Lucene search
Tenable801241.PRMHistorySep 29, 2011 - 12:00 a.m.
Mozilla Firefox 3.6 < 3.6.23 Multiple Vulnerabilities
2011-09-2900:00:00
Tenable
www.tenable.com
21
The remote host has a web browser installed that is vulnerable to multiple attack vectors.
Versions of Firefox 3.6 earlier than 3.6.23 are potentially affected by the following security issues :
- An integer underflow exists when handling a large JavaScript βRegExpβ expression that can allow a potentially exploitable crash. (Issue 684815)
- If an attacker could trick a user into holding down the βEnterβ key, via a malicious game for example, a malicious application or extension could be downloaded and executed. (CVE-2011-2372)
- Unspecified error exist that can be exploited to corrupt memory. No additional information is available at this time. (CVE-2011-2995, CVE-2011-2996)
- There is an error in the implementation of the βwindow.locationβ JavaScript object when creating named frames. This can be exploited to bypass the same-origin policy and potentially conduct cross-site scripting attacks. (CVE-2011-2999)
- A weakness exists when handling the βLocationβ header. This can lead to response splitting attacks when visiting a vulnerable web server. The same fix has been applied to the headers βContent-Lengthβ and βContent-Dispositionβ. (CVE-2011-3000)
Binary data 801241.prmReferences
.mozilla.org/security/announce/2011/mfsa2011-36.html
.mozilla.org/security/announce/2011/mfsa2011-37.html
.mozilla.org/security/announce/2011/mfsa2011-38.html
.mozilla.org/security/announce/2011/mfsa2011-39.html
.mozilla.org/security/announce/2011/mfsa2011-40.html
.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.23
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2372
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2995
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2996
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2999
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3000
Related
openvas
openvas
Ubuntu: Security Advisory (USN-1213-1)
2011-09-30 00:00:00
Ubuntu Update for thunderbird USN-1213-1
2011-09-30 00:00:00
Ubuntu: Security Advisory (USN-1210-1)
2011-09-30 00:00:00
suse
suse
MozillaFirefox: Update to Firefox 3.6.23 (important)
2011-09-29 16:08:17
Security update for Mozilla Firefox (important)
2011-10-06 00:08:31
mozilla-xulrunner192: Update to Mozilla XULRunner 1.9.2.23 (important)
2011-09-29 14:08:20
nessus
nessus
openSUSE Security Update : mozilla-js192 (openSUSE-SU-2011:1076-1)
2014-06-13 00:00:00
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7784)
2011-12-13 00:00:00
SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5224)
2011-12-13 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2011-09-28 00:00:00
Thunderbird vulnerabilities
2011-09-28 00:00:00
Mozvoikko, ubufox, webfav update
2011-10-04 00:00:00
oraclelinux
oraclelinux
firefox security update
2011-09-28 00:00:00
thunderbird security update
2011-09-28 00:00:00
thunderbird security update
2011-09-28 00:00:00
osv
osv
iceweasel - several
2011-09-29 00:00:00
icedove - several
2011-10-05 00:00:00
iceape - several
2011-09-29 00:00:00
centos
centos
firefox, xulrunner security update
2011-09-29 03:54:30
seamonkey security update
2011-09-29 18:51:19
thunderbird security update
2011-09-29 04:34:00
debian
debian
[SECURITY] [DSA 2313-1] iceweasel security update
2011-09-29 20:48:08
[SECURITY] [DSA 2312-1] iceape security update
2011-09-29 16:30:08
[SECURITY] [DSA 2317-1] icedove security update
2011-10-05 20:36:17
redhat
redhat
(RHSA-2011:1341) Critical: firefox security update
2011-09-28 00:00:00
(RHSA-2011:1342) Critical: thunderbird security update
2011-09-28 00:00:00
(RHSA-2011:1344) Critical: seamonkey security update
2011-09-28 00:00:00
ibm
ibm
mozilla
mozilla
Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23) β Mozilla
2011-09-27 00:00:00
Defense against multiple Location headers due to CRLF Injection β Mozilla
2011-09-27 00:00:00
XSS via plugins and shadowed window.location object β Mozilla
2011-09-27 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2011-36
2011-10-01 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2011-10-01 00:00:00
Mozilla Foundation Security Advisory 2011-39
2011-10-01 00:00:00
freebsd
freebsd
Mozilla -- multiple vulnerabilities
2011-09-27 00:00:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Design/Logic Flaw
2011-09-29 00:55:00
Memory corruption
2011-09-29 00:55:00
Memory corruption
2011-09-29 00:55:00
ubuntucve
ubuntucve
cve
cve
seebug
seebug
Mozilla FirefoxθΏη¨ε
εη ΄εζΌζ΄(CVE-2011-2995)
2011-09-29 00:00:00
Mozilla FirefoxθΏη¨ε
εη ΄εζΌζ΄(CVE-2011-2996)
2011-09-29 00:00:00
veracode
veracode
CRLF Injection
2020-04-10 01:02:44
Arbitrary Code Execution
2020-04-10 01:02:41
Same-Origin Policy Bypass
2020-04-10 01:02:43
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
Related for 801241.PRM