Firefox 10.0.x < 10.0.8 Multiple Vulnerabilities
High Nessus Plugin ID 62579
SynopsisThe remote Windows host contains a web browser that is affected by multiple vulnerabilities.
DescriptionThe installed version of Firefox 10.0.x is affected by the following vulnerabilities :
- Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-3983)
- Some methods of a feature used for testing (DOMWindowUtils) are not properly protected and may be called through script by web pages. (CVE-2012-3986)
- A potentially exploitable denial of service may be caused by a combination of invoking full-screen mode and navigating backwards in history. (CVE-2012-3988)
- When the 'GetProperty' function is invoked through JSAP, security checking can by bypassed when getting cross- origin properties, potentially allowing arbitrary code execution. (CVE-2012-3991)
- The 'location' property can be accessed by binary plugins through 'top.location' and 'top' can be shadowed by 'Object.defineProperty', potentially allowing cross- site scripting attacks through plugins. (CVE-2012-3994)
- The Chrome Object Wrapper (COW) has flaws that could allow access to privileged functions, allowing for cross- site scripting attacks or arbitrary code execution. (CVE-2012-3993, CVE-2012-4184)
- The 'location.hash' property is vulnerable to an attack that could allow an attacker to inject script or intercept post data. (CVE-2012-3992)
- The 'Address Sanitizer' tool is affected by multiple, potentially exploitable use-after-free flaws. (CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183)
- The 'Address Sanitizer' tool is affected by multiple, potentially exploitable heap memory corruption issues. (CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188)
SolutionUpgrade to Firefox 10.0.8 or later.