Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Linux) Network Vulnerability

Summary

The host is installed with Firefox browser and is prone to Remote Code Execution vulnerabilities.

Impact

Successful exploitation could allow remote attacker to execute arbitrary code and results in Denial of Service condition. Impact Level:System/Application

Solution

Upgrade to Firefox version 3.0.12 or 3.5.1 or later http://www.mozilla.com/en-US/firefox/all.html

Insight

Error exists when a page contains a Flash object which presents a slow script dialog, and the page is navigated while the dialog is still visible to the user, the Flash plugin is unloaded resulting in a crash due to a call to the deleted object.

Affected

Mozilla Firefox version prior to 3.0.12 and 3.5.1 on Linux.

References

http://secunia.com/advisories/35914
http://www.mozilla.org/security/announce/2009/mfsa2009-35.html
http://www.vupen.com/english/advisories/2009/1972

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2467

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

7T Interactive Graphical SCADA System 'dc.exe' Command Injection Vulnerability
Apple QuickTime Malformed .mov File Buffer Overflow Vulnerability
Adobe Reader PDF Handling Denial Of Service Vulnerability (Linux)
CiscoKits CCNA TFTP Server 'Write' Command Denial Of Service Vulnerability
CA ARCserve Backup RPC Services Multiple Vulnerabilities (Windows)

Take action and discover your vulnerabilities