Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox 3.x < 3.0.5 Multiple Vulnerabilities

Medium

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Firefox 3.x prior to 3.0.5 are affected by the following security issues :

- There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2008-60) - XBL bindings can be used to read data from other domains. (MFSA 2008-61) - The feed preview still allows for JavaScript privilege escalation. (MFSA 2008-62) - Sensitive data may be disclosed in an XHR response when an XMLHttpRequest is made to a same-origin resource, which 302 redirects to a resource in a different domain. (MFSA 2008-64) - A website may be able to access a limited amount of data from a different domain by loading a same-domain JavaScript URL which redirects to an off-domain target resource containing data that is not parsable as JavaScript. (MFSA 2008-65) - Errors arise when parsing URLs with leading whitespace and control characters. (MFSA 2008-66) - An escaped null byte is ignored by the CSS parser and treated as if it was not present in the CSS input string. (MFSA 2008-67) - XSS and JavaScript privilege escalation are possible. (MFSA 2008-68) - XSS vulnerabilities in SessionStore may allow for violating the browser's same-origin policy and performing an XSS attack or running arbitrary JavaScript with chrome privileges. (MFSA 2008-69) - A denial of service issue when the application handles a maliciously crafted webpage containing a 'HTMLSelectElement' object with a large length attribute.

Solution

Upgrade to Firefox 3.0.5 or higher.