Mozilla Firefox 7.0 Multiple Vulnerabilities

High Log Correlation Engine Plugin ID 801321

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Versions of Firefox 7.0 are potentially affected by the following security issues :

- Certain invalid sequences are not handled properly in 'Shift-JIS' encoding and can allow cross-site scripting attacks. (CVE-2011-3648)

- The addition of the 'Azure' graphics functionality re-introduced a cross-origin information disclosure issue previously described in CVE-2011-2986. (CVE-2011-3649)

- Profiling JavaScript files with many functions can cause the application to crash. It may be possible to trigger this behavior even when the debugging APIs are not being used. (CVE-2011-3650)

- Multiple memory safety issues exist. (CVE-2011-3651)

- An unchecked memory allocation failure can cause the application to crash. (CVE-2011-3652)

- An issue with WebGL graphics and GPU drivers can allow cross-origin image theft. (CVE-2011-3653)

- An error exists related to SVG 'mpath' linking to a non-SVG element and can result in potentially exploitable application crashes. (CVE-2011-3654)

- An error in internal privilege checking can allow web content to obtain elevated privileges. (CVE-2011-3655)

Solution

Upgrade to Firefox 8.0 or later.

Mozilla Firefox 7.0 Multiple Vulnerabilities

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

Vulnerability Information

Reference Information