Mozilla Firefox Multiple Vulnerability July-08 (Win)

  1. Network Vulnerabilities
  2. General
  3. Mozilla Firefox Multiple Vulnerability July-08 (Win)
Summary
The host is installed with Mozilla Firefox browser, that is prone to multiple vulnerabilities.
Impact
Successful exploitation could result in remote arbitrary code execution, spoofing attacks, sensitive information disclosure, and JavaScript code can be executed with the privileges of JAR's signer. Impact Level: System
Solution
Upgrade to Firefox version 2.0.0.15 http://www.mozilla.com/en-US/firefox/all-older.html
Insight
Issues in browser are due to, - multiple errors in the layout and JavaScript engines that can corrupt memory. - error while handling unprivileged XUL documents that can be exploited to load chrome scripts from a fastload file via <script> elements. - error in mozIJSSubScriptLoader.LoadScript function can bypass XPCNativeWrappers. - error in block re-flow process, which can potentially lead to crash. - error in processing file URLs contained within local directory listings. - errors in the implementation of the Javascript same origin policy - errors in the verification of signed JAR files. - improper implementation of file upload forms result in uploading specially crafted DOM Range and originalTarget elements. - error in Java LiveConnect implementation. - error in processing of Alt Names provided by peer. - error in processing of windows URL shortcuts.
Affected
Firefox version prior to 2.0.0.15 on Windows.
References
Updated on 2015-03-25
Severity
High Severity
Classification
Related Vulnerabilities