CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.8%
The remote host has a web browser installed that is vulnerable to multiple attack vectors.
Versions of Firefox 3.6.x earlier than 3.6.26 are potentially affected by the following security issues :
A use-after-free error exists related to removed nsDOMAttribute child nodes. (CVE-2011-3659)
The IPv6 literal syntax in web addresses is not being properly enforced. (CVE-2011-3670)
Various memory safety issues exist. (CVE-2012-0442)
Memory corruption errors exist related to the decoding of Ogg Vorbis files and processing of malformed XSLT stylesheets. (CVE-2012-0444, CVE-2012-0449)
Binary data 801268.prm
.mozilla.org/security/announce/2012/mfsa2012-01.html
.mozilla.org/security/announce/2012/mfsa2012-02.html
.mozilla.org/security/announce/2012/mfsa2012-04.html
.mozilla.org/security/announce/2012/mfsa2012-07.html
.mozilla.org/security/announce/2012/mfsa2012-08.html
.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.26
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449