Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802820
Category:General
Title:Mozilla Products Multiple Vulnerabilities - Mar12 (Windows)
Summary:The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone; to multiple vulnerabilities.
Description:Summary:
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to

- Multiple unspecified vulnerabilities in the browser engine.

- An improper implementation of the nsWindow failing to validate an instance
after event dispatching.

- An error when handling 'javascript:'.

- A use-after-free error exists within the
'nsSMILTimeValueSpec::ConvertBetweenTimeContainers()' function.

- An improper implementation of SVG Filters.

Vulnerability Impact:
Successful exploitation will let attackers to cause a denial of service or
possibly execute arbitrary code via unknown vectors.

Affected Software/OS:
SeaMonkey version before 2.8
Thunderbird ESR version 10.x before 10.0.3
Mozilla Firefox ESR version 10.x before 10.0.3
Thunderbird version before 3.1.20 and 5.0 through 10.0
Mozilla Firefox version before 3.6.28 and 4.x through 10.0

Solution:
Upgrade to Mozilla Firefox version 3.6.28 or 11.0 or later, upgrade to SeaMonkey version to 2.8 or later,
upgrade to Thunderbird version to 3.1.20 or 11 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 52464
BugTraq ID: 52466
BugTraq ID: 52460
BugTraq ID: 52459
BugTraq ID: 52458
BugTraq ID: 52465
BugTraq ID: 52461
Common Vulnerability Exposure (CVE) ID: CVE-2012-0461
Debian Security Information: DSA-2433 (Google Search)
http://www.debian.org/security/2012/dsa-2433
Debian Security Information: DSA-2458 (Google Search)
http://www.debian.org/security/2012/dsa-2458
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15009
RedHat Security Advisories: RHSA-2012:0387
http://rhn.redhat.com/errata/RHSA-2012-0387.html
RedHat Security Advisories: RHSA-2012:0388
http://rhn.redhat.com/errata/RHSA-2012-0388.html
http://www.securitytracker.com/id?1026801
http://www.securitytracker.com/id?1026803
http://www.securitytracker.com/id?1026804
http://secunia.com/advisories/48359
http://secunia.com/advisories/48402
http://secunia.com/advisories/48414
http://secunia.com/advisories/48495
http://secunia.com/advisories/48496
http://secunia.com/advisories/48513
http://secunia.com/advisories/48553
http://secunia.com/advisories/48561
http://secunia.com/advisories/48624
http://secunia.com/advisories/48629
http://secunia.com/advisories/48823
http://secunia.com/advisories/48920
SuSE Security Announcement: SUSE-SU-2012:0424 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
SuSE Security Announcement: SUSE-SU-2012:0425 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
SuSE Security Announcement: openSUSE-SU-2012:0417 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
http://www.ubuntu.com/usn/USN-1400-1
http://www.ubuntu.com/usn/USN-1400-2
http://www.ubuntu.com/usn/USN-1400-3
http://www.ubuntu.com/usn/USN-1400-4
http://www.ubuntu.com/usn/USN-1400-5
http://www.ubuntu.com/usn/USN-1401-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-0463
http://www.securityfocus.com/bid/52466
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15143
Common Vulnerability Exposure (CVE) ID: CVE-2012-0458
http://www.securityfocus.com/bid/52460
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122
Common Vulnerability Exposure (CVE) ID: CVE-2012-0457
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14775
Common Vulnerability Exposure (CVE) ID: CVE-2012-0455
http://www.securityfocus.com/bid/52458
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14829
Common Vulnerability Exposure (CVE) ID: CVE-2012-0464
http://www.securityfocus.com/bid/52465
http://pwn2own.zerodayinitiative.com/status.html
http://www.zdnet.com/blog/security/mozilla-knew-of-pwn2own-bug-before-cansecwest/10757
http://www.zdnet.com/blog/security/researchers-hack-into-newest-firefox-with-zero-day-flaw/10663
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14170
Common Vulnerability Exposure (CVE) ID: CVE-2012-0456
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15007
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.