| Description: | Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.
Vulnerability Insight:
The following packages are affected:
firefox
linux-firefox
linux-seamonkey
linux-thunderbird
seamonkey
thunderbird
CVE-2011-3658
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and
SeaMonkey 2.5 does not properly interact with DOMAttrModified event
handlers, which allows remote attackers to cause a denial of service
(out-of-bounds memory access) or possibly have unspecified other
impact via vectors involving removal of SVG elements.
CVE-2011-3660
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey
before 2.6 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via vectors that trigger a compartment mismatch associated with the
nsDOMMessageEvent::GetData function, and unknown other vectors.
CVE-2011-3661
YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0
through 8.0, and SeaMonkey before 2.6, allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via crafted JavaScript.
CVE-2011-3663
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and
SeaMonkey before 2.6 allow remote attackers to capture keystrokes
entered on a web page, even when JavaScript is disabled, by using SVG
animation accessKey events within that web page.
CVE-2011-3665
Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and
SeaMonkey before 2.6 allow remote attackers to cause a denial of
service (application crash) or possibly have unspecified other impact
via an Ogg VIDEO element that is not properly handled after scaling.
Solution:
Update your system with the appropriate patches or
software upgrades.
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
