Mozilla Products Privilege Escalation Vulnerabily (Windows) Network Vulnerability

Summary

The host is installed with Mozilla firefox/thunderbird and is prone to privilege escalation vulnerability.

Impact

Successful exploitation will let attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. Impact Level: System/Application

Solution

Upgrade to Mozilla Firefox version 3.6.24 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html Upgrade to Thunderbird version to 3.1.16 or later http://www.mozilla.org/en-US/thunderbird/

Insight

The flaws are due to - Error in JSSubScriptLoader, which fails to handle XPCNativeWrappers during calls to the loadSubScript method in an add-on.

Affected

Thunderbird version prior to 3.1.16 Mozilla Firefox version prior to 3.6.24

References

http://www.mozilla.org/security/announce/2011/mfsa2011-46.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3647

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows)
Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 (Win)
ZyXEL ZyWALL Web Configurator Authentication Bypass Vulnerability
Mozilla Products Privilege Escalation Vulnerabily (MAC OS X)
VMAX Web Viewer Default Credentials Authentication Bypass Vulnerability

Take action and discover your vulnerabilities