Summary
This host is installed with Mozilla Firefox and is prone to multiple memory vorruption vulnerabilities.
Impact
Successful exploitation will let attacker to cause Denial of Service or memory corrption on the user's system.
Impact Level: Application/System
Solution
Upgrade to Firefox version 3.5.4
http://www.mozilla.com/en-US/firefox/all.html
Insight
- An error exists when creating JavaScript web-workers recursively that can be exploited to trigger the use of freed memory.
- An error in the embedded 'liboggz' or 'libvorbis' library that can be exploited to cause a crash.
- An error exists in the 'oggplay_data_handle_theora_frame' function in media/liboggplay/src/liboggplay/oggplay_data.c in 'liboggplay' library that can be exploited to cause a crash.
Affected
Firefox version 3.5 before 3.5.4 on Linux.
References
Severity
Classification
-
CVE CVE-2009-3371, CVE-2009-3377, CVE-2009-3378, CVE-2009-3379, CVE-2009-3381, CVE-2009-3383 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Asterisk SIP Channel Driver Denial Of Service Vulnerability (Linux)
- Apple QuickTime Multiple Vulnerabilities - Jan09 (Win)
- Adobe Flash Player/Air Multiple Vulnerabilities - August10 (Linux)
- Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Linux)
- Asterisk IAX2 Call Number Exhaustion DOS Vulnerability (Linux)