Summary
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to arbitrary code execution vulnerability.
Impact
Successful exploitation will let attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 3.6.20 or 6.0 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.3 or later
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version to 3.1.12 or later
http://www.mozilla.org/en-US/thunderbird/
Insight
The flaw is due to error in 'SVGTextElement.getCharNumAtPosition' function, which fails to properly handle SVG text.
Affected
SeaMonkey version 2.0 through 2.2
Thunderbird version 3.0 through 3.1.11
Mozilla Firefox version before 3.6.20 and 4.x through 5.0.1
References
Severity
Classification
-
CVE CVE-2011-0084 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- 3S CoDeSys CmpWebServer Multiple Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities June-2012 (Windows)
- Adobe Air Remote Code Execution Vulnerability -June13 (Windows)