New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.7
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The installed version of Firefox is 3.5.x earlier than 3.5.6. Such versions are potentially affected by the following security issues :
- Multiple crashes can result in arbitrary code execution. (MFSA 2009-65)
- Multiple vulnerabilities in 'liboggplay' can lead to arbitrary code execution. (MFSA 2009-66)
- An integer overflow in the 'Theora' video library can lead to a crash or the execution of arbitrary code. (MFSA 2009-67)
- The NTLM implementation is vulnerable to reflection attacks in which NTLM credentials from one application can be forwarded to another application. (MFSA 2009-68)
- Multiple location bar spoofing vulnerabilities exist. (MFSA 2009-69)
- A content window which is opened by a chrome window retains a reference to the chrome window via the 'window.opener' property, which can lead to privilege escalation. (MFSA 2009-70)
- The exception messages generated by the 'GeckoActiveXObject' differ based on whether or not the requested COM object's ProgID is present in the system registry. (MFSA 2009-71)
Solution
Upgrade to Firefox 3.5.6 or later.