New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 8.9
SynopsisThe remote Windows host contains a web browser that is affected by multiple flaws.
DescriptionFirefox 3.5 is installed on the remote host. This version is potentially affected by multiple flaws :
- It may be possible to crash the browser or potentially execute arbitrary code by using a flash object that presents a slow script dialog. (MFSA 2009-35)
- In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. An attacker who is able to trick a user of the affected software into visiting a malicious link may be able to leverage this issue to run arbitrary code subject to the user's privileges.
SolutionUpgrade to Firefox 3.5.1 or later.