Summary
The host is installed with Mozilla firefox/seamonkey and is prone to information disclosure and security bypass vulnerabilities.
Impact
Successful exploitation will allow attackers to obtain sensitive information and bypass the application's security mechanism.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 6.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.3 or later
http://www.mozilla.org/projects/seamonkey/
Insight
The flaws are due to implementation errors,
- In Content Security Policy (CSP) violation reports, which fails to remove proxy-authorization credentials from the listed request headers.
- In digital signatures for JAR files, which fails to prevent calls from unsigned JavaScript code to signed code.
Affected
SeaMonkey version 2.0 through 2.2
Mozilla Firefox version 4.x through 5
References
Severity
Classification
-
CVE CVE-2011-2990, CVE-2011-2993 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
- Adobe Captivate Insecure Library Loading Vulnerability
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)