Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.902149
Category:General
Title:Mozilla Products Multiple Vulnerabilities Mar-10 (Windows)
Summary:The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone; to multiple vulnerabilities.
Description:Summary:
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone
to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to:

- An error in 'toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js'
in the asynchronous Authorization Prompt implementation it does not properly
handle concurrent authorization requests from multiple web sites.

- An error in browser engine allows attackers to cause a denial of service
via vectors related to

- 'layout/generic/nsBlockFrame.cpp' and

- '_evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp'

- An error in performing cross-origin keystroke capture, and possibly conduct
cross-site scripting (XSS) attacks, by using the addEventListener and
setTimeout functions in conjunction with a wrapped object.

Vulnerability Impact:
Successful exploitation will let attackers to cause a denial of service,
potentially execute arbitrary code or compromise a user's system.

Affected Software/OS:
Seamonkey version prior to 2.0.3

Thunderbird version prior to 3.0.2

Firefox version 3.0.x before 3.0.18, 3.5.x before 3.5.8 and 3.6.x before 3.6.2

Solution:
Upgrade to Firefox version 3.0.18, 3.5.8, 3.6.2 or later

Upgrade to Seamonkey version 2.0.3 or later

Upgrade to Thunderbird version 3.0.2 or later

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 38918
Common Vulnerability Exposure (CVE) ID: CVE-2010-0167
http://www.securityfocus.com/bid/38918
BugTraq ID: 38944
http://www.securityfocus.com/bid/38944
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8610
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9835
http://www.vupen.com/english/advisories/2010/0692
Common Vulnerability Exposure (CVE) ID: CVE-2010-0169
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11391
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8431
Common Vulnerability Exposure (CVE) ID: CVE-2010-0171
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10773
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7743
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.