Summary
The host is installed with Mozilla firefox/seamonkey/thunderbird and is prone to memory corruption vulnerability.
Impact
Successful exploitation will let attackers to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 10.0.1 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.7.1 or later
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version 10.0.1 or later
http://www.mozilla.org/en-US/thunderbird/
Insight
The flaw is due to an error in the 'ReadPrototypeBindings()' method when handling XBL bindings in a hash table and can be exploited to cause a cycle collector to call an invalid virtual function.
Affected
SeaMonkey version prior to 2.7.1,
Thunderbird version 10.x prior to 10.0.1 and
Mozilla Firefox version 10.x prior to 10.0.1 on MAC OS X
References
Severity
Classification
-
CVE CVE-2012-0452 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)