Summary
The host is installed with Mozilla firefox/thunderbird and is prone to cross site scripting and memory corruption vulnerabilities.
Impact
Successful exploitation will let attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding and cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 8.0 or 3.6.24 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to Thunderbird version to 8.0 or 3.1.16 or later http://www.mozilla.org/en-US/thunderbird/
Insight
The flaws are due to
- Error, while handling invalid sequences in the Shift-JIS encoding.
- Crash, when using Firebug to profile a JavaScript file with many functions.
Affected
Thunderbird version prior to 3.1.16, 5.0 through 7.0 Mozilla Firefox version prior to 3.6.24, 4.x through 7.0
References
Severity
Classification
-
CVE CVE-2011-3648, CVE-2011-3650 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Windows)