Summary
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird that are prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to cause a denial of service and execute arbitrary code.
Impact Level: Application
Solution
Upgrade to Firefox version 3.5.16 or 3.6.13 or later http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.11 or later
http://www.seamonkey-project.org/releases/
Upgrade to Thunderbird version 3.0.11 or 3.1.7 or later http://www.mozillamessaging.com/en-US/thunderbird/
Insight
The flaws are due to:
- Multiple unspecified vulnerabilities in the browser engine, which allows attackers to cause a denial of service.
- 'Line-breaking' implementation which does not properly handle long strings which allow remote attackers to execute arbitrary code via a crafted 'document.write' call.
- Not properly validate downloadable fonts before use within an operating system's font implementation.
Affected
Seamonkey version before 2.0.11
Firefox version before 3.5.16 and 3.6.x before 3.6.13 Thunderbird version before 3.0.11 and 3.1.x before 3.1.7
References
- http://www.mozilla.org/security/announce/2010/mfsa2010-74.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-75.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-78.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=527276
- https://bugzilla.redhat.com/show_bug.cgi?id=660420
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-3768, CVE-2010-3769, CVE-2010-3776 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Mac OS X)
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)