Description: | Summary: The host is installed with Mozilla Firefox/Seamonkey/Thunderbird that are prone to multiple vulnerabilities.
Vulnerability Insight: The flaws are due to:
- A memory corruption errors in the browser engine, which allows to corrupt the memory under certain circumstances.
- An integer overflow error exists when array class used to store CSS values, which allows to execute arbitrary codes.
- An integer overflow error in the implementation of the XUL element's 'selection' attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection, which allows attacker to call into deleted memory and run arbitrary code.
- Error in handling of 'CSS' selector into points A and B of a target page, data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs.
- Cross-origin data leakage errors occurs from script filename in error messages.
Vulnerability Impact: Successful exploitation will let attackers to cause a denial of service or execute arbitrary code.
Affected Software/OS: Seamonkey version 2.0.x before 2.0.6
Firefox version 3.5.x before 3.5.11 and 3.6.x before 3.6.7
Thunderbird version 3.0.x before 3.0.6 and 3.1.x before 3.1.1
Solution: Upgrade to Firefox version 3.5.11 or 3.6.7 or later
Upgrade to Seamonkey version 2.0.6 or later
Upgrade to Thunderbird version 3.0.6 or 3.1.1 or later
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|