Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox < 9.0 Multiple Vulnerabilities

High

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Firefox prior to 9.0 are affected by the following security issues :

- An out-of-bounds memory access error exists in the 'SVG' implementation and can be triggered when 'SVG' elements are removed during a 'DOMAttrModified' event handler. (CVE-2011-3658) - Various memory safety errors exist that can lead to memory corruption and possible code execution. (CVE-2011-3660) - An error exists in the 'YARR' regular expression library that can cause application crashers when handling certain JavaScript statements. (CVE-2011-3661) - It is possible to detect keystrokes using 'SVG' animation 'accesskey' events even when JavaScript is disabled. (CVE-2011-3663) - An error exists related to plugins that can allow a null pointer to be dereferenced when a plugin deletes its containing DOM frame during a call from that frame. It may be possible for a non-null pointer to be dereferenced thereby opening up the potential for further exploitation. (CVE-2011-3664) - It is possible to crash the application when OGG 'video' elements are scaled to extreme sizes. (CVE-2011-3665)

Solution

Upgrade to Firefox 9.0 or later.