Summary
The host is installed with Mozilla Firefox, Seamonkey or Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let remote attackers to disclose potentially sensitive information, execute arbitrary code or cause a denial of service.
Impact Level: Application
Solution
Upgrade to Firefox version 3.6.18 or later
http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.2 or later
http://www.seamonkey-project.org/releases/
Upgrade to Thunderbird version 3.1.11 or later
http://www.mozillamessaging.com/en-US/thunderbird/
Insight
- Multiple use-after-free errors allows remote attackers to cause a denial of service or possibly execute arbitrary code.
- An error in the way cookies are handled could lead to bypass the Same Origin Policy via Set-Cookie headers.
Affected
SeaMonkey versions 2.0.14 and prior.
Thunderbird version before 3.1.11.
Mozilla Firefox versions before 3.6.18.
References
Severity
Classification
-
CVE CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
- Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)