Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox/Seamonkey and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let attackers to inject arbitrary web script or HTML via a crafted name of a file or directory on a Gopher server. Impact Level: Application

Solution

Upgrade to Firefox version 3.6.11 or 3.5.14 or later http://www.mozilla.com/en-US/firefox/all.html Upgrade to Seamonkey version 2.0.9 or later http://www.seamonkey-project.org/releases/

Insight

The flaw is due to an error in functions used by the 'Gopher parser' to convert text to HTML tags, could be exploited to turn text into executable JavaScript.

Affected

SeaMonkey version before 2.0.9 Firefox version before 3.5.14 and 3.6.x before 3.6.11

References

http://www.mozilla.org/security/announce/2010/mfsa2010-68.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3177

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat XML External Entity Information Disclosure Vulnerability
Apache Tomcat Remote Code Execution Vulnerability - Sep14
Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
Apache /server-info accessible

Take action and discover your vulnerabilities