Summary
This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to inject scripts, bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 13.0 or ESR version 10.0.5 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.10 or later,
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version to 13.0 or ESR 10.0.5 or later, http://www.mozilla.org/en-US/thunderbird/
Insight
- Multiple unspecified errors in browser engine can be exploited to corrupt memory.
- Multiple use-after-free errors exists in 'nsFrameList::FirstChild' when handling column layouts with absolute positioning within a container that changes the size.
- The improper implementation of Content Security Policy inline-script blocking feature, fails to block inline event handlers such as onclick.
- An error when loading HTML pages from Windows shares, which can be exploited to disclose files from local resources via an iframe tag.
- An error exists within 'utf16_to_isolatin1' function when converting from unicode to native character sets.
- An error in 'nsHTMLReflowState::CalculateHypotheticalBox' when a window is resized on a page with nested columns using absolute and relative positioning.
- The glBufferData function in the WebGL implementation, fails to mitigate an unspecified flaw in an NVIDIA driver.
Affected
SeaMonkey version before 2.10,
Thunderbird version 5.0 through 12.0,
Mozilla Firefox version 4.x through 12.0,
Thunderbird ESR version 10.x before 10.0.5 and
Mozilla Firefox ESR version 10.x before 10.0.5 on Mac OS X
References
- http://secunia.com/advisories/49366
- http://secunia.com/advisories/49368
- http://securitytracker.com/id/1027120
- http://www.mozilla.org/security/announce/2012/mfsa2012-34.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-36.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-37.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-38.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-40.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-0441, CVE-2012-1937, CVE-2012-1938, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947, CVE-2012-3105 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities -01 Jan 13 (Mac OS X)
- Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Windows)