Summary
This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities.
Impact
Successful attempt could allow local attackers to bypass security restrictions and gain the privileges.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 13.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.10 or later,
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version to 13.0 or later,
http://www.mozilla.org/en-US/thunderbird/
Insight
- Mozilla updater allows to load a local DLL file in a privileged context.
- The 'Updater.exe' in the Windows Updater Service allows to load an arbitrary local wsock32.dll file, which can then be run with the same system privileges used by the service.
Affected
SeaMonkey version 2.9,
Thunderbird version 12.0 and
Mozilla Firefox version 12.0 on Windows
References
Severity
Classification
-
CVE CVE-2012-1942, CVE-2012-1943 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - Mac OS X
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)