Summary
The host is installed with Mozilla Firefox and is prone to memory corruption and integer underflow vulnerabilities.
Impact
Successful exploitation allows remote attackers to execute arbitrary code with the privileges of the user running the affected application. Failed attempts may trigger a denial-of-service condition.
Impact Level: Application
Solution
Upgrade to Firefox version 3.6.23 or later
http://www.mozilla.com/en-US/firefox/all.html
Insight
The flaws are due to
- An integer underflow error exists within the Regular Expression engine when evaluating certain regular expressions.
- An unspecified error can be exploited to corrupt memory.
Affected
Mozilla Firefox 3.6.x before 3.6.23
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2996, CVE-2011-2998 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
- Adobe Acrobat Multiple Vulnerabilities - Mac OS X
- Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Air Code Execution and DoS Vulnerabilities (Windows)