Rapid7 Vulnerability & Exploit Database

Mozilla Firefox Multiple Vulnerabilities Fixed in versions 2.0.0.17 and 3.0.2

Back to Search

Mozilla Firefox Multiple Vulnerabilities Fixed in versions 2.0.0.17 and 3.0.2

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
09/23/2008
Created
07/25/2018
Added
02/26/2009
Modified
02/13/2015

Description

The URL parsing implementation contains a stack-based buffer overflow that could allow remote attackers to execute arbitrary code via a specially crafted URL in a link. (CVE-2008-0016)

The nsXMLDocument::OnChannelRedirect function could allow remote attackers to bypass the same-origin policy and execute arbitrary JavaScript. (CVE-2008-3835)

Certain versions of Mozilla Firefox ship with a flawed version of feedWriter. This could allow remote attackers to execute scripts with chrome privileges via multiple vectors related to feed preview. (CVE-2008-3836)

Certain versions of Mozilla Firefox could allow remote attackers to possibly force a file-download or other drag-and-drop action via a crafted onmousedown action. (CVE-2008-3837)

The XPConnect component could allow remote attackers to execute arbitrary code with chrome privileges via multipel vectors. (CVE-2008-4058, CVE-2008-4059)

Vectors related to the documet.loadBindingDocument function and XSLT could allow remote attackers to execute arbitrary code with chrome privileges. (CVE-2008-4060)

The MathML component could allow remote attackers to cause a denial of service or execute arbitrary code.(CVE-2008-4061)

Multiple unspecified vulnerabilities could allow remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to the JavaScript engine. (CVE-2008-4062)

Multiple unspecified vulnerabilities could allow remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to the layout engine. (CVE-2008-4063)

Multiple unspecified vulnerabilities could allow remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to graphics rendering. (CVE-2008-4064)

Certain versions of Mozilla Firefox could allow remote attackers to bypass cross-site scripting protection mechanisms and conduct XSS attacks via the "Stripped BOM characters bug". (CVE-2008-4065)

Certain versions of Mozilla Firefox could allow remote attackers to bypass cross-site scripting protection mechanisms and conduct XSS attacks via the "HTML escaped low surrogates bug". (CVE-2008-4066)

A directory traversal vulnerability could allow remote attackers to read arbitrary files via a specially crafted URI. (CVE-2008-4067)

A directory traversal vulnerability could allow remote attackers to bypass restrictions imposed on local HTML files, and obtain sensitive information. (CVE-2008-4068)

The XBM decoder could allow remote attackers to read unitialized memory, and possibly obtain sensitive information. (CVE-2008-4069)

Solution(s)

  • mozilla-firefox-upgrade-2_0_0_17
  • mozilla-firefox-upgrade-3_0_2

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;