The host is installed with Mozilla Firefox/Thunderbird that are prone to multiple vulnerabilities.

Successful exploitation will let attackers to cause a denial of service or execute arbitrary code or XSS problems. Impact Level: Application

Upgrade to Firefox version 3.5.11 or 3.6.7 http://www.mozilla.com/en-US/firefox/all.html Upgrade to Thunderbird version 3.0.6 or 3.1.1 http://www.mozillamessaging.com/en-US/thunderbird/

The flaws are due to: - An error in the handling of 'SJOW()' and 'fast()' native function, when content script which is running in a chrome context accesses a content object via SJOW. - An error in the handling of canvas element, can be used to read data from another site, violating the same-origin policy.The read restriction placed on a canvas element which has had cross-origin data rendered into it can be bypassed by retaining a reference to the canvas element's context and deleting the associated canvas node from the DOM. - Undefined positions within various 8 bit character encoding's are mapped to the sequence U+FFFD which when displayed causes the immediately following character to disappear from the text run.

Firefox version 3.5.x before 3.5.11 and 3.6.x before 3.6.7 Thunderbird version 3.1.x before 3.1.1

• http://www.mozilla.org/security/announce/2010/mfsa2010-38.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-43.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-44.html

---

Updated on 2015-03-25