Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox 3.6.x < 3.6.4 Multiple Vulnerabilities

Medium

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Firefox 3.6.x prior to 3.6.4 are potentially affected by multiple vulnerabilities :

- Multiple crashes can result in code execution. (MFSA 2010-26) - Freed object reuse across plugin instances. (MFSA 2010-28) - A heap buffer overflow in 'nsGenericDOMDataNode::SetTextInternal'. (MFSA 2010-29) - An integer overflow in XSLT node sorting. (MFSA 2010-30) - The 'focus()' behavior can be used to inject or steal keystrokes. (MFSA 2010-31) - The 'Content-Disposition: attachment' HTTP header is ignored when 'Content-Type: multipart' is also present. (MFSA 2010-32) - It is possible to reverse engineer the value used to seed 'Math.random()'. (MFSA 2008-33)

Solution

Upgrade to Mozilla Firefox 3.6.4 or later.