Mozilla Products Browser Engine Denial Of Service Vulnerabilities (Windows) Network Vulnerability

Summary

The host is installed with Mozilla firefox/thunderbird and is prone to denial of service vulnerability.

Impact

Successful exploitation will let attackers to cause a denial of service and execute arbitrary code via unspecified vectors. Impact Level: System/Application

Solution

Upgrade to Mozilla Firefox version 8.0 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html Upgrade to Thunderbird version to 8.0 or later http://www.mozilla.org/en-US/thunderbird/

Insight

The flaws are due to error in browser engine - Fails to properly handle links from SVG mpath elements to non-SVG elements. - Fails to properly allocate memory.

Affected

Thunderbird version prior to 8.0 Mozilla Firefox version prior to 8.0

References

http://www.mozilla.org/security/announce/2011/mfsa2011-48.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3652, CVE-2011-3654

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Google Chrome Multiple Denial of Service Vulnerabilities - February 11(Linux)
Adobe Reader Denial of Service Vulnerability (May09)
Adobe Reader '.ETD File' Denial of Service Vulnerability (Linux)
BulletProof FTP Client '.bps' File Buffer Overflow Vulnerability
BreakPoint Software Hex Workshop Denial of Service vulnerability

Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows)

Take action and discover your vulnerabilities