Firefox 3.5 < 3.5.6 Multiple Vulnerabilities
High Nessus Plugin ID 43174
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.
Description
The installed version of Firefox is 3.5.x earlier than 3.5.6. Such versions are potentially affected by the following security issues :
- Multiple crashes can result in arbitrary code execution. (MFSA 2009-65)
- Multiple vulnerabilities in 'liboggplay' can lead to arbitrary code execution. (MFSA 2009-66)
- An integer overflow in the 'Theora' video library can lead to a crash or the execution of arbitrary code. (MFSA 2009-67)
- The NTLM implementation is vulnerable to reflection attacks in which NTLM credentials from one application can be forwarded to another application. (MFSA 2009-68)
- Multiple location bar spoofing vulnerabilities exist. (MFSA 2009-69)
- A content window which is opened by a chrome window retains a reference to the chrome window via the 'window.opener' property, which can lead to privilege escalation. (MFSA 2009-70)
- The exception messages generated by the 'GeckoActiveXObject' differ based on whether or not the requested COM object's ProgID is present in the system registry. (MFSA 2009-71)
Solution
Upgrade to Firefox 3.5.6 or later.