Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Mozilla Products Multiple Vulnerabilities March-11 (Windows)

Information

Severity

Severity

Critical

Family

Family

General

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

13 years ago

Modified

Modified

5 years ago

Summary

The host is installed with Mozilla Firefox/Seamonkey that are prone to multiple vulnerabilities.

Insight

Insight

The flaws are due to: - An error when handling a recursive call to 'eval()' wrapped in a try or catch statement, which could be exploited to force a user into accepting any dialog. - A buffer overflow error related to the JavaScript engine's internal memory mapping of non-local JS variables, which could allow attackers to execute arbitrary code. - A user-after-free error related to a method used by 'JSON.stringify', which could allow attackers to execute arbitrary code. - A buffer overflow error related to the JavaScript engine's internal memory mapping of string values, which could allow attackers to execute arbitrary code. - An use-after-free error related to Web Workers, which could allow attackers to execute arbitrary code. - A cross-site request forgery (CSRF) vulnerability, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.

Affected Software

Affected Software

Seamonkey version before 2.0.12 Firefox version before 3.5.17 and 3.6.x before 3.6.14

Solution

Solution

Upgrade to Firefox version 3.5.17 or 3.6.14 or later, Upgrade to Seamonkey version 2.0.12 or later.