number of references to a
common CSS object, an attacker can overflow the CSS
reference counter, causing a crash when the browser
attempts to free the CSS object while still in use
and allowing for arbitrary code execution
(MFSA 2008-34).

- If Firefox is not already running, passing it a
command-line URI with pipe ('|') symbols will open
multiple tabs, which could be used to launch
'chrome:i' URIs from the command-line or to pass URIs
to Firefox that would normally be handled by a vector
application (MFSA 2008-35).

See also :

Solution :

Upgrade to Firefox 3.0.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 9.3
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 33522 ()

Bugtraq ID: 29802

CVE ID: CVE-2008-2785

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now