The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities.

Successful exploitation will let attackers to to cause a denial of service or execute arbitrary code. Impact Level: Application

Upgrade to Firefox version 3.5.9, 3.6.2 http://www.mozilla.com/en-US/firefox/all.html Upgrade to Seamonkey version 2.0.4 http://www.seamonkey-project.org/releases/ Upgrade to Thunderbird version 3.0.4 http://www.mozillamessaging.com/en-US/thunderbird/

The flaws are due to: - A memory corruption error when user loads specially crafted HTML or specially crafted HTML-based e-mail, which allows to execute arbitrary code via unknown vectors. - An error in 'XMLDocument::load()' method. It is not checking 'nsIContentPolicy' during loading of content by XML documents, which allows to bypass intended access restrictions via crafted content.

Seamonkey version prior to 2.0.4, Thunderbird version proior to 3.0.4 and Firefox version before 3.5.9 and 3.6.x before 3.6.2

• http://www.mozilla.org/security/announce/2010/mfsa2010-16.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-24.html
• http://xforce.iss.net/xforce/xfdb/57388
• http://xforce.iss.net/xforce/xfdb/57396

---

Updated on 2015-03-25