Mozilla Firefox Multiple Denial Of Service Vulnerabilities - Sep09 (Linux) Network Vulnerability

Summary

The host is installed with Firefox browser and is prone to multiple Denial of Service vulnerabilities.

Impact

A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash. Impact Level: System/Application

Solution

Upgrade to Firefox version 3.0.14 or later http://www.mozilla.com/en-US/firefox/all.html

Insight

- Multiple errors in the browser and JavaScript engines can be exploited to corrupt memory. - The warning dialog displayed when adding or removing security modules via 'pkcs11.addmodule' or 'pkcs11.deletemodule' does not contain enough information. This can be exploited to potentially trick a user into installing a malicious PKCS11 module.

Affected

Mozilla Firefox version prior to 3.0.14 on Linux.

References

http://secunia.com/advisories/36671/
http://www.mozilla.org/security/announce/2009/mfsa2009-47.html
http://www.mozilla.org/security/announce/2009/mfsa2009-48.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3070, CVE-2009-3074, CVE-2009-3076
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Colasoft Capsa Malformed SNMP V1 Packet Remote Denial of Service Vulnerability
Azeotech DAQFactory NETB Datagram Parsing Stack Buffer Overflow Vulnerability
Easy RM to MP3 Converter Buffer Overflow Vulnerability
Checkpoint Firewall-1 UDP denial of service
CA Multiple Products 'arclib' Component DoS Vulnerability (Win)

Take action and discover your vulnerabilities