Summary
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to cause a denial of service or possibly execute arbitrary code.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 10.0 or later
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.7 or later
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version to 10.0 or later
http://www.mozilla.org/en-US/thunderbird/
Insight
The flaws are due to
- Multiple unspecified vulnerabilities in browser engine - An error in frame scripts bypass XPConnect security checks when calling untrusted objects.
- Not properly initializing data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
Affected
SeaMonkey version before 2.7
Thunderbird version 5.0 through 9.0
Mozilla Firefox version 4.x through 9.0
References
Severity
Classification
-
CVE CVE-2012-0443, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities