Summary
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 3.6.26 or 10.0 or later For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.7 or later
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version to 3.1.18 or 10.0 or later http://www.mozilla.org/en-US/thunderbird/
Insight
The flaws are due to
- Multiple unspecified vulnerabilities in the browser engine.
- An error while initializing nsChildView data structures.
- Premature notification of AttributeChildRemoved, the removed child nodes of nsDOMAttribute can be accessed under certain circumstances.
- An error while processing a malformed embedded XSLT stylesheet, leads to crash the application
Affected
SeaMonkey version before 2.7
Thunderbird version before 3.1.18 and 5.0 through 9.0 Mozilla Firefox version before 3.6.26 and 4.x through 9.0
References
Severity
Classification
-
CVE CVE-2011-3659, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Dreamweaver Insecure Library Loading Vulnerability
- Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
- Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
- Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)