10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.8 High
EPSS
Percentile
98.3%
The remote host has a web browser installed that is vulnerable to multiple attack vectors.
Versions of Firefox 3.6 earlier than 3.6.20 are potentially affected by the following security issues :
. -A DOM accounting error exists in the โappendChildโ JavaScript function that can allow an invalid pointer to be dereferenced. (CVE-2011-2378)
An error exists in โThinkPadSensor: : Startupโ that can allow malicious DLLs to be loaded. (CVE-2011-2980)
An error exists in the event management code that can allow JavaScript to execute in the context of a different website and possibly in the chrome-privileged context. (CVE-2011-2981)
Various unspecified memory safety issues exist. (CVE-2011-2982)
A cross-domain information disclosure vulnerability exists if the configuration option โRegExp.inputโ is set. (CVE-2011-2983)
A privilege escalation vulnerability exists if web content is registered to handle โdropโ events and a browser tab is dropped in that elementโs area. This can allow the web content to execute with browser chrome privileges. (CVE-2011-2984)
Binary data 801343.prm
.mozilla.org/security/announce/2011/mfsa2011-30.html
.zerodayinitiative.com/advisories/ZDI-11-270
.zerodayinitiative.com/advisories/ZDI-11-271
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2980
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2981
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2982
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2983
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2984