Summary
The host is installed with Mozilla Firefox/Seamonkey and is prone to Denial of Service vulnerability.
Impact
Successful exploitation will allow remote attackers to cause a denial of service.
Impact Level: Application
Solution
Upgrade to Firefox version 3.5.9, 3.6.2
http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.4
http://www.seamonkey-project.org/releases/
Insight
The flaw is due to improper handling of an 'IFRAME' element with a mailto: URL in its 'SRC' attribute, which allows remote attackers to exhaust resources via an HTML document with many 'IFRAME' elements.
Affected
Seamonkey version prior to 2.0.4,
Firefox version 3.0.x to 3.0.19, 3.5.x before 3.5.9, 3.6.x before 3.6.2
References
Severity
Classification
-
CVE CVE-2010-1990 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Comodo Internet Security Denial of Service Vulnerability-05
- Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Windows)
- ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux)
- CUPS Denial of Service Vulnerability - Jun09
- FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)