Mozilla Firefox < 8.0 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6788

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Versions of Firefox prior to 8.0 are potentially affected by the following security issues :

- Certain invalid sequences are not handled properly in 'Shift-JIS' encoding and can allow cross-site scripting attacks. (CVE-2011-3648)
- The addition of the 'Azure' graphics functionality re-introduced a cross-origin information disclosure issue previously described in CVE-2011-2986. (CVE-2011-3649)
- Profiling JavaScript files with many functions can cause the application to crash. It may be possible to trigger this behavior even when the debugging APIs are not being used. (CVE-2011-3650)
- Multiple memory safety issues exist. (CVE-2011-3651)
- An unchecked memory allocation failure can cause the application to crash. (CVE-2011-3652)
- An issue with WebGL graphics and GPU drivers can allow cross-origin image theft. (CVE-2011-3653)
- An error exists related to SVG 'mpath' linking to a non-SVG element and can result in potentially exploitable application crashes. (CVE-2011-3654)
- An error in internal privilege checking can allow web content to obtain elevated privileges. (CVE-2011-3655)

Solution

Upgrade to Firefox 8.0 or later.

See Also

http://www.mozilla.org/security/announce/2011/mfsa2011-47.html

http://www.mozilla.org/security/announce/2011/mfsa2011-49.html

http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox7

http://www.mozilla.org/security/announce/2011/mfsa2011-48.html

http://www.mozilla.org/security/announce/2011/mfsa2011-50.html

http://www.mozilla.org/security/announce/2011/mfsa2011-51.html

http://www.mozilla.org/security/announce/2011/mfsa2011-52.html

Plugin Details

Severity: High

ID: 6788

Family: Web Clients

Published: 5/6/2013

Updated: 3/6/2019

Nessus ID: 56751

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mozilla:firefox

Patch Publication Date: 11/8/2011

Vulnerability Publication Date: 11/8/2011

Reference Information

CVE: CVE-2011-3648, CVE-2011-3649, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3653, CVE-2011-3654, CVE-2011-3655

BID: 50593, 50595, 50594, 50597, 50600, 50602, 50591, 50592