Mozilla Firefox < 37.0.2 Failed Plugin Memory Corruption
High Nessus Network Monitor Plugin ID 8744
SynopsisThe remote host has a web browser installed that is vulnerable to a use-after-free vulnerability.
DescriptionVersions of Mozilla Firefox earlier than 37.0.2 are affected by a use-after-free error, related to the AsyncPaintWaitEvent() method, due to a race condition caused when plugin initialization fails. A remote attacker, using a specially crafted web page, can exploit this flaw to execute arbitrary code or cause a denial of service.
SolutionUpgrade to Firefox 37.0.2 or later.