Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
FreeBSD Ports: firefox
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to the system as announced in the referenced advisory. The following packages are affected: firefox libxul linux-firefox linux-firefox-devel linux-seamonkey linux-thunderbird seamonkey thunderbird
Insight
Insight
CVE-2010-1585 The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document. CVE-2011-0051 Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls. CVE-2011-0053 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service or possibly execute arbitrary code. CVE-2011-0054 Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code. CVE-2011-0055 Use-after-free vulnerability in the JSON.stringify method in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code. CVE-2011-0056 Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code. CVE-2011-0057 Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code. CVE-2011-0058 Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2011-0059 Cross-site request forgery vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users.
Solution
Solution
Update your system with the appropriate patches or software upgrades.
Common Vulnerabilities and Exposures (CVE)
References
- https://www.mozilla.org/security/announce/2011/mfsa2011-01.html
- https://www.mozilla.org/security/announce/2011/mfsa2011-02.html
- https://www.mozilla.org/security/announce/2011/mfsa2011-03.html
- https://www.mozilla.org/security/announce/2011/mfsa2011-04.html
- https://www.mozilla.org/security/announce/2011/mfsa2011-05.html
- https://www.mozilla.org/security/announce/2011/mfsa2011-06.html
- https://www.mozilla.org/security/announce/2011/mfsa2011-07.html
- https://www.mozilla.org/security/announce/2011/mfsa2011-08.html
- https://www.mozilla.org/security/announce/2011/mfsa2011-09.html
- https://www.mozilla.org/security/announce/2011/mfsa2011-10.html
- http://www.vuxml.org/freebsd/45f102cd-4456-11e0-9580-4061862b8c22.html