Detections
Analytics
Firefox < 3.0.13 Multiple Vulnerabilities
high Nessus Plugin ID 40478
Synopsis
The remote Windows host contains a web browser that is affected by multiple flaws.Description
The installed version of Firefox is earlier than 3.0.13. Such versions are potentially affected by the following security issues :- The browser can be fooled into trusting a malicious SSL server certificate with a null character in the host name.
(MFSA 2009-42)
- A heap overflow in the code that handles regular expressions in certificate names can lead to arbitrary code execution. (MFSA 2009-43)
- The location bar and SSL indicators can be spoofed by calling window.open() on an invalid URL. A remote attacker could use this to perform a phishing attack.
(MFSA 2009-44)
- Unspecified JavaScript-related vulnerabilities can lead to memory corruption, and possibly arbitrary execution of code. (MFSA 2009-45)
Solution
Upgrade to Firefox 3.0.13 or later.See Also
https://www.mozilla.org/en-US/security/advisories/mfsa2009-42/
https://www.mozilla.org/en-US/security/advisories/mfsa2009-43/
https://www.mozilla.org/en-US/security/advisories/mfsa2009-44/
https://www.mozilla.org/en-US/security/advisories/mfsa2009-45/
Plugin Details
Severity: High
ID: 40478
File Name: mozilla_firefox_3013.nasl
Version: 1.20
Type: local
Agent: windows
Family: Windows
Published: 8/4/2009
Updated: 7/16/2018
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:mozilla:firefox
Required KB Items: Mozilla/Firefox/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/1/2009
Reference Information
CVE: CVE-2009-2404, CVE-2009-2408, CVE-2009-2654, CVE-2009-2662, CVE-2009-2663, CVE-2009-2664