Summary
This host is installed with Mozilla Firefox and is prone to multiple Memory Corruption vulnerabilities.
Impact
Successful exploitation will let attacker to cause Denial of Service or memory corrption on the user's system.
Impact Level: Application/System
Solution
Upgrade to Firefox version 3.5.4
http://www.mozilla.com/en-US/firefox/all.html
Insight
- An error exists when creating JavaScript web-workers recursively that can be exploited to trigger the use of freed memory.
- An error in the embedded 'liboggz' or 'libvorbis' library that can be exploited to cause a crash.
- An error exists in the 'oggplay_data_handle_theora_frame' function in media/liboggplay/src/liboggplay/oggplay_data.c in 'liboggplay' library that can be exploited to cause a crash.
Affected
Firefox version 3.5 before 3.5.4 on Windows.
References
Severity
Classification
-
CVE CVE-2009-3371, CVE-2009-3377, CVE-2009-3378, CVE-2009-3379, CVE-2009-3381, CVE-2009-3383 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apple QuickTime Multiple Denial of Service Vulnerabilities - (Windows)
- Apple iTunes Local Privilege Escalation Vulnerability
- Apple QuickTime Malformed .mov File Buffer Overflow Vulnerability
- FlashGet FTP PWD Response Remote Buffer Overflow Vulnerability
- Apple Safari Multiple Vulnerabilities June-09 (Win) - I