Mozilla Products 'SJOW' Arbitrary Code Execution Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox/Thunderbird that are prone to multiple vulnerabilities.

Impact

Successful exploitation will let attackers to execute arbitrary Java script code with privileges. Impact Level: Application

Solution

Upgrade to Firefox version 3.6.9 or later http://www.mozilla.com/en-US/firefox/all.html Upgrade to Thunderbird version 3.1.3 http://www.mozillamessaging.com/en-US/thunderbird/

Insight

The flaw is due to error in 'XPCSafeJSObjectWrapper' class in the 'SafeJSObjectWrapper', which does not properly restrict objects at the end of scope chains.

Affected

Firefox version 3.6.x before 3.6.9 Thunderbird version 3.1.x before 3.1.3

References

http://securitytracker.com/alerts/2010/Sep/1024403.html
http://www.mozilla.org/security/announce/2010/mfsa2010-59.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2762

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Aardvark Topsites Multiple Vulnerabilities
Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
Apache Tomcat Multiple Vulnerabilities - 01 Mar14
Adobe Reader Plugin Signature Bypass Vulnerability (Windows)

Take action and discover your vulnerabilities