The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities.

Successful exploitation will let attackers to cause a denial of service, potentially execute arbitrary code or compromise a user's system. Impact Level: Application

Upgrade to Firefox version 3.0.18, 3.5.8, 3.6.2 or later http://www.mozilla.com/en-US/firefox/all.html Upgrade to Seamonkey version 2.0.3 or later http://www.seamonkey-project.org/releases/ Upgrade to Thunderbird version 3.0.2 or later http://www.mozillamessaging.com/en-US/thunderbird/

The flaws are due to: - An error in 'toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js' in the asynchronous Authorization Prompt implementation it does not properly handle concurrent authorization requests from multiple web sites. - An error in browser engine allows attackers to cause a denial of service via vectors related to - 'layout/generic/nsBlockFrame.cpp' and - '_evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp' - An error in performing cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object.

Seamonkey version prior to 2.0.3 Thunderbird version prior to 3.0.2 Firefox version 3.0.x before 3.0.18, 3.5.x before 3.5.8 and 3.6.x before 3.6.2

• http://www.mozilla.org/security/announce/2010/mfsa2010-11.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-12.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-14.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-15.html
• https://bugzilla.mozilla.org/show_bug.cgi?id=534082

---

Updated on 2015-03-25