Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Mozilla Products Multiple Vulnerabilities-04 January13 (Windows)

Information

Severity

Severity

Critical

Family

Family

General

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

11 years ago

Modified

Modified

5 years ago

Share

Summary

This host is installed with Mozilla Firefox/Thunderbird/Seamonkey and is prone to multiple vulnerabilities.

Insight

Insight

- An error exists within the 'nsSOCKSSocketInfo::ConnectToProxy()' when handling SSL connection threads. - An error when parsing height and width values of a canvas element. - An error within the 'Object.prototype.__proto__()' can be exploited to bypass Chrome Object Wrappers (COW). - Unspecified error in the browser engine can be exploited to corrupt memory. - An error exists due to the AutoWrapperChanger class not keeping certain objects alive during garbage collection.

Affected Software

Affected Software

SeaMonkey version before 2.15 on Windows Thunderbird version before 17.0.2 on Windows Mozilla Firefox version before 18.0 on Windows Thunderbird ESR version 17.x before 17.0.2 on Windows Mozilla Firefox ESR version 17.x before 17.0.2 on Windows

Solution

Solution

Upgrade to Mozilla Firefox version 18.0 or ESR version 17.0.2 or later, upgrade to SeaMonkey version to 2.15 or later, upgrade to Thunderbird version to 17.0.2 or ESR 17.0.2 or later.

Common Vulnerabilities and Exposures (CVE)

References