Summary
The host is installed with Mozilla Firefox, Seamonkey or Thunderbird and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to obtain sensitive information or execute arbitrary code in the context of the user running the affected application.
Impact Level: Application
Solution
Upgrade to Firefox version 3.5.19, 3.6.17, 4.0.1 or later http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.14 or later
http://www.seamonkey-project.org/releases/
Upgrade to Thunderbird version 3.1.10 or later
http://www.mozillamessaging.com/en-US/thunderbird/
Insight
- An error in the implementation of the 'resource:' protocol can be exploited to perform directory traversal attacks and disclose sensitive information.
- Multiple errors in the browser engine can be exploited to corrupt memory and potentially execute arbitrary code.
Affected
SeaMonkey versions before 2.0.14.
Thunderbird version before 3.1.10
Mozilla Firefox versions 3.5.19 and 3.6.x before 3.6.17.
References
Severity
Classification
-
CVE CVE-2011-0071, CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Windows)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
- Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)