Summary
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to Denial of Service vulnerability.
Impact
Successful exploitation will let attackers to cause application crash by consuming the memory.
Impact Level: Application
Solution
Upgrade to Firefox version 2.0.0.19 or 3.0.5 or later http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 1.1.17 or later
http://www.seamonkey-project.org/releases/
Apply patch for Thunderbird through above mozilla engine update http://www.mozillamessaging.com/
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Insight
A null pointer dereference error occurs while calling the 'select' method with a large integer, that results in continuous allocation of x+n bytes of memory exhausting memory after a while.
Affected
Seamonkey version prior to 1.1.17
Thunderbird version 2.0.0.22 and prior
Firefox version before 2.0.0.19 and 3.x before 3.0.5 on Windows.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-1692, CVE-2009-2535 -
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Colasoft Capsa Malformed SNMP V1 Packet Remote Denial of Service Vulnerability
- Apple Safari Multiple Vulnerabilities June-09 (Win) - I
- Adersoft VbsEdit '.vbs' File Denial Of Service Vulnerability
- FlashGet FTP PWD Response Remote Buffer Overflow Vulnerability
- 7-Zip Unspecified Archive Handling Vulnerability (Win)