This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.
The remote Windows host contains a web browser that is affected by
The installed version of Firefox is earlier than 3.0.12. Such versions
are potentially affected by the following security issues :
- Multiple memory corruption vulnerabilities could
potentially be exploited to execute arbitrary code.
- It may be possible to crash the browser or potentially
execute arbitrary code by using a flash object that
presents a slow script dialog. (MFSA 2009-35)
- Glyph rendering libraries are affected by multiple heap/
integer overflows. (MFSA 2009-36)
- A vulnerability involving SVG element could be exploited
to crash the browser or execute arbitrary code on the
remote system. (MFSA 2009-37)
- A SOCKS5 proxy that replies with a hostname containing
more than 15 characters can corrupt the subsequent
data stream. This can lead to a denial of service,
though there is reportedly no memory corruption.
- A vulnerability in 'setTimeout' could allow unsafe
access to the 'this' object from chrome code. An
attacker could exploit this flaw to run arbitrary
to bypass cross origin wrapper, and unsafely access
properties of an object from another website.
See also :
Upgrade to Firefox 3.0.12 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true
Nessus Plugin ID: 40351 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now