Summary
The host is installed with Firefox browser and is prone to multiple Denial of Service vulnerabilities.
Impact
A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash.
Impact Level: System/Application
Solution
Upgrade to Firefox version 3.0.14 or later
http://www.mozilla.com/en-US/firefox/all.html
Insight
- Multiple errors in the browser and JavaScript engines can be exploited to corrupt memory.
- The warning dialog displayed when adding or removing security modules via 'pkcs11.addmodule' or 'pkcs11.deletemodule' does not contain enough information. This can be exploited to potentially trick a user into installing a malicious PKCS11 module.
Affected
Mozilla Firefox version prior to 3.0.14 on Windows.
References
Severity
Classification
-
CVE CVE-2009-3070, CVE-2009-3074, CVE-2009-3076 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Mac OS X)
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows)
- CUPS Subscription Incorrectly uses Guest Account DoS Vulnerability
- Cogent DataHub Multiple Vulnerabilities
- EMC Data Protection Advisor NULL Pointer Dereference Denial of Service Vulnerability