Summary
The host is installed with Mozilla Firefox, Seamonkey or Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let remote attackers to disclose potentially sensitive information, execute arbitrary code or cause a denial of service.
Impact Level: Application
Solution
Upgrade to Firefox version 3.6.18 or later
http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.2 or later
http://www.seamonkey-project.org/releases/
Upgrade to Thunderbird version 3.1.11 or later
http://www.mozillamessaging.com/en-US/thunderbird/
Insight
- Multiple use-after-free errors allows remote attackers to cause a denial of service or possibly execute arbitrary code.
- An error in the way cookies are handled could lead to bypass the Same Origin Policy via Set-Cookie headers.
Affected
SeaMonkey versions 2.0.14 and prior.
Thunderbird version before 3.1.11.
Mozilla Firefox versions before 3.6.18.
References
Severity
Classification
-
CVE CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Windows)
- Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
- Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)