Firefox < 3.0.12 Multiple Vulnerabilities

This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The installed version of Firefox is earlier than 3.0.12. Such versions
are potentially affected by the following security issues :

- Multiple memory corruption vulnerabilities could
potentially be exploited to execute arbitrary code.
(MFSA 2009-34)

- It may be possible to crash the browser or potentially
execute arbitrary code by using a flash object that
presents a slow script dialog. (MFSA 2009-35)

- Glyph rendering libraries are affected by multiple heap/
integer overflows. (MFSA 2009-36)

- A vulnerability involving SVG element could be exploited
to crash the browser or execute arbitrary code on the
remote system. (MFSA 2009-37)

- A SOCKS5 proxy that replies with a hostname containing
more than 15 characters can corrupt the subsequent
data stream. This can lead to a denial of service,
though there is reportedly no memory corruption.
(MFSA 2009-38)

- A vulnerability in 'setTimeout' could allow unsafe
access to the 'this' object from chrome code. An
attacker could exploit this flaw to run arbitrary
JavaScript with chrome privileges. (MFSA 2009-39)

- It may be possible for JavaScript from one website
to bypass cross origin wrapper, and unsafely access
properties of an object from another website.
(MFSA 2009-40)

See also :

Solution :

Upgrade to Firefox 3.0.12 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now