Firefox 10.0.x < 10.0.8 Multiple Vulnerabilities

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description :

The installed version of Firefox 10.0.x is affected by the following
vulnerabilities :

- Several memory safety bugs exist in the browser engine
used in Mozilla-based products that could be exploited
to execute arbitrary code. (CVE-2012-3983)

- Some methods of a feature used for testing
(DOMWindowUtils) are not properly protected and may be
called through script by web pages. (CVE-2012-3986)

- A potentially exploitable denial of service may be
caused by a combination of invoking full-screen mode and
navigating backwards in history. (CVE-2012-3988)

- When the 'GetProperty' function is invoked through JSAP,
security checking can by bypassed when getting cross-
origin properties, potentially allowing arbitrary code
execution. (CVE-2012-3991)

- The 'location' property can be accessed by binary
plugins through 'top.location' and 'top' can be shadowed
by 'Object.defineProperty', potentially allowing cross-
site scripting attacks through plugins. (CVE-2012-3994)

- The Chrome Object Wrapper (COW) has flaws that could
allow access to privileged functions, allowing for cross-
site scripting attacks or arbitrary code execution.
(CVE-2012-3993, CVE-2012-4184)

- The 'location.hash' property is vulnerable to an attack
that could allow an attacker to inject script or
intercept post data. (CVE-2012-3992)

- The 'Address Sanitizer' tool is affected by multiple,
potentially exploitable use-after-free flaws.
(CVE-2012-3990, CVE-2012-3995, CVE-2012-4179,
CVE-2012-4180, CVE-2012-4181, CVE-2012-4182,

- The 'Address Sanitizer' tool is affected by multiple,
potentially exploitable heap memory corruption issues.
(CVE-2012-4185, CVE-2012-4186, CVE-2012-4187,

See also :

Solution :

Upgrade to Firefox 10.0.8 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.3
Public Exploit Available : true