Summary
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to Denial of Service vulnerability.
Impact
Successful exploitation will let attackers to execute arbitrary code on the system or cause the browser to crash.
Impact Level: Application
Solution
Upgrade to Firefox version 3.0.19, 3.5.9, 3.6.2
http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.4
http://www.seamonkey-project.org/releases/
Upgrade to Thunderbird version 3.0.4
http://www.mozillamessaging.com/en-US/thunderbird/
Insight
The flaws are due to :
- A memory corruption error when user loads specially crafted HTML or specially crafted HTML-based e-mail, which allows to execute arbitrary code via unknown vectors.
- A dangling pointer flaw in the 'nsTreeContentView' when user loads specially crafted HTML containing '<option>' elements in an XUL tree '<optgroup>'.
Affected
Seamonkey version prior to 2.0.4,
Thunderbird version prior to 3.0.4 and
Firefox version 3.0.x before 3.0.19, 3.5.x before 3.5.9, 3.6.x before 3.6.2
References
Severity
Classification
-
CVE CVE-2010-0174, CVE-2010-0176 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X