Firefox 3.5.x < 3.5.2 Multiple Vulnerabilities

This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The installed version of Firefox 3.5 is earlier than 3.5.2. Such
versions are potentially affected by the following security issues :

- A SOCKS5 proxy that replies with a hostname containing
more than 15 characters can corrupt the subsequent
data stream. This can lead to a denial of service,
though there is reportedly no memory corruption.
(MFSA 2009-38)

- The location bar and SSL indicators can be spoofed
by calling window.open() on an invalid URL. A remote
attacker could use this to perform a phishing attack.
(MFSA 2009-44)

- Unspecified JavaScript-related vulnerabilities can lead
to memory corruption, and possibly arbitrary execution
of code. (MFSA 2009-45, MFSA 2009-47)

- If an add-on has a 'Link:' HTTP header when it is installed,
the window's global object receives an incorrect security
wrapper, which could lead to arbitrary JavaScript being
executed with chrome privileges. (MFSA 2009-46)

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2009-38/
https://www.mozilla.org/en-US/security/advisories/mfsa2009-44/
https://www.mozilla.org/en-US/security/advisories/mfsa2009-45/
https://www.mozilla.org/en-US/security/advisories/mfsa2009-46/
https://www.mozilla.org/en-US/security/advisories/mfsa2009-47/

Solution :

Upgrade to Firefox 3.5.2 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now