Summary
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 3.6.26 or 10.0 or later For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.7 or later
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version to 3.1.18 or 10.0 or later http://www.mozilla.org/en-US/thunderbird/
Insight
The flaws are due to
- Multiple unspecified vulnerabilities in the browser engine.
- An error while initializing nsChildView data structures.
- Premature notification of AttributeChildRemoved, the removed child nodes of nsDOMAttribute can be accessed under certain circumstances.
- An error while processing a malformed embedded XSLT stylesheet, leads to crash the application.
Affected
SeaMonkey version before 2.7
Thunderbird version before 3.1.18 and 5.0 through 9.0 Mozilla Firefox version before 3.6.26 and 4.x through 9.0
References
Severity
Classification
-
CVE CVE-2011-3659, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)