The host is installed with Mozilla Firefox/Seamonkey/Thunderbird that are prone to multiple vulnerabilities.

Successful exploitation will let attackers to cause a denial of service, execute arbitrary code, or cause buffer overflow. Impact Level: Application

Upgrade to Firefox version 3.5.12 or 3.6.9 or later http://www.mozilla.com/en-US/firefox/all.html Upgrade to Seamonkey version 2.0.7 or later http://www.seamonkey-project.org/releases/ Upgrade to Thunderbird version 3.0.7 or 3.1.3 or later http://www.mozillamessaging.com/en-US/thunderbird/

The flaws are due to: - Some pointer held by a 'XUL' tree selection could be freed and then later reused, potentially resulting in the execution of attacker-controlled memory. - Information leak via 'XMLHttpRequest' statusText. - Dangling pointer vulnerability using 'DOM' plugin array. - 'Frameset' integer overflow vulnerability. - type attribute of an '<object>' tag, which override the charset of a framed HTML document. - Dangling pointer vulnerability in the implementation of 'navigator.plugins' in which the navigator object could retain a pointer to the plugins array even after it had been destroyed. - Copy-and-paste or drag-and-drop into 'designMode' document allows XSS. - Heap buffer overflow in 'nsTextFrameUtils::TransformText' - Dangling pointer vulnerability in 'XUL <tree>'s content view.

Seamonkey version before 2.0.7 Firefox version 3.5.x before 3.5.12 and 3.6.x before 3.6.9 Thunderbird version 3.0.x before 3.0.7 and 3.1.x before 3.1.3

• http://www.mozilla.org/security/announce/2010/mfsa2010-51.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-54.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-56.html
• http://www.mozilla.org/security/announce/2010/mfsa2010-57.html
• http://www.mozilla.org/security/known-vulnerabilities/firefox36.html
• http://www.mozilla.org/security/known-vulnerabilities/seamonkey20.html
• http://www.mozilla.org/security/known-vulnerabilities/thunderbird31.html

---

Updated on 2015-03-25