| VID |
28765 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Mozilla Firefox which is older than 3.0.9 has been installed on the host. Mozilla is an open-source based Web browser, developed by the Mozilla project. Mozilla Firefox versions 3.0.x prior to 3.0.9 are vulnerable to multiple vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could execute arbitrary code on the affected host.
The installed version of Firefox is earlier than 3.0.9. Such versions
are potentially affected by the following security issues :
- Multiple remote memory corruption vulnerabilities exist which can be exploited to execute arbitrary code in the context of the user running the affected application.
- A flaw may exist where Unicode box drawing characters are allowed in Internationalized Domain Names where they could be visually confused with punctuation used in valid web addresses. An attacker can leverage this to launch a phishing-type scam against a victim.
- A vulnerability exists when the 'jar:' scheme is used to wrap a URI which serves the content with 'Content-Disposition: attachment'. An attacker can leverage this to subvert sites which use this mechanism
to mitigate content injection attacks.
- When an Adobe Flash file is loaded via the 'view-source:' scheme, the Flash plugin misinterprets the origin of the content as localhost. An attacker can leverage this to launch cross-site request forger attacks. It is also possible to exploit this to place cookie-like objects on victim's computers.
- A vulnerability exists which allows attackers to inject arbitrary scripts into sites via XBL bindings. This vulnerability requires the attacker to have the ability to embed third-party stylesheets into the site.
- Multiple remote code execution vulnerabilities exist caused by the creation of documents whose URI does not match the document's principle using XMLHttpRequest, as well as a flaw in the 'XPCNativeWrapper.ToString' '__proto__' coming from the wrong scope.
- A malicious MozSearch plugin could be created using a javascript: URI in the SearchForm value. An attacker can leverage this in order to inject code into arbitrary sites.
- An information disclosure vulnerability exists when saving the inner frame of a web page as a file when the outer page has POST data associated with it.
- A cross site scripting vulnerability exists when handling a Refresh header containing a javascript: URI.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
http://www.mozilla.org/security/announce/2009/mfsa2009-15.html
http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
http://www.mozilla.org/security/announce/2009/mfsa2009-20.html
http://www.mozilla.org/security/announce/2009/mfsa2009-21.html
http://www.mozilla.org/security/announce/2009/mfsa2009-22.html
* Platforms Affected:
Mozilla Project, Firefox versions 3.0.x prior to 3.0.9
Microsoft Windows Any version
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Firefox (3.0.9 or later), available from the Mozilla Firefox Download Web page at http://www.mozilla.org/products/firefox/ |
| Related URL |
CVE-2009-0652,CVE-2009-1302,CVE-2009-1303,CVE-2009-1304,CVE-2009-1305,CVE-2009-1306,CVE-2009-1307,CVE-2009-1308,CVE-2009-1309,CVE-2009-1310 (CVE) |
| Related URL |
33837,34656 (SecurityFocus) |
| Related URL |
(ISS) |
|
