The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities.

Successful exploitation will let attackers to to cause a denial of service or execute arbitrary code. Impact Level: Application

Upgrade to Firefox version 3.6.11 or 3.5.14 or later http://www.mozilla.com/en-US/firefox/all.html Upgrade to Seamonkey version 2.0.9 or later http://www.seamonkey-project.org/releases/ Upgrade to Thunderbird version 3.0.9 or 3.1.5 or later http://www.mozillamessaging.com/en-US/thunderbird/

The flaws are due to: - A wildcard IP address in the 'subject&qts' Common Name field of an X.509 certificate. - not properly setting the minimum key length for 'Diffie-Hellman Ephemeral' (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. - Passing an excessively long string to 'document.write' could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. - not properly handling certain modal calls made by 'javascript: URLs' in circumstances related to opening a new window and performing cross-domain navigation. - an untrusted search path vulnerability. - Use-after-free vulnerability in the nsBarProp function. - error in 'LookupGetterOrSetter' function, which does not properly support 'window.__lookupGetter__ function' calls that lack arguments.

Seamonkey version prior to 2.0.9 Firefox version prior to 3.5.14 and 3.6.x before 3.6.11 Thunderbird version proior to 3.0.9 and 3.1.x before 3.1.5

• http://www.mozilla.org/security/announce/2010/mfsa2010-65.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-69.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-70.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-72.html

---

Updated on 2015-03-25