Description: | Summary: The host is installed with Mozilla Firefox/Seamonkey that are prone to multiple vulnerabilities.
Vulnerability Insight: The flaws are due to:
- Use-after-free vulnerability.
- Integer overflow in the NewIdArray function.
- Cross-site Scripting (XSS) vulnerabilities in the rendering engine allows remote attackers to inject arbitrary web script.
- Not properly handle injection of an 'ISINDEX' element into an about:blank page.
- Error in 'XMLHttpRequestSpy' module in the 'Firebug' add-on is used, does not properly handle interaction between the 'XMLHttpRequestSpy' object and chrome privileged objects.
- Not properly calculate index values for certain child content in a 'XUL' tree.
- Error in 'NS_SecurityCompareURIs' function in netwerk/base/public/nsNetUtil.h which does not properly handle 'about:neterror' and 'about:certerror' pages.
- Not properly handle certain redirections involving 'data: URLs' and 'Java LiveConnect' scripts, which allows remote attackers to start processes.
Vulnerability Impact: Successful exploitation will let attackers to execute arbitrary code.
Affected Software/OS: Seamonkey version before 2.0.11
Firefox version before 3.5.16 and 3.6.x before 3.6.13
Solution: Upgrade to Firefox version 3.5.16 or 3.6.13 or later
Upgrade to Seamonkey version 2.0.11 or later
CVSS Score: 9.3
CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
|