Summary
The host is installed with Firefox browser and is prone to multiple vulnerabilities.
Impact
Successful exploitation allows attackers to cause Denial of Service and conduct cross site scripting attacks.
Impact Level: Application.
Solution
Upgrade to Firefox version 3.6.2,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
The multiple flaws are due to:
- An use-after-free error in the 'imgContainer::InternalAddFrameHelper' function in 'src/imgContainer.cpp' in 'libpr0n' allows to cause denial of service via a multipart/x-mixed-replace animation.
- An error in 'TraceRecorder::traverseScopeChain()' wthin 'js/src/jstracer.cpp' allows to cause a memory corruption via vectors involving certain indirect calls to the JavaScript eval function.
- An error while offering plugins in expected window which allows to conduct cross site scripting attacks via vectors that are specific to each affected plugin.
Affected
Firefox version 3.6 before 3.6.2 on Windows.
References
Severity
Classification
-
CVE CVE-2010-0164, CVE-2010-0165, CVE-2010-0170, CVE-2010-0172 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)