Summary
The host is installed with Firefox browser and is prone to multiple Denial of Service vulnerabilities.
Impact
A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash.
Impact Level: System/Application
Solution
Upgrade to Firefox version 3.0.14 or later
http://www.mozilla.com/en-US/firefox/all.html
Insight
- Multiple errors in the browser and JavaScript engines can be exploited to corrupt memory.
- The warning dialog displayed when adding or removing security modules via 'pkcs11.addmodule' or 'pkcs11.deletemodule' does not contain enough information. This can be exploited to potentially trick a user into installing a malicious PKCS11 module.
Affected
Mozilla Firefox version prior to 3.0.14 on Linux.
References
Severity
Classification
-
CVE CVE-2009-3070, CVE-2009-3074, CVE-2009-3076 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apple Safari Multiple Vulnerabilities June-09 (Win) - II
- CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities
- Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
- Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Mac OS X)
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Mac OS X)