This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.
The remote Windows host contains a web browser that is affected by
The installed version of Firefox is earlier than 3.0.11. Such versions
are potentially affected by the following security issues :
- Multiple memory corruption vulnerabilities could
potentially be exploited to execute arbitrary code.
- Certain invalid Unicode characters, when used as a part
of IDN, can be displayed as a whitespace in the location
bar. An attacker could exploit this vulnerability to
spoof the location bar. (MFSA 2009-25)
- It may be possible for local resources loaded via
'file:' protocol to access any domain's cookies saved
on a user's system. (MFSA 2009-26)
- It may be possible to tamper with SSL data via non-200
responses to proxy CONNECT requests. (MFSA 2009-27)
- A race condition exists in 'NPObjWrapper_NewResolve'
when accessing the properties of a NPObject, a
wrapped JSObject. This flaw could be potentially
exploited to execute arbitrary code on the remote
system. (MFSA 2009-28)
- If the owner document of an element becomes null after
garbage collection, then it may be possible to execute
An attacker could potentially exploit this vulnerability
- When the 'file:' resource is loaded from the location
bar, the resource inherits the principal of the
previously loaded document. This could potentially allow
unauthorized access to local files. (MFSA 2009-30)
- While loading external scripts into XUL documents
content-loading policies are not checked.
- It may be possible for scripts from page content to
run with elevated privileges. (MFSA 2009-32)
See also :
Upgrade to Firefox 3.0.11 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false
Nessus Plugin ID: 39372 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now