Detections
Analytics
Mozilla Firefox 4.0.x < 4.0.1 Multiple Vulnerabilities
high Nessus Network Monitor Plugin ID 5902
Synopsis
The remote host has a web browser installed that is vulnerable to multiple attack vectors.Description
Versions of Firefox 4.0.x earlier than 4.0.1 are potentially affected by multiple vulnerabilities :Multiple memory corruption issues could lead to arbitrary code execution. (MFSA2011-12)
- Multiple vulnerabilities in the WebGL feature and WebGLES could be exploited to execute arbitrary code or bypass ASLR protection on Windows. (MFSA2011-17) - The XSLT 'generate-id()' function returned a string that revealed a specific valid address of an object on the memory heap. (MFSA2011-18)
Solution
Upgrade to Firefox 4.0.1 or later.See Also
http://www.mozilla.org/security/announce/2011/mfsa2011-12.html
http://www.mozilla.org/security/announce/2011/mfsa2011-17.html
http://www.mozilla.org/security/announce/2011/mfsa2011-18.html
http://www.mozilla.org/security/known-vulnerabilities/firefox40.html#firefox4.0.1
Plugin Details
Severity: High
ID: 5902
Family: Web Clients
Published: 4/29/2011
Updated: 3/6/2019
Nessus ID: 53595
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 8.1
Temporal Score: 7.5
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:mozilla:firefox
Patch Publication Date: 4/28/2011
Vulnerability Publication Date: 4/28/2011
Exploitable With
Metasploit (Mozilla Firefox "nsTreeRange" Dangling Pointer Vulnerability)
Reference Information
CVE: CVE-2011-0068, CVE-2011-0069, CVE-2011-0070, CVE-2011-0079, CVE-2011-0081, CVE-2011-1202
BID: 47668, 47641, 47646, 47648, 47651, 47653, 47654, 47655, 47656, 47659, 47662, 47663, 47667, 47635, 47657, 47661