The host is installed with Mozilla Firefox/Seamonkey that are prone to multiple vulnerabilities.

Successful exploitation will let attackers to cause a denial of service or execute arbitrary code or hijack the authentication of arbitrary users. Impact Level: Application

Upgrade to Firefox version 3.5.17 or 3.6.14 or later http://www.mozilla.com/en-US/firefox/all.html Upgrade to Seamonkey version 2.0.12 or later http://www.seamonkey-project.org/releases/

The flaws are due to: - An error when handling a recursive call to 'eval()' wrapped in a try or catch statement, which could be exploited to force a user into accepting any dialog. - A buffer overflow error related to the JavaScript engine's internal memory mapping of non-local JS variables, which could allow attackers to execute arbitrary code. - A user-after-free error related to a method used by 'JSON.stringify', which could allow attackers to execute arbitrary code. - A buffer overflow error related to the JavaScript engine's internal memory mapping of string values, which could allow attackers to execute arbitrary code. - An use-after-free error related to Web Workers, which could allow attackers to execute arbitrary code. - A cross-site request forgery (CSRF) vulnerability, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.

Seamonkey version before 2.0.12 Firefox version before 3.5.17 and 3.6.x before 3.6.14

• http://www.mozilla.org/security/announce/2011/mfsa2011-02.html
• http://www.mozilla.org/security/announce/2011/mfsa2011-03.html
• http://www.mozilla.org/security/announce/2011/mfsa2011-04.html
• http://www.mozilla.org/security/announce/2011/mfsa2011-05.html
• http://www.mozilla.org/security/announce/2011/mfsa2011-06.html
• http://www.mozilla.org/security/announce/2011/mfsa2011-07.html
• http://www.vupen.com/english/advisories/2011/0531

---

Updated on 2015-03-25