Summary
The host is installed with Firefox browser and is prone to multiple vulnerabilities.
Impact
A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash.
Impact Level: System/Application
Solution
Upgrade to Firefox version 3.0.14 or 3.5.3 or later http://www.mozilla.com/en-US/firefox/all.html
Insight
- Multiple errors in the browser and JavaScript engines can be exploited to corrupt memory.
- An error exists when processing operations performed on the columns of a XUL tree element. This can be exploited to dereference freed memory via a pointer owned by a column of the XUL tree element.
- An error exists when displaying text in the location bar using the default Windows font. This can be exploited to spoof the URL of a trusted site via Unicode characters having a tall line-height.
- An error in the implementation of the 'BrowserFeedWriter' object can be exploited to execute arbitrary JavaScript code with chrome privileges.
Affected
Mozilla Firefox version prior to 3.0.14 and 3.5 before 3.5.3 on Windows.
References
- http://secunia.com/advisories/36671/
- http://www.mozilla.org/security/announce/2009/mfsa2009-47.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-49.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-50.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-51.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3072, CVE-2009-3077, CVE-2009-3078, CVE-2009-3079 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities