The host is installed with Mozilla Firefox/Seamonkey/Thunderbird that are prone to multiple vulnerabilities.

Successful exploitation will let attackers to cause a denial of service or execute arbitrary code. Impact Level: Application

Upgrade to Firefox version 3.5.11 or 3.6.7 or later http://www.mozilla.com/en-US/firefox/all.html Upgrade to Seamonkey version 2.0.6 or later http://www.seamonkey-project.org/releases/ Upgrade to Thunderbird version 3.0.6 or 3.1.1 or later http://www.mozillamessaging.com/en-US/thunderbird/

The flaws are due to: - A memory corruption errors in the browser engine, which allows to corrupt the memory under certain circumstances. - An integer overflow error exists when array class used to store CSS values, which allows to execute arbitrary codes. - An integer overflow error in the implementation of the XUL <tree> element's 'selection' attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection, which allows attacker to call into deleted memory and run arbitrary code. - Error in handling of 'CSS' selector into points A and B of a target page, data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. - Cross-origin data leakage errors occurs from script filename in error messages.

Seamonkey version 2.0.x before 2.0.6 Firefox version 3.5.x before 3.5.11 and 3.6.x before 3.6.7 Thunderbird version 3.0.x before 3.0.6 and 3.1.x before 3.1.1

• http://www.mozilla.org/security/announce/2010/mfsa2010-34.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-39.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-40.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-42.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-46.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-47.html

---

Updated on 2015-03-25