Summary
The host is installed with Mozilla firefox/seamonkey/thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to obtain sensitive information about visited web pages.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 4.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.1 or later
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version 3.3 or later
http://www.mozilla.org/en-US/thunderbird/
Insight
The flaws are due to
- An error in layout engine, executes different code for visited and unvisited links during the processing of CSS token sequences.
- An error in JavaScript implementation, which does not properly restrict the set of values of objects returned by the getComputedStyle method.
- An error in Cascading Style Sheets (CSS) implementation, which fails to handle the visited pseudo-class.
Affected
SeaMonkey version prior to 2.1,
Thunderbird version prior to 3.3 and
Mozilla Firefox version prior to 4.0 on MAC OS
References
Severity
Classification
-
CVE CVE-2002-2436, CVE-2002-2437, CVE-2010-5074 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
- Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
- Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
- Adobe Reader 'SWF' Information Disclosure Vulnerability (Windows)