The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities.

Successful exploitation will let attackers to cause a denial of service or possibly execute arbitrary code or inject html code via unknown vectors. Impact Level: System/Application

Upgrade to Mozilla Firefox version 11.0 or ESR version 10.0.3 later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html Upgrade to SeaMonkey version to 2.8 or later, http://www.mozilla.org/projects/seamonkey/ Upgrade to Thunderbird version to 11 or ESR version 10.0.3 later, http://www.mozilla.org/en-US/thunderbird/

The flaws are due to - An improper write access restriction to the window.fullScreen object. - Multiple unspecified vulnerabilities in the browser engine. - An improper implementation of the Cascading Style Sheets (CSS) allowing to crash the service when accessing keyframe cssText after dynamic modification. - A use-after-free error within the shlwapi.dll when closing a child window that uses the file open dialog. - An error when handling Content Security Policy headers.

SeaMonkey version before 2.8 Thunderbird version 5.0 through 10.0 Mozilla Firefox version 4.x through 10.0 Thunderbird ESR version 10.x before 10.0.3 Mozilla Firefox ESR version 10.x before 10.0.3

• http://secunia.com/advisories/48402
• http://www.mozilla.org/security/announce/2012/mfsa2012-12.html
• http://www.mozilla.org/security/announce/2012/mfsa2012-15.html
• http://www.mozilla.org/security/announce/2012/mfsa2012-17.html
• http://www.mozilla.org/security/announce/2012/mfsa2012-18.html
• http://www.mozilla.org/security/announce/2012/mfsa2012-19.html

---

Updated on 2015-03-25