Summary
The host is installed with Mozilla firefox/seamonkey/thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to obtain sensitive information about visited web pages.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 4.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.1 or later
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version 3.3 or later
http://www.mozilla.org/en-US/thunderbird/
Insight
The flaws are due to
- An error in layout engine, executes different code for visited and unvisited links during the processing of CSS token sequences.
- An error in JavaScript implementation, which does not properly restrict the set of values of objects returned by the getComputedStyle method.
- An error in Cascading Style Sheets (CSS) implementation, which fails to handle the visited pseudo-class.
Affected
SeaMonkey version prior to 2.1,
Thunderbird version prior to 3.3 and
Mozilla Firefox version prior to 4.0 on Windows
References
Severity
Classification
-
CVE CVE-2002-2436, CVE-2002-2437, CVE-2010-5074 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
- Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
- Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
- Apple Mac OS X Authentication Bypass Vulnerability
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)