Summary
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone multiple vulnerabilities.
Impact
Successful exploitation will let attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 9.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.6 or later
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version to 9.0 or later
http://www.mozilla.org/en-US/thunderbird/
Insight
Multiple flaws are due to
- Unspecified errors in browser engine.
- An error exists within the YARR regular expression library when parsing javascript content.
- Not properly handling SVG animation accessKey events when JavaScript is disabled. This can lead to the user's key strokes being leaked.
- An error exists within the handling of OGG <video> elements.
Affected
SeaMonkey version before 2.6
Thunderbird version 5.0 through 8.0
Mozilla Firefox version Firefox 4.x through 8.0
References
- http://secunia.com/advisories/47302/
- http://www.mozilla.org/security/announce/2011/mfsa2011-53.html
- http://www.mozilla.org/security/announce/2011/mfsa2011-54.html
- http://www.mozilla.org/security/announce/2011/mfsa2011-56.html
- http://www.mozilla.org/security/announce/2011/mfsa2011-58.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)
- Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)