Summary
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird that are prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to bypass the same origin policy and conduct cross-site scripting attacks via a crafted function.
Impact Level: Application
Solution
Upgrade to Firefox version 3.5.12 or later
http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Seamonkey version 2.0.7 or later
http://www.seamonkey-project.org/releases/
Upgrade to Thunderbird version 3.0.7
http://www.mozillamessaging.com/en-US/thunderbird/
Insight
The flaw is due to error in 'XPCSafeJSObjectWrapper' class in the 'SafeJSObjectWrapper', which does not properly restrict scripted functions.
Affected
Firefox before 3.5.12
SeaMonkey before 2.0.7
Thunderbird before 3.0.7
References
Severity
Classification
-
CVE CVE-2010-2763 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)
- Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
- Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
- Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
- Arris DOCSIS Password Disclosure