Summary
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to cause a denial of service, potentially execute arbitrary code or compromise a user's system.
Impact Level: Application
Solution
Upgrade to Firefox version 3.0.18, 3.5.8, 3.6.2 or later http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.3 or later
http://www.seamonkey-project.org/releases/
Upgrade to Thunderbird version 3.0.2 or later
http://www.mozillamessaging.com/en-US/thunderbird/
Insight
The flaws are due to:
- An error in 'toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js' in the asynchronous Authorization Prompt implementation it does not properly handle concurrent authorization requests from multiple web sites.
- An error in browser engine allows attackers to cause a denial of service via vectors related to
- 'layout/generic/nsBlockFrame.cpp' and
- '_evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp' - An error in performing cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object.
Affected
Seamonkey version prior to 2.0.3
Thunderbird version prior to 3.0.2
Firefox version 3.0.x before 3.0.18, 3.5.x before 3.5.8 and 3.6.x before 3.6.2
References
- http://www.mozilla.org/security/announce/2010/mfsa2010-11.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-12.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-14.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-15.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=534082
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-0167, CVE-2010-0169, CVE-2010-0171 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities