Mozilla Products Multiple Vulnerabilities October-10 (Windows)

The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities.

The flaws are due to: - A wildcard IP address in the 'subject&qts' Common Name field of an X.509 certificate. - not properly setting the minimum key length for 'Diffie-Hellman Ephemeral' (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. - Passing an excessively long string to 'document.write' could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. - not properly handling certain modal calls made by 'javascript: URLs' in circumstances related to opening a new window and performing cross-domain navigation. - an untrusted search path vulnerability. - Use-after-free vulnerability in the nsBarProp function. - error in 'LookupGetterOrSetter' function, which does not properly support 'window.__lookupGetter__ function' calls that lack arguments.

Seamonkey version prior to 2.0.9 Firefox version prior to 3.5.14 and 3.6.x before 3.6.11 Thunderbird version proior to 3.0.9 and 3.1.x before 3.1.5

Upgrade to Firefox version 3.6.11 or 3.5.14 or later Upgrade to Seamonkey version 2.0.9 or later Upgrade to Thunderbird version 3.0.9 or 3.1.5 or later