CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.9%
The remote host has a web browser installed that is vulnerable to multiple attack vectors.
Versions of Firefox 7.0 are potentially affected by the following security issues :
Certain invalid sequences are not handled properly in ‘Shift-JIS’ encoding and can allow cross-site scripting attacks. (CVE-2011-3648)
The addition of the ‘Azure’ graphics functionality re-introduced a cross-origin information disclosure issue previously described in CVE-2011-2986. (CVE-2011-3649)
Profiling JavaScript files with many functions can cause the application to crash. It may be possible to trigger this behavior even when the debugging APIs are not being used. (CVE-2011-3650)
Multiple memory safety issues exist. (CVE-2011-3651)
An unchecked memory allocation failure can cause the application to crash. (CVE-2011-3652)
An issue with WebGL graphics and GPU drivers can allow cross-origin image theft. (CVE-2011-3653)
An error exists related to SVG ‘mpath’ linking to a non-SVG element and can result in potentially exploitable application crashes. (CVE-2011-3654)
An error in internal privilege checking can allow web content to obtain elevated privileges. (CVE-2011-3655)
Binary data 801321.prm
.mozilla.org/security/announce/2011/mfsa2011-47.html
.mozilla.org/security/announce/2011/mfsa2011-48.html
.mozilla.org/security/announce/2011/mfsa2011-49.html
.mozilla.org/security/announce/2011/mfsa2011-50.html
.mozilla.org/security/announce/2011/mfsa2011-51.html
.mozilla.org/security/announce/2011/mfsa2011-52.html
.mozilla.org/security/known-vulnerabilities/firefox.html#firefox7
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3648
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3649
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3650
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3651
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3653
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3654
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3655