Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mozilla Products Multiple Vulnerabilities jul-10 (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird that are prone to multiple vulnerabilities.
Insight
Insight
The flaws are due to: - A memory corruption errors in the browser engine, which allows to corrupt the memory under certain circumstances. - An integer overflow error exists when array class used to store CSS values, which allows to execute arbitrary codes. - An integer overflow error in the implementation of the XUL <tree> element's 'selection' attribute. When the size of a new selection is sufficiently large the integer used in calculating the length of the selection, which allows attacker to call into deleted memory and run arbitrary code. - Error in handling of 'CSS' selector into points A and B of a target page, data can be read across domains by injecting bogus CSS selectors into a target site and then retrieving the data using JavaScript APIs. - Cross-origin data leakage errors occurs from script filename in error messages.
Affected Software
Affected Software
Seamonkey version 2.0.x before 2.0.6 Firefox version 3.5.x before 3.5.11 and 3.6.x before 3.6.7 Thunderbird version 3.0.x before 3.0.6 and 3.1.x before 3.1.1
Solution
Solution
Upgrade to Firefox version 3.5.11 or 3.6.7 or later Upgrade to Seamonkey version 2.0.6 or later Upgrade to Thunderbird version 3.0.6 or 3.1.1 or later
Common Vulnerabilities and Exposures (CVE)
References
- http://www.mozilla.org/security/announce/2010/mfsa2010-34.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-39.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-40.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-42.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-46.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-47.html