Summary
The host is installed with Mozilla Firefox/Seamonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to to cause a denial of service or execute arbitrary code.
Impact Level: Application
Solution
Upgrade to Firefox version 3.5.10, 3.6.4
http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.5
http://www.seamonkey-project.org/releases/
Insight
The flaws are due to:
- Use-after-free vulnerability exists in the application, which allows attackers to execute arbitrary code via multiple plugin instances.
- Error in the handling of HTTP headers, which does not properly handle situations in which both 'Content-Disposition: attachment' and 'Content-Type: multipart' are present in HTTP headers, which allows attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.
Affected
Seamonkey version prior to 2.0.5,
Firefox version 3.5.x before 3.5.10 and 3.6.x before 3.6.4
References
Severity
Classification
-
CVE CVE-2010-1197, CVE-2010-1198 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities