Mozilla Products Multiple Vulnerabilities (Windows) Network Vulnerability

Summary

The host is installed with Mozilla firefox/thunderbird and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let attackers to cause denial of service and execute arbitrary code via unspecified vectors. Impact Level: System/Application

Solution

Upgrade to Mozilla Firefox version 8.0 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html Upgrade to Thunderbird version to 8.0 or later http://www.mozilla.org/en-US/thunderbird/

Insight

The flaws are due to - unspecified erros in the browser engine. - Direct2D (aka D2D) API is used in conjunction with the Azure graphics back-end on windows.

Affected

Thunderbird version 7.0 Mozilla Firefox version 7.0

References

http://www.mozilla.org/security/announce/2011/mfsa2011-48.html
http://www.mozilla.org/security/announce/2011/mfsa2011-50.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3649, CVE-2011-3651

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)

Take action and discover your vulnerabilities