Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802865
Category:General
Title:Mozilla Products Multiple Vulnerabilities - June12 (Windows)
Summary:This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone; to multiple vulnerabilities.
Description:Summary:
This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
to multiple vulnerabilities.

Vulnerability Insight:
- Multiple unspecified errors in browser engine can be exploited to corrupt
memory.

- Multiple use-after-free errors exist in 'nsFrameList::FirstChild' when
handling column layouts with absolute positioning within a container that
changes the size.

- The improper implementation of Content Security Policy inline-script
blocking feature, fails to block inline event handlers such as onclick.

- An error when loading HTML pages from Windows shares, which can be
exploited to disclose files from local resources via an iframe tag.

- An error exists within 'utf16_to_isolatin1' function when converting
from unicode to native character sets.

- An error in 'nsHTMLReflowState::CalculateHypotheticalBox' when a window is
resized on a page with nested columns using absolute and relative
positioning.

- The glBufferData function in the WebGL implementation, fails to mitigate
an unspecified flaw in an NVIDIA driver.

Vulnerability Impact:
Successful exploitation could allow attackers to inject scripts, bypass
certain security restrictions, execute arbitrary code in the context of the
browser or cause a denial of service.

Affected Software/OS:
SeaMonkey version before 2.10,
Thunderbird version 5.0 through 12.0,
Mozilla Firefox version 4.x through 12.0,
Thunderbird ESR version 10.x before 10.0.5 and
Mozilla Firefox ESR version 10.x before 10.0.5 on Windows

Solution:
Upgrade to Mozilla Firefox version 13.0 or ESR version 10.0.5 or later, upgrade to SeaMonkey version to 2.10 or later,
upgrade to Thunderbird version to 13.0 or ESR 10.0.5 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1937
Debian Security Information: DSA-2488 (Google Search)
http://www.debian.org/security/2012/dsa-2488
Debian Security Information: DSA-2489 (Google Search)
http://www.debian.org/security/2012/dsa-2489
Debian Security Information: DSA-2499 (Google Search)
http://www.debian.org/security/2012/dsa-2499
http://www.mandriva.com/security/advisories?name=MDVSA-2012:088
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17055
RedHat Security Advisories: RHSA-2012:0710
http://rhn.redhat.com/errata/RHSA-2012-0710.html
RedHat Security Advisories: RHSA-2012:0715
http://rhn.redhat.com/errata/RHSA-2012-0715.html
SuSE Security Announcement: SUSE-SU-2012:0746 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html
SuSE Security Announcement: openSUSE-SU-2012:0760 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-1940
BugTraq ID: 53794
http://www.securityfocus.com/bid/53794
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17054
Common Vulnerability Exposure (CVE) ID: CVE-2012-1944
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17005
http://secunia.com/advisories/49981
Common Vulnerability Exposure (CVE) ID: CVE-2012-1945
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16743
Common Vulnerability Exposure (CVE) ID: CVE-2012-1946
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17010
Common Vulnerability Exposure (CVE) ID: CVE-2012-1947
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16911
Common Vulnerability Exposure (CVE) ID: CVE-2012-3105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16912
Common Vulnerability Exposure (CVE) ID: CVE-2012-1941
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16985
Common Vulnerability Exposure (CVE) ID: CVE-2012-0441
BugTraq ID: 53798
http://www.securityfocus.com/bid/53798
Debian Security Information: DSA-2490 (Google Search)
http://www.debian.org/security/2012/dsa-2490
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701
http://secunia.com/advisories/49976
http://secunia.com/advisories/50316
http://www.ubuntu.com/usn/USN-1540-1
http://www.ubuntu.com/usn/USN-1540-2
Common Vulnerability Exposure (CVE) ID: CVE-2012-1938
BugTraq ID: 53796
http://www.securityfocus.com/bid/53796
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17058
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.