Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mozilla Products Multiple Vulnerabilities jul-10 (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with Mozilla Firefox/Thunderbird that are prone to multiple vulnerabilities.
Insight
Insight
The flaws are due to: - An error in the handling of 'SJOW()' and 'fast()' native function, when content script which is running in a chrome context accesses a content object via SJOW. - An error in the handling of canvas element, can be used to read data from another site, violating the same-origin policy.The read restriction placed on a canvas element which has had cross-origin data rendered into it can be bypassed by retaining a reference to the canvas element's context and deleting the associated canvas node from the DOM. - Undefined positions within various 8 bit character encoding's are mapped to the sequence U+FFFD which when displayed causes the immediately following character to disappear from the text run.
Affected Software
Affected Software
Firefox version 3.5.x before 3.5.11 and 3.6.x before 3.6.7 Thunderbird version 3.1.x before 3.1.1
Solution
Solution
Upgrade to Firefox version 3.5.11 or 3.6.7 Upgrade to Thunderbird version 3.0.6 or 3.1.1