Summary
The host is installed with Mozilla Firefox, Seamonkey or Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to obtain sensitive information or execute arbitrary code in the context of the user running the affected application.
Impact Level: Application
Solution
Upgrade to Firefox version 3.5.19, 3.6.17, 4.0.1 or later http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.14 or later
http://www.seamonkey-project.org/releases/
Upgrade to Thunderbird version 3.1.10 or later
http://www.mozillamessaging.com/en-US/thunderbird/
Insight
- An error in the implementation of the 'resource:' protocol can be exploited to perform directory traversal attacks and disclose sensitive information.
- Multiple errors in the browser engine can be exploited to corrupt memory and potentially execute arbitrary code.
Affected
SeaMonkey versions before 2.0.14.
Thunderbird version before 3.1.10
Mozilla Firefox versions 3.5.19 and 3.6.x before 3.6.17.
References
Severity
Classification
-
CVE CVE-2011-0071, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities(APSB14-24)-(Mac OS X)
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
- Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
- Adobe Acrobat Multiple Vulnerabilities - Mac OS X