Firefox 3.5.x < 3.5.4 Multiple Vulnerabilities

This script is Copyright (C) 2009-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The installed version of Firefox 3.5 is earlier than 3.5.4. Such
versions are potentially affected by the following security issues :

- It may be possible for a malicious web page to
steal form history. (MFSA 2009-52)

- By predicting the filename of an already
downloaded file in the downloads directory, a
local attacker may be able to trick the browser
into opening an incorrect file. (MFSA 2009-53)

- Recursive creation of JavaScript web-workers
could crash the browser or allow execution of
arbitrary code on the remote system.
(MFSA 2009-54)

- Provided the browser is configured to use Proxy
Auto-configuration it may be possible for an
attacker to crash the browser or execute
arbitrary code. (MFSA 2009-55)

- Mozilla's GIF image parser is affected by a
heap-based buffer overflow. (MFSA 2009-56)

- A vulnerability in XPCOM utility
'XPCVariant::VariantDataToJS' could allow
executing arbitrary JavaScript code with chrome
privileges. (MFSA 2009-57)

- A vulnerability in Mozilla's string to floating
point number conversion routine could allow
arbitrary code execution on the remote system.
(MFSA 2009-59)

- It may be possible to read text from a web page
using JavaScript function 'document.getSelection()
from a different domain. (MFSA 2009-61)

- If a file contains right-to-left override
character (RTL) in the filename it may be possible
for an attacker to obfuscate the filename and
extension of the file being downloaded.
(MFSA 2009-62)

- Multiple memory safety bugs in media libraries
could potentially allow arbitrary code execution.
(MFSA 2009-63)

- Multiple memory corruption vulnerabilities could
potentially allow arbitrary code execution.
(MFSA 2009-64)

See also :

Solution :

Upgrade to Firefox 3.5.4 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 9.3
Public Exploit Available : false