Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mozilla Products Multiple Vulnerabilities March-11 (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with Mozilla Firefox/Seamonkey that are prone to multiple vulnerabilities.
Insight
Insight
The flaws are due to: - An error when handling a recursive call to 'eval()' wrapped in a try or catch statement, which could be exploited to force a user into accepting any dialog. - A buffer overflow error related to the JavaScript engine's internal memory mapping of non-local JS variables, which could allow attackers to execute arbitrary code. - A user-after-free error related to a method used by 'JSON.stringify', which could allow attackers to execute arbitrary code. - A buffer overflow error related to the JavaScript engine's internal memory mapping of string values, which could allow attackers to execute arbitrary code. - An use-after-free error related to Web Workers, which could allow attackers to execute arbitrary code. - A cross-site request forgery (CSRF) vulnerability, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.
Affected Software
Affected Software
Seamonkey version before 2.0.12 Firefox version before 3.5.17 and 3.6.x before 3.6.14
Solution
Solution
Upgrade to Firefox version 3.5.17 or 3.6.14 or later, Upgrade to Seamonkey version 2.0.12 or later.
Common Vulnerabilities and Exposures (CVE)
References
- http://www.vupen.com/english/advisories/2011/0531
- http://www.mozilla.org/security/announce/2011/mfsa2011-02.html
- http://www.mozilla.org/security/announce/2011/mfsa2011-03.html
- http://www.mozilla.org/security/announce/2011/mfsa2011-04.html
- http://www.mozilla.org/security/announce/2011/mfsa2011-05.html
- http://www.mozilla.org/security/announce/2011/mfsa2011-06.html
- http://www.mozilla.org/security/announce/2011/mfsa2011-07.html
- http://www.mozilla.com/en-US/firefox/all.html
- http://www.mozilla.org/projects/seamonkey/