Summary
The host is installed with Mozilla Firefox/Seamonkey that are prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to execute arbitrary code.
Impact Level: Application
Solution
Upgrade to Firefox version 3.5.16 or 3.6.13 or later http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.11 or later
http://www.seamonkey-project.org/releases/
Insight
The flaws are due to:
- Use-after-free vulnerability.
- Integer overflow in the NewIdArray function.
- Cross-site Scripting (XSS) vulnerabilities in the rendering engine allows remote attackers to inject arbitrary web script.
- Not properly handle injection of an 'ISINDEX' element into an about:blank page.
- Error in 'XMLHttpRequestSpy' module in the 'Firebug' add-on is used, does not properly handle interaction between the 'XMLHttpRequestSpy' object and chrome privileged objects.
- Not properly calculate index values for certain child content in a 'XUL' tree.
- Error in 'NS_SecurityCompareURIs' function in netwerk/base/public/nsNetUtil.h which does not properly handle 'about:neterror' and 'about:certerror' pages.
- Not properly handle certain redirections involving 'data: URLs' and 'Java LiveConnect' scripts, which allows remote attackers to start processes.
Affected
Seamonkey version before 2.0.11
Firefox version before 3.5.16 and 3.6.x before 3.6.13
References
Severity
Classification
-
CVE CVE-2010-3766, CVE-2010-3767, CVE-2010-3770, CVE-2010-3771, CVE-2010-3772, CVE-2010-3773, CVE-2010-3774, CVE-2010-3775 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- 3S CoDeSys CmpWebServer Multiple Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe AIR Multiple Vulnerabilities-01 Jun14 (Windows)
- Adobe Dreamweaver Insecure Library Loading Vulnerability