Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox < 3.5.10 Multiple Vulnerabilities

Medium

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Firefox earlier than 3.5.10 are potentially affected by multiple vulnerabilities :

- A re-use of a freed object due to scope confusion. (MFSA 2010-25) - Multiple crashes can result in code execution. (MFSA 2010-26) - A use-after-free error in nsCycleCollector::MarkRoots(). (MFSA 2010-27) - Freed object reuse across plugin instances. (MFSA 2010-28) - A heap buffer overflow in nsGenericDOMDataNode::SetTextInternal. (MFSA 2010-29) - An integer overflow in XSLT node sorting. (MFSA 2010-30) The focus() behavior can be used to inject or steal keystrokes. (MFSA 2010-31)

- The 'Content-Disposition: attachment' HTTP header is ignored when 'Content-Type: multipart' is also present. (MFSA 2010-32)

It is possible to reverse engineer the value used to seed Math.random(). (MFSA 2008-33)

Solution

Upgrade to Mozilla Firefox 3.5.10 or later.