Summary
The host is installed with Mozilla Firefox/Seamonkey and is prone to code execution vulnerability
Impact
Successful exploitation will let attackers to potentially execute arbitrary code on the system.
Impact Level: Application
Solution
Upgrade to Firefox version 3.0.19 or 3.5.8,
http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.3 or later,
http://www.seamonkey-project.org/releases/
Insight
The flaw is due to an error in the 'XMLHttpRequestSpy' module in the 'Firebug' add-on which does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects.
Affected
Seamonkey version prior to 2.0.3 and
Firefox version 3.0.x before 3.0.19 and 3.5.x before 3.5.8 on Windows.
References
Severity
Classification
-
CVE CVE-2010-0179 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Asterisk SIP REGISTER Response Username Enumeration Vulnerability
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)
- Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
- AOLserver Default Password