Mozilla Products Jar Files Remote Code Execution Vulnerability (MAC OS X) Network Vulnerability

Summary

The host is installed with Mozilla firefox/thunderbird and is prone to remote code execution vulnerability.

Impact

Successful exploitation will let attackers to execute arbitrary code in the context of the user running an affected application. Impact Level: Application

Solution

Upgrade to Mozilla Firefox version 3.6.25 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html Upgrade to Thunderbird version to 3.1.17 or later http://www.mozilla.org/en-US/thunderbird/

Insight

The flaw is due to not considering '.jar' files to be executable files which allows remote attackers to bypass intended access restrictions via a crafted file.

Affected

Thunderbird version prior to 3.1.17 Mozilla Firefox version prior to 3.6.25

References

http://www.mozilla.org/security/announce/2011/mfsa2011-59.html
http://www.securityfocus.com/bid/51139/discuss

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3666

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AOLserver Default Password
Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
Apple iTunes Multiple Vulnerabilities - Apr10
Apache Tomcat Multiple Vulnerabilities-01 (Nov14)
Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)

Mozilla Products jar Files Remote Code Execution Vulnerability (MAC OS X)

Take action and discover your vulnerabilities