Summary
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to potentially execute arbitrary code or compromise a user's system.
Impact Level: Application
Solution
Upgrade to Firefox version 3.0.18 or 3.5.8 or later http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.3 or later
http://www.seamonkey-project.org/releases/
Upgrade to Thunderbird version 3.0.2 or later
http://www.mozillamessaging.com/en-US/thunderbird/
Insight
- An error exists when handling 'out-of-memory conditions', can be exploited to trigger a memory corruption and execute arbitrary code via a specially crafted web page.
- An errors in 'nsBlockFrame::StealFrame()' function in 'layout/generic/nsBlockFrame.cpp', can be exploited to corrupt memory and potentially execute arbitrary code.
Affected
Seamonkey version prior to 2.0.3
Thunderbird version prior to 3.0.2
Firefox version 3.0.x before 3.0.18 and 3.5.x before 3.5.8 on Linux.
References
Severity
Classification
-
CVE CVE-2009-1571, CVE-2010-0159 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)