Synopsis
The remote host is vulnerable to multiple attack vectors
Description
The installed version of Firefox is earlier than 3.0.12. Such versions are potentially affected by the following security issues :
- Multiple memory corruption vulnerabilities could potentially be exploited to execute arbitrary code. (MFSA 2009-34)
- It may be possible to crash the browser or potentially execute arbitrary code by using a flash object that presents a slow script dialog. (MFSA 2009-35)
- Glyph rendering libraries are affected by multiple heap/integer overflows. (MFSA 2009-36)
- A vulnerability involving SVG element could be exploited to crash the browser or execute arbitrary code on the remote system. (MFSA 2009-37)
- A vulnerability in 'setTimeout' could allow unsafe access to the 'this' object from chrome code. An attacker could exploit this flaw to run arbitrary JavaScript with chrome privileges. (MFSA 2009-39)
- It may be possible for JavaScript from one website to bypass cross-origin wrapper, and unsafely access properties of an object from another website. (MFSA 2009-40)
Solution
Upgrade to Firefox 3.0.12 or later.