Rapid7 Vulnerability & Exploit Database

Mozilla Firefox Multiple Vulnerabilities Fixed in version 3.0.6

Back to Search

Mozilla Firefox Multiple Vulnerabilities Fixed in version 3.0.6

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
02/03/2009
Created
07/25/2018
Added
02/25/2009
Modified
02/13/2015

Description

Multiple unspecified vulnerabilities could allow remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to the layout engine. (CVE-2009-0352)

An unspecified vulnerability could allow remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to the JavaScript engine. (CVE-2009-0353)

Certain versions of Mozilla Firefox contain a cross-domain vulnerability in js/src/jsobj.cpp. This could allow remote attackers to bypass the same-origin policy and conduct cross-site scripting attacks or access the properties of an arbitrary window. (CVE-2009-0354)

Changes of INPUT elements to type="file" are not blocked during tab restoration. This could allow remote attackers to read arbitrary files via a specially crafted INPUT element. (CVE-2009-0355)

The links to the about:plugins and about:config URIs are not blocked from the .desktop files. This could allow remote attackers to bypass the same-origin policy and execute arbitrary code with chrome privileges. (CVE-2009-0356)

Access to the Set-Cookie and Set-Cookie2 HTTP response headers are not properly restricted from web pages. (CVE-2009-0357)

The no-store and no-cache Cache-Control directives are not properly implemented. This could allow local attackers to obtain sensitive information via either the back button or the history list of the victim's browser. (CVE-2009-0358)

Solution(s)

  • mozilla-firefox-upgrade-3_0_6

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;