Summary
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to out of bounds memory corruption vulnerability.
Impact
Successful exploitation will let attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 9.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.6 or later
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version to 9.0 or later
http://www.mozilla.org/en-US/thunderbird/
Insight
The flaw is due to error in SVG implementation which results in an out-of-bounds memory access if SVG elements were removed during a DOMAttrModified event handler.
Affected
SeaMonkey version 2.5
Thunderbird version 8.0
Mozilla Firefox version 8.0
References
Severity
Classification
-
CVE CVE-2011-3658 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
- Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows
- Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)