Summary
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to to cause a denial of service or execute arbitrary code.
Impact Level: Application
Solution
Upgrade to Firefox version 3.5.10 or 3.6.4,
http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.5,
http://www.seamonkey-project.org/releases/
Upgrade to Thunderbird version 3.0.5,
http://www.mozillamessaging.com/en-US/thunderbird/
Insight
The flaws are due to:
- Integer overflow in the 'nsGenericDOMDataNode::SetTextInternal' function, whcih allows remote attackers to execute arbitrary code via a DOM node with a long text value.
- Multiple unspecified vulnerabilities in the browser engine, which allows attackers to cause a denial of service or execute arbitrary code via unknown vectors.
- Integer overflow in the 'XSLT' node sorting implementation, whcih allows attackers to execute arbitrary code via a large text value for a node.
Affected
Seamonkey version prior to 2.0.5,
Thunderbird version proior to 3.0.5 and
Firefox version 3.5.x before 3.5.10 and 3.6.x before 3.6.4
References
Severity
Classification
-
CVE CVE-2010-1196, CVE-2010-1199, CVE-2010-1200, CVE-2010-1202 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)