Mozilla Products Multiple Vulnerabilities - July12 (Mac OS X) Network Vulnerability

Summary

This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities.

Impact

Successful exploitation could allow attackers to inject scripts, bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service. Impact Level: System/Application

Solution

Upgrade to Mozilla Firefox version 14.0 or ESR version 10.0.6 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html Upgrade to SeaMonkey version to 2.11 or later, http://www.mozilla.org/projects/seamonkey/ Upgrade to Thunderbird version to 14.0 or ESR 10.0.6 or later, http://www.mozilla.org/en-US/thunderbird/

Insight

- Use-after-free error exists within the functions 'nsGlobalWindow::PageHidden()', 'nsSMILTimeValueSpec::IsEventBased', 'nsDocument::AdoptNode' and 'JSDependentString::undepend'. - Multiple unspecified errors within the browser engine can be exploited to corrupt memory. - An error within the feed-view functionality. - An out-of-bounds read error within the 'ElementAnimations::EnsureStyleRuleFor()'. - A bad cast error within the 'nsTableFrame::InsertFrames()', can be exploited to corrupt memory

Affected

SeaMonkey version before 2.11 Thunderbird version 5.0 through 13.0 Mozilla Firefox version 4.x through 13.0 Thunderbird ESR version 10.x before 10.0.6 Mozilla Firefox ESR version 10.x before 10.0.6 on Mac OS X

References

Updated on 2015-03-25

Severity

Classification

CVE	CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1955, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1967

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Take action and discover your vulnerabilities