Firefox < 3.5.14 Multiple Vulnerabilities

This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The installed version of Firefox is earlier than 3.5.14. Such
versions are potentially affected by the following security issues :

- Multiple memory safety bugs could lead to memory
corruption, potentially resulting in arbitrary
code execution. (MFSA 2010-64)

- By passing an excessively long string to
'document.write', it may be possible to trigger a buffer
overflow condition resulting in arbitrary code execution
on the remote system. (MFSA 2010-65)

- A use-after-free error in nsBarProp could allow
arbitrary code execution on the remote system.
(MFSA 2010-66)

- A dangling pointer vulnerability in LookupGetterOrSetter
could allow arbitrary code execution. (MFSA 2010-67)

- The Gopher parser is affected by a cross-site scripting
vulnerability. (MFSA 2010-68)

- It is possible to steal information from a site in a
different domain using modal calls. (MFSA 2010-69)

- It is possible to establish a valid SSL connection
to a remote host, provided the SSL certificate was
created with a common name containing a wild card
followed by partial IP address of the remote host.
(MFSA 2010-70)

- A function used to load external libraries on Windows
platform could allow loading of unsafe DLLs thus
allowing binary planting attacks. (MFSA 2010-71)

- The SSL implementation allows servers to use
Diffie-Hellman Ephemeral mode (DHE) with a very
short key length. Such key lengths could be easily
breakable with modern hardware. (MFSA 2010-72)

See also :

Solution :

Upgrade to Firefox 3.5.14 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now