Mozilla Products 'SJOW' Multiple Vulnerabilities (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox/Seamonkey/Thunderbird that are prone to multiple vulnerabilities.

Impact

Successful exploitation will let attackers to bypass the same origin policy and conduct cross-site scripting attacks via a crafted function. Impact Level: Application

Solution

Upgrade to Firefox version 3.5.12 or later http://www.mozilla.com/en-US/firefox/all.html Upgrade to Seamonkey version 2.0.7 or later http://www.seamonkey-project.org/releases/ Upgrade to Thunderbird version 3.0.7 http://www.mozillamessaging.com/en-US/thunderbird/

Insight

The flaw is due to error in 'XPCSafeJSObjectWrapper' class in the 'SafeJSObjectWrapper', which does not properly restrict scripted functions.

Affected

Firefox before 3.5.12 SeaMonkey before 2.0.7 Thunderbird before 3.0.7

References

http://www.mozilla.org/security/announce/2010/mfsa2010-60.html
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2763

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari Multiple Vulnerabilities
Adobe Reader Plugin Signature Bypass Vulnerability (Linux)
AOLserver Default Password
Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)

Take action and discover your vulnerabilities