Firefox < 3.5.12 Multiple Vulnerabilities

high Nessus Plugin ID 49145

Language:

Synopsis

The remote Windows host contains a web browser that is affected by multiple vulnerabilities.

Description

The installed version of Firefox is earlier than 3.5.12. Such versions are potentially affected by the following security issues :
- The pseudo-random number generator is only seeded once per browsing session and 'Math.random()' may be used to recover the seed value allowing the browser instance to be tracked across different websites. This was originally covered by MFSA 2010-33, but was reportedly fixed incorrectly until version 3.5.12. (CVE-2010-3171)

- Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-49)

- An integer overflow vulnerability in HTML frameset element implementation could lead to arbitrary code execution.
(MFSA 2010-50)

- A dangling pointer vulnerability in 'navigator.plugins' could lead to arbitrary code execution. (MFSA 2010-51)

- It is possible to perform DLL hijacking attacks via dwmapi.dll. (MFSA 2010-52)

- A heap overflow vulnerability in function 'nsTextFrameUtils::TransformText' could result in arbitrary code execution on the remote system.
(MFSA 2010-53)

- A dangling pointer vulnerability reported in MFSA 2010-40 was incorrectly fixed. (MFSA 2010-54)

- By manipulating XUL <tree> objects it may be possible to crash the browser or run arbitrary code on the remote system. (MFSA 2010-55)

- A dangling pointer vulnerability affects XUL <tree>'s content view implementation, which could allow arbitrary code execution on the remote system. (MFSA 2010-56)

- Code used to normalize a document could lead to a crash or arbitrary code execution on the remote system.
(MFSA 2010-57)

- A specially crafted font could trigger memory corruption on Mac systems, potentially resulting in arbitrary code execution on the remote system. (MFSA 2010-58)

- It is possible to trigger a cross-site scripting vulnerability using SJOW scripted function.
(MFSA 2010-60)

- The 'type' attribute of an <object> tag could override charset of a framed HTML document, which could allow an attacker to inject and execute UTF-7 encoded JavaScript code into a website. (MFSA 2010-61)

- Copy-and-paste or drag-and-drop of an HTML selection containing JavaScript into a designMode document could trigger a cross-site scripting vulnerability.
(MFSA 2010-62)

- It is possible to read sensitive information via 'statusText' property of an XMLHttpRequest object.
(MFSA 2010-63)

Solution

Upgrade to Firefox 3.5.12 or later.

See Also

http://www.nessus.org/u?4f8f3492

https://www.mozilla.org/en-US/security/advisories/mfsa2010-49/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-50/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-51/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-52/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-53/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-54/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-55/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-56/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-57/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-58/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-60/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-61/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-62/

https://www.mozilla.org/en-US/security/advisories/mfsa2010-63/

http://www.nessus.org/u?20fc6229

Plugin Details

Severity: High

ID: 49145

File Name: mozilla_firefox_3512.nasl

Version: 1.24

Type: local

Agent: windows

Family: Windows

Published: 9/8/2010

Updated: 7/16/2018

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Required KB Items: Mozilla/Firefox/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/7/2010

Vulnerability Publication Date: 9/7/2010

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-2760, CVE-2010-2763, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-2770, CVE-2010-3131, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169, CVE-2010-3171

BID: 42654, 43091, 43093, 43094, 43095, 43096, 43097, 43100, 43101, 43102, 43104, 43106, 43108, 43118, 43222

Secunia: 41297