Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mozilla Products Multiple Vulnerabilities October-10 (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with Mozilla Firefox/Seamonkey/Thunderbird and is prone to multiple vulnerabilities.
Insight
Insight
The flaws are due to: - A wildcard IP address in the 'subject&qts' Common Name field of an X.509 certificate. - not properly setting the minimum key length for 'Diffie-Hellman Ephemeral' (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. - Passing an excessively long string to 'document.write' could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. - not properly handling certain modal calls made by 'javascript: URLs' in circumstances related to opening a new window and performing cross-domain navigation. - an untrusted search path vulnerability. - Use-after-free vulnerability in the nsBarProp function. - error in 'LookupGetterOrSetter' function, which does not properly support 'window.__lookupGetter__ function' calls that lack arguments.
Affected Software
Affected Software
Seamonkey version prior to 2.0.9 Firefox version prior to 3.5.14 and 3.6.x before 3.6.11 Thunderbird version proior to 3.0.9 and 3.1.x before 3.1.5
Solution
Solution
Upgrade to Firefox version 3.6.11 or 3.5.14 or later Upgrade to Seamonkey version 2.0.9 or later Upgrade to Thunderbird version 3.0.9 or 3.1.5 or later