Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.802185
Categoría:General
Título:Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption Vulnerabilities (MAC OS X)
Resumen:The host is installed with Mozilla firefox/thunderbird/seamonkey; and is prone to enter key dialog bypass and use-after-free memory corruption; vulnerabilities.
Descripción:Summary:
The host is installed with Mozilla firefox/thunderbird/seamonkey
and is prone to enter key dialog bypass and use-after-free memory corruption
vulnerabilities.

Vulnerability Insight:
The flaws are due to

- not preventing manual add-on installation in response to the holding of
the Enter key.

- a use-after-free error existing when parsing OGG headers.

Vulnerability Impact:
Successful exploitation will let attackers to, attackers to cause a denial
of service (memory corruption and application crash) or possibly execute
arbitrary code.

Affected Software/OS:
SeaMonkey version prior to 2.4
Thunderbird version prior to 7.0
Mozilla Firefox version 4.x through 6

Solution:
Upgrade to Mozilla Firefox version 7.0 or later, Upgrade to SeaMonkey version to 2.4 or later,
Upgrade to Thunderbird version to 7.0 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 49837
BugTraq ID: 49808
Common Vulnerability Exposure (CVE) ID: CVE-2011-3001
http://www.mandriva.com/security/advisories?name=MDVSA-2011:139
http://www.mandriva.com/security/advisories?name=MDVSA-2011:140
http://www.mandriva.com/security/advisories?name=MDVSA-2011:141
http://www.mandriva.com/security/advisories?name=MDVSA-2011:142
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14442
http://secunia.com/advisories/46315
SuSE Security Announcement: SUSE-SU-2011:1256 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
SuSE Security Announcement: openSUSE-SU-2011:1076 (Google Search)
http://lists.opensuse.org/opensuse-updates/2011-10/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-3005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14352
http://secunia.com/advisories/49055
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.