Test ID:	1.3.6.1.4.1.25623.1.0.803204
Category:	General
Title:	Mozilla Products Multiple Vulnerabilities-04 (Jan 2013) - Windows
Summary:	Mozilla Firefox/Thunderbird/Seamonkey is prone to multiple; vulnerabilities.
Description:	Summary: Mozilla Firefox/Thunderbird/Seamonkey is prone to multiple vulnerabilities. Vulnerability Insight: - An error exists within the 'nsSOCKSSocketInfo::ConnectToProxy()' when handling SSL connection threads. - An error when parsing height and width values of a canvas element. - An error within the 'Object.prototype.__proto__()' can be exploited to bypass Chrome Object Wrappers (COW). - Unspecified error in the browser engine can be exploited to corrupt memory. - An error exists due to the AutoWrapperChanger class not keeping certain objects alive during garbage collection. Vulnerability Impact: Successful exploitation could allow attackers to inject scripts, bypass certain security restrictions, cause a denial of service or execute arbitrary code in the context of the browser. Affected Software/OS: - SeaMonkey version before 2.15 - Thunderbird version before 17.0.2 - Mozilla Firefox version before 18.0 - Thunderbird ESR version 17.x before 17.0.2 - Mozilla Firefox ESR version 17.x before 17.0.2 Solution: Update to Mozilla Firefox version 18.0 or ESR version 17.0.2 or later, update to SeaMonkey version to 2.15 or later, update to Thunderbird version to 17.0.2 or ESR 17.0.2 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0764 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16715 SuSE Security Announcement: SUSE-SU-2013:0048 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html SuSE Security Announcement: SUSE-SU-2013:0049 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html SuSE Security Announcement: openSUSE-SU-2013:0131 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html SuSE Security Announcement: openSUSE-SU-2013:0149 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://www.ubuntu.com/usn/USN-1681-1 http://www.ubuntu.com/usn/USN-1681-2 http://www.ubuntu.com/usn/USN-1681-4 Common Vulnerability Exposure (CVE) ID: CVE-2013-0768 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16990 Common Vulnerability Exposure (CVE) ID: CVE-2013-0757 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16939 Common Vulnerability Exposure (CVE) ID: CVE-2013-0745 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17061 Common Vulnerability Exposure (CVE) ID: CVE-2013-0747 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16866 Common Vulnerability Exposure (CVE) ID: CVE-2013-0752 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16694 Common Vulnerability Exposure (CVE) ID: CVE-2013-0755 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16952 Common Vulnerability Exposure (CVE) ID: CVE-2013-0756 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17101
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.