Summary
The host is installed with Mozilla Firefox/Seamonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to potentially execute arbitrary code or compromise a user's system.
Impact Level: Application
Solution
Upgrade to Firefox version 3.0.18 or 3.5.8 or later http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.3 or later
http://www.seamonkey-project.org/releases/
Insight
- An error exists in the implementation of Web Worker array data types when processing posted messages. This can be exploited to corrupt memory and potentially execute arbitrary code.
- An error exists in the implementation of the 'showModalDialog()' function, can be exploited to potentially execute arbitrary JavaScript code in the context of a domain calling the affected function with external parameters.
- An error exists when processing SVG documents served with a Content-Type of 'application/octet-stream', can be exploited to execute arbitrary JavaScript code in the context of a domain hosting the SVG document.
Affected
Seamonkey version prior to 2.0.3
Firefox version 3.0.x before 3.0.18 and 3.5.x before 3.5.8 on Windows.
References
Severity
Classification
-
CVE CVE-2009-3988, CVE-2010-0160, CVE-2010-0162 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe Dreamweaver Insecure Library Loading Vulnerability