Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.801386 |
Category: | General |
Title: | Mozilla Products Multiple Vulnerabilities july-10 (Windows) |
Summary: | The host is installed with Mozilla Firefox/Seamonkey that are prone to; multiple vulnerabilities. |
Description: | Summary: The host is installed with Mozilla Firefox/Seamonkey that are prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to: - An error in the 'DOM' attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. - An error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. - An error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. - An error in handling of location bar could be spoofed to look like a secure page when the current document was served via plain text. - Spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. - Spoofing error occurs when opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. Vulnerability Impact: Successful exploitation will let attackers to cause a denial of service or execute arbitrary code. Affected Software/OS: Seamonkey version 2.0.x before 2.0.6 Firefox version 3.5.x before 3.5.11 and 3.6.x before 3.6.7 Solution: Upgrade to Firefox version 3.5.11 or 3.6.7 Upgrade to Seamonkey version 2.0.6 CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
Cross-Ref: |
BugTraq ID: 41824 Common Vulnerability Exposure (CVE) ID: CVE-2010-1208 BugTraq ID: 41849 http://www.securityfocus.com/bid/41849 Bugtraq: 20100721 ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/512515 http://www.zerodayinitiative.com/advisories/ZDI-10-134/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740 Common Vulnerability Exposure (CVE) ID: CVE-2010-1209 BugTraq ID: 41845 http://www.securityfocus.com/bid/41845 Bugtraq: 20100721 ZDI-10-130: Mozilla Firefox NodeIterator Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/512511 http://www.zerodayinitiative.com/advisories/ZDI-10-130/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11055 Common Vulnerability Exposure (CVE) ID: CVE-2010-1206 http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8248 http://secunia.com/advisories/40283 Common Vulnerability Exposure (CVE) ID: CVE-2010-1214 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685 Common Vulnerability Exposure (CVE) ID: CVE-2010-2751 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11688 |
Copyright | Copyright (c) 2010 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |