The host is installed with Mozilla Firefox browser and is prone to Denial of Service vulnerability.

Successful remote exploitation will allow attackers to crash application via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. Impact Level: Application.

Upgrade to Firefox version 3.5.7 http://www.mozilla.com/en-US/firefox/all.html

The flaw is due to error in 'nsObserverList::FillObserverArray()' function in 'xpcom/ds/nsObserverList.cpp'

Mozilla Firefox version prior to 3.5.7 on Windows.

• http://isc.sans.org/diary.html?storyid=7897
• http://www.mozilla.com/en-US/firefox/3.5.7/releasenotes
• https://bugzilla.mozilla.org/show_bug.cgi?id=507114

---

Updated on 2015-03-25