Summary
The host is installed with Mozilla Firefox or Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to bypass intended access restrictions, execute arbitrary code or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Firefox version 3.6.18, 5.0 or later.
http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Thunderbird version 3.1.11 or later
http://www.mozillamessaging.com/en-US/thunderbird/
Insight
- Multiple unspecified errors in the browser engine, allow remote attackers to cause a denial of service or possibly execute arbitrary code.
- CRLF injection flaw in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp, allows remote attackers to bypass intended access restrictions.
Affected
Thunderbird versions before 3.1.11
Mozilla Firefox versions before 3.6.18 and 4.x through 4.0.1
References
Severity
Classification
-
CVE CVE-2011-2374, CVE-2011-2605 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities