Mozilla Firefox And SeaMonkey 'loadSubScript()' Security Bypass Vulnerability Network Vulnerability

Summary

The host is installed with Mozilla firefox/seamonkey and is prone to security bypass vulnerability.

Impact

Successful exploitation will let attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. Impact Level: Application

Solution

Upgrade to Mozilla Firefox version 7.0 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html Upgrade to SeaMonkey version to 2.4 or later http://www.mozilla.org/projects/seamonkey/

Insight

The flaw is due to an error while handling 'XPCNativeWrappers' during calls to the loadSubScript method in an add-on.

Affected

SeaMonkey version prior to 2.4 Mozilla Firefox version 4.x through 6

References

http://www.mozilla.org/security/announce/2011/mfsa2011-43.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3004

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
Apache Tomcat Multiple Vulnerabilities - 03 Mar14
Asterisk SIP REGISTER Response Username Enumeration Vulnerability
Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)

Mozilla Firefox and SeaMonkey 'loadSubScript()' Security Bypass Vulnerability

Take action and discover your vulnerabilities