Summary
The host is installed with Mozilla Firefox or Seamonkey and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let remote attackers to execute arbitrary code.
Impact Level: Application
Solution
Upgrade to Firefox version 3.5.19 or 3.6.17 or later http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.14 or later
http://www.seamonkey-project.org/releases/
Insight
- Multiple use-after-free errors within the handling of the 'mChannel', 'mObserverList', and 'nsTreeRange' object attributes can be exploited to execute arbitrary code.
- An error when handling Java applets can be exploited to steal entries from the form history via the autocomplete controls.
Affected
SeaMonkey versions before 2.0.14.
Mozilla Firefox versions before 3.5.19 and 3.6.x before 3.6.17.
References
Severity
Classification
-
CVE CVE-2011-0065, CVE-2011-0066, CVE-2011-0067, CVE-2011-0073 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Windows)