Firefox 3.6.x < 3.6.24 Multiple Vulnerabilities
High Nessus Plugin ID 56750
SynopsisThe remote Windows host contains a web browser that is potentially affected by multiple vulnerabilities.
DescriptionThe installed version of Firefox 3.6.x is earlier than 3.6.24 and is potentially affected by the following vulnerabilities:
- There is an error within the JSSubScriptLoader that incorrectly unwraps 'XPCNativeWrappers'. By tricking a user into installing a malicious plug-in, an attacker could exploit this issue to execute arbitrary code.
- Certain invalid sequences are not handled properly in 'Shift-JIS' encoding and can allow cross-site scripting attacks. (CVE-2011-3648)
SolutionUpgrade to Firefox 3.6.24 or later.