Rapid7 Vulnerability & Exploit Database

Mozilla Firefox Multiple Vulnerabilities Fixed in 3.0.8

Free InsightVM Trial No credit card necessary
Watch Demo See how it all works
Back to Search

Mozilla Firefox Multiple Vulnerabilities Fixed in 3.0.8

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
03/27/2009
Created
07/25/2018
Added
03/29/2009
Modified
02/13/2015

Description

Mozilla Firefox before 3.0.8 is affected by multiple vulnerabilities:

  • XSL Transformation vulnerability (MFSA 2009-12). An XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer.
  • Arbitrary code execution via XUL tree element (MFSA 2009-13). The XUL tree method _moveToEdgeShift is in some cases triggering garbage collection routines on objects which are still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim's computer.

Note: The MFSA 2009-13 vulnerability was used to win the 2009 CanSecWest Pwn2Own contest.

Solution(s)

  • mozilla-firefox-upgrade-3_0_8

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;