Detections
Analytics

Mozilla Firefox 3.6.x < 3.6.26 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 801268

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Versions of Firefox 3.6.x earlier than 3.6.26 are potentially affected by the following security issues :

- A use-after-free error exists related to removed nsDOMAttribute child nodes. (CVE-2011-3659)

 - The IPv6 literal syntax in web addresses is not being properly enforced. (CVE-2011-3670)

 - Various memory safety issues exist. (CVE-2012-0442)

 - Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449)

Solution

Upgrade to Firefox 3.6.26 or later.

See Also

http://.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.26

http://.mozilla.org/security/announce/2012/mfsa2012-01.html

http://.mozilla.org/security/announce/2012/mfsa2012-02.html

http://.mozilla.org/security/announce/2012/mfsa2012-04.html

http://.mozilla.org/security/announce/2012/mfsa2012-07.html

http://.mozilla.org/security/announce/2012/mfsa2012-08.html

Plugin Details

Severity: High

ID: 801268

Family: Web Clients

Published: 2/7/2012

Nessus ID: 57769, 57774

Vulnerability Information

Patch Publication Date: 1/31/2012

Vulnerability Publication Date: 1/31/2012

Exploitable With

Metasploit (Firefox 8/9 AttributeChildRemoved() Use-After-Free)

Reference Information

CVE: CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449

BID: 51753, 51754, 51755, 51756, 51786