Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.801386
Category:General
Title:Mozilla Products Multiple Vulnerabilities july-10 (Windows)
Summary:The host is installed with Mozilla Firefox/Seamonkey that are prone to; multiple vulnerabilities.
Description:Summary:
The host is installed with Mozilla Firefox/Seamonkey that are prone to
multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to:

- An error in the 'DOM' attribute cloning routine where under certain
circumstances an event attribute node can be deleted while another object
still contains a reference to it.

- An error in Mozilla's implementation of NodeIterator in which a malicious
NodeFilter could be created which would detach nodes from the DOM tree while
it was being traversed.

- An error in the code used to store the names and values of plugin parameter
elements. A malicious page could embed plugin content containing a very
large number of parameter elements which would cause an overflow in the
integer value counting them.

- An error in handling of location bar could be spoofed to look like a secure
page when the current document was served via plain text.

- Spoofing method does not require that the resource opened in a new window
respond with 204, as long as the opener calls window.stop() before the
document is loaded.

- Spoofing error occurs when opening a new window containing a resource that
responds with an HTTP 204 (no content) and then using the reference to the
new window to insert HTML content into the blank document.

Vulnerability Impact:
Successful exploitation will let attackers to cause a denial of service
or execute arbitrary code.

Affected Software/OS:
Seamonkey version 2.0.x before 2.0.6

Firefox version 3.5.x before 3.5.11 and 3.6.x before 3.6.7

Solution:
Upgrade to Firefox version 3.5.11 or 3.6.7

Upgrade to Seamonkey version 2.0.6

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 41824
Common Vulnerability Exposure (CVE) ID: CVE-2010-1208
BugTraq ID: 41849
http://www.securityfocus.com/bid/41849
Bugtraq: 20100721 ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512515
http://www.zerodayinitiative.com/advisories/ZDI-10-134/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740
Common Vulnerability Exposure (CVE) ID: CVE-2010-1209
BugTraq ID: 41845
http://www.securityfocus.com/bid/41845
Bugtraq: 20100721 ZDI-10-130: Mozilla Firefox NodeIterator Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512511
http://www.zerodayinitiative.com/advisories/ZDI-10-130/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11055
Common Vulnerability Exposure (CVE) ID: CVE-2010-1206
http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8248
http://secunia.com/advisories/40283
Common Vulnerability Exposure (CVE) ID: CVE-2010-1214
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685
Common Vulnerability Exposure (CVE) ID: CVE-2010-2751
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11688
CopyrightCopyright (c) 2010 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.