Mozilla Firefox Multiple Denial Of Service Vulnerabilities - Sep09 (Linux) Network Vulnerability

Summary

The host is installed with Firefox browser and is prone to multiple Denial of Service vulnerabilities.

Impact

A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash. Impact Level: System/Application

Solution

Upgrade to Firefox version 3.0.14 or later http://www.mozilla.com/en-US/firefox/all.html

Insight

- Multiple errors in the browser and JavaScript engines can be exploited to corrupt memory. - The warning dialog displayed when adding or removing security modules via 'pkcs11.addmodule' or 'pkcs11.deletemodule' does not contain enough information. This can be exploited to potentially trick a user into installing a malicious PKCS11 module.

Affected

Mozilla Firefox version prior to 3.0.14 on Linux.

References

http://secunia.com/advisories/36671/
http://www.mozilla.org/security/announce/2009/mfsa2009-47.html
http://www.mozilla.org/security/announce/2009/mfsa2009-48.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3070, CVE-2009-3074, CVE-2009-3076

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

BitDefender 'pdf.xmd' Module PDF Parsing Remote DoS Vulnerability
Asterisk SIP Channel Driver Denial Of Service Vulnerability (Linux)
AnalogX SimpleServer:WWW DoS
Abyss httpd DoS
ActFax Server Multiple Remote Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities