Summary
The host is installed with Mozilla firefox/thunderbird and is prone to cross site scripting and memory corruption vulnerabilities.
Impact
Successful exploitation will let attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding and cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 8.0 or 3.6.24 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Thunderbird version to 8.0 or 3.1.16 or later http://www.mozilla.org/en-US/thunderbird/
Insight
The flaws are due to
- Error, while handling invalid sequences in the Shift-JIS encoding.
- Crash, when using Firebug to profile a JavaScript file with many functions.
Affected
Thunderbird version prior to 3.1.16, 5.0 through 7.0 Mozilla Firefox version prior to 3.6.24, 4.x through 7.0
References
Severity
Classification
-
CVE CVE-2011-3648, CVE-2011-3650 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)
- Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)