Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802212
Category:General
Title:Mozilla Firefox Multiple Vulnerabilities July-11 (Windows)
Summary:The host is installed with Mozilla Firefox and is prone to multiple; vulnerabilities.
Description:Summary:
The host is installed with Mozilla Firefox and is prone to multiple
vulnerabilities.

Vulnerability Insight:
- An error within WebGL allows remote attackers to obtain screenshots of the
windows of arbitrary desktop applications via vectors involving an SVG
filter, an IFRAME element, and uninitialized data in graphics memory.

- An error within WebGL when reading certain data can be exploited to
disclose GPU memory contents used by other processes.

- An error within WebGL can be exploited to execute arbitrary code or
cause a denial of service.

- Input passed via HTML-encoded entities is not properly decoded before
being displayed inside SVG elements, which allows remote attackers to
inject arbitrary web script or HTML.

Vulnerability Impact:
Successful exploitation allows remote attackers to disclose potentially
sensitive information, conduct cross-site scripting attacks, and compromise
a user's system.

Affected Software/OS:
Mozilla Firefox versions 4.x through 4.0.1

Solution:
Upgrade to Firefox version 5.0 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 48319
BugTraq ID: 48371
BugTraq ID: 48375
BugTraq ID: 48379
Common Vulnerability Exposure (CVE) ID: CVE-2011-2598
http://www.securityfocus.com/bid/48319
http://www.contextis.com/resources/blog/webgl2/
http://www.theregister.co.uk/2011/06/16/webgl_security_threats_redux/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14207
Common Vulnerability Exposure (CVE) ID: CVE-2011-2367
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14302
SuSE Security Announcement: SUSE-SA:2011:028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-2368
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13912
Common Vulnerability Exposure (CVE) ID: CVE-2011-2369
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14426
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.