Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Mozilla firefox/thunderbird and is prone to privilege escalation vulnerability.

Impact

Successful exploitation will let attackers to gain privileges via a crafted web site. Impact Level: System/Application

Solution

Upgrade to Mozilla Firefox version 8.0 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html Upgrade to Thunderbird version to 8.0 or later http://www.mozilla.org/en-US/thunderbird/

Insight

The flaw is due to, performing access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.

Affected

Thunderbird version 5.0 through 7.0 Mozilla Firefox version 4.x through 7.0

References

http://www.mozilla.org/security/announce/2011/mfsa2011-52.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3655

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

VMAX Web Viewer Default Credentials Authentication Bypass Vulnerability
TOR Privilege Escalation Vulnerability (Linux)
TOR Privilege Escalation Vulnerability (Win)
Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows)
Sun VirtualBox 'VBoxNetAdpCtl' Privilege Escalation Vulnerability

Take action and discover your vulnerabilities