Firefox < 3.0.10 Multiple Vulnerabilities
High Nessus Plugin ID 38200
SynopsisThe remote Windows host contains a web browser that is affected by multiple vulnerabilities.
DescriptionThe version of Firefox installed on the remote host is earlier than 3.0.10. Such versions have multiple vulnerabilities :
- An error in function '@nsTextFrame::ClearTextRun()' could corrupt the memory. Successful exploitation of this issue may allow arbitrary code execution on the remote system. Note this reportedly only affects 3.0.9. (MFSA 2009-23)
- The browser processes a 3xx HTTP CONNECT response before a successful SSL handshake, which could allow a man-in- the-middle attacker to execute arbitrary web script in the context of a HTTPS server. (CVE-2009-2061)
SolutionUpgrade to Firefox 3.0.10 or later.