Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Linux) Network Vulnerability

Summary

The host is installed with Firefox browser and is prone to Remote Code Execution vulnerabilities.

Impact

Successful exploitation could allow remote attacker to execute arbitrary code and results in Denial of Service condition. Impact Level:System/Application

Solution

Upgrade to Firefox version 3.0.12 or 3.5.1 or later http://www.mozilla.com/en-US/firefox/all.html

Insight

Error exists when a page contains a Flash object which presents a slow script dialog, and the page is navigated while the dialog is still visible to the user, the Flash plugin is unloaded resulting in a crash due to a call to the deleted object.

Affected

Mozilla Firefox version prior to 3.0.12 and 3.5.1 on Linux.

References

http://secunia.com/advisories/35914
http://www.mozilla.org/security/announce/2009/mfsa2009-35.html
http://www.vupen.com/english/advisories/2009/1972

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2467
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Asterisk PBX NULL Pointer Dereference Overflow
Easy RM to MP3 Converter Buffer Overflow Vulnerability
Allegro Software RomPager 2.10 Denial of Service
Adobe Reader PDF Handling Denial Of Service Vulnerability (Linux)
EMC Data Protection Advisor NULL Pointer Dereference Denial of Service Vulnerability

Take action and discover your vulnerabilities