Mozilla Firefox < 3.0.12 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 5101

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

Versions of Firefox prior to 3.0.12 are affected by the following security issues :

- Multiple memory corruption vulnerabilities could potentially be exploited to execute arbitrary code. (MFSA 2009-34)
- It may be possible to crash the browser or potentially execute arbitrary code by using a flash object that presents a slow script dialog. (MFSA 2009-35)
- Glyph rendering libraries are affected by multiple heap/integer overflows. (MFSA 2009-36)
- A vulnerability involving SVG element could be exploited to crash the browser or execute arbitrary code on the remote system. (MFSA 2009-37)
- A vulnerability in 'setTimeout' could allow unsafe access to the 'this' object from chrome code. An attacker could exploit this flaw to run arbitrary JavaScript with chrome privileges. (MFSA 2009-39)
- It may be possible for JavaScript from one website to bypass cross-origin wrapper, and unsafely access properties of an object from another website. (MFSA 2009-40)

Solution

Upgrade to Firefox 3.0.12 or later.

See Also

http://www.mozilla.org/security/announce/2009/mfsa2009-38.html

http://www.mozilla.org/security/announce/2009/mfsa2009-34.html

http://www.mozilla.org/security/announce/2009/mfsa2009-35.html

http://www.mozilla.org/security/announce/2009/mfsa2009-36.html

http://www.mozilla.org/security/announce/2009/mfsa2009-37.html

http://www.mozilla.org/security/announce/2009/mfsa2009-39.html

http://www.mozilla.org/security/announce/2009/mfsa2009-40.html

Plugin Details

Severity: Medium

ID: 5101

Family: Web Clients

Published: 7/28/2009

Updated: 3/6/2019

Nessus ID: 40351

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Patch Publication Date: 7/21/2009

Vulnerability Publication Date: 7/21/2009

Reference Information

CVE: CVE-2009-1194, CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2468, CVE-2009-2469, CVE-2009-2471, CVE-2009-2472

BID: 35765, 35766, 35767, 35769, 35770, 35772, 35773, 35774, 35775, 35776