Mozilla Firefox ESR Code Execution Vulnerabilities - November12 (Windows) Network Vulnerability

Summary

This host is installed with Mozilla Firefox ESR and is prone to multiple code execution vulnerabilities.

Impact

Successful exploitation could allow attackers to gain privileges or execute arbitrary code in the context of the browser. Impact Level: System/Application

Solution

Upgrade to Mozilla Firefox ESR 10.0.11 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html

Insight

- Improper loading of DLL file in the default downloads directory by Firefox installer. - An error within Style Inspector when parsing style sheets can be exploited to execute HTML and CSS code in chrome privileged context.

Affected

Mozilla Firefox ESR version 10.x before 10.0.11 on Windows

References

http://secunia.com/advisories/51358
http://securitytracker.com/id?1027791
http://securitytracker.com/id?1027792
http://www.mozilla.org/security/announce/2012/mfsa2012-98.html
http://www.mozilla.org/security/announce/2012/mfsa2012-104.html
http://www.osvdb.org/87584

Updated on 2017-03-28

Severity

Classification

CVE CVE-2012-4206, CVE-2012-4210

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)
Adobe Captivate Insecure Library Loading Vulnerability
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Mac OS X)

Take action and discover your vulnerabilities