Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox < 37.0.2 Failed Plugin Memory Corruption

High

Synopsis

The remote host has a web browser installed that is vulnerable to a use-after-free vulnerability.

Description

Versions of Mozilla Firefox earlier than 37.0.2 are affected by a use-after-free error, related to the AsyncPaintWaitEvent() method, due to a race condition caused when plugin initialization fails. A remote attacker, using a specially crafted web page, can exploit this flaw to execute arbitrary code or cause a denial of service.

Solution

Upgrade to Firefox 37.0.2 or later.