Mozilla Firefox Memory Corruption And Integer Underflow Vulnerabilities (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox and is prone to memory corruption and integer underflow vulnerabilities.

Impact

Successful exploitation allows remote attackers to execute arbitrary code with the privileges of the user running the affected application. Failed attempts may trigger a denial-of-service condition. Impact Level: System/Application

Solution

Upgrade to Firefox version 3.6.23 or later http://www.mozilla.com/en-US/firefox/all.html

Insight

The flaws are due to - An integer underflow error exists within the Regular Expression engine when evaluating certain regular expressions. - An unspecified error can be exploited to corrupt memory.

Affected

Mozilla Firefox 3.6.x before 3.6.23

References

http://www.mozilla.org/security/announce/2011/mfsa2011-36.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2996, CVE-2011-2998

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
Adobe Air Multiple Vulnerabilities -01 August 12 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)

Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (Windows)

Take action and discover your vulnerabilities