Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mozilla Products Multiple Vulnerabilities july-10 (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with Mozilla Firefox/Seamonkey that are prone to multiple vulnerabilities.
Insight
Insight
The flaws are due to: - An error in the 'DOM' attribute cloning routine where under certain circumstances an event attribute node can be deleted while another object still contains a reference to it. - An error in Mozilla's implementation of NodeIterator in which a malicious NodeFilter could be created which would detach nodes from the DOM tree while it was being traversed. - An error in the code used to store the names and values of plugin parameter elements. A malicious page could embed plugin content containing a very large number of parameter elements which would cause an overflow in the integer value counting them. - An error in handling of location bar could be spoofed to look like a secure page when the current document was served via plain text. - Spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. - Spoofing error occurs when opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document.
Affected Software
Affected Software
Seamonkey version 2.0.x before 2.0.6 Firefox version 3.5.x before 3.5.11 and 3.6.x before 3.6.7
Solution
Solution
Upgrade to Firefox version 3.5.11 or 3.6.7 Upgrade to Seamonkey version 2.0.6
Common Vulnerabilities and Exposures (CVE)
References
- http://www.mozilla.org/security/announce/2010/mfsa2010-35.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-36.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-37.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-43.html
- http://www.mozilla.org/security/announce/2010/mfsa2010-45.html