Summary
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will result in a denial-of-service condition.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 6.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.3 or later
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version to 6.0 or later
http://www.mozilla.org/en-US/thunderbird/
Insight
The flaws are due to
- An error when using Windows D2D hardware acceleration, allows attacker to obtain sensitive image data from a different domain.
- Heap overflow in the Almost Native Graphics Layer Engine(ANGLE) library used in WebGL implementation.
- Buffer overflow error in the WebGL shader implementation.
- An error in the browser engine, it fails to implement WebGL, JavaScript - An error in the Ogg reader in the browser engine.
Affected
Thunderbird version before 6
SeaMonkey version 2.0 through 2.2
Mozilla Firefox version 4.x through 5
References
Severity
Classification
-
CVE CVE-2011-2985, CVE-2011-2986, CVE-2011-2987, CVE-2011-2988, CVE-2011-2989, CVE-2011-2991, CVE-2011-2992 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe Captivate Insecure Library Loading Vulnerability
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows