Detections
Analytics
Mozilla Firefox 3.6.x < 3.6.26 Multiple Vulnerabilities
high Nessus Network Monitor Plugin ID 6307
Synopsis
The remote host has a web browser installed that is vulnerable to multiple attack vectors.Description
The remote host has a web browser installed that is vulnerable to multiple attack vectors.Versions of Firefox 3.6.x earlier than 3.6.26 are potentially affected by the following security issues :
- A use-after-free error exists related to removed nsDOMAttribute child nodes. (CVE-2011-3659)
- The IPv6 literal syntax in web addresses is not being properly enforced. (CVE-2011-3670)
- Various memory safety issues exist. (CVE-2012-0442)
- Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449)
Solution
Upgrade to Firefox 3.6.26 or later.See Also
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.26
http://www.mozilla.org/security/announce/2012/mfsa2012-01.html
http://www.mozilla.org/security/announce/2012/mfsa2012-02.html
http://www.mozilla.org/security/announce/2012/mfsa2012-04.html
http://www.mozilla.org/security/announce/2012/mfsa2012-07.html
http://www.mozilla.org/security/announce/2012/mfsa2012-08.html
Plugin Details
Severity: High
ID: 6307
Family: Web Clients
Published: 2/7/2012
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Critical
Score: 9.0
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 8.1
Temporal Score: 7.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:mozilla:firefox
Patch Publication Date: 1/31/2012
Vulnerability Publication Date: 1/31/2012
Exploitable With
CANVAS (White_Phosphorus)
Metasploit (Firefox 8/9 AttributeChildRemoved() Use-After-Free)
Reference Information
CVE: CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449