Mozilla Products Browser Engine Denial Of Service Vulnerabilities (Windows) Network Vulnerability

Summary

The host is installed with Mozilla firefox/thunderbird and is prone to denial of service vulnerability.

Impact

Successful exploitation will let attackers to cause a denial of service and execute arbitrary code via unspecified vectors. Impact Level: System/Application

Solution

Upgrade to Mozilla Firefox version 8.0 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html Upgrade to Thunderbird version to 8.0 or later http://www.mozilla.org/en-US/thunderbird/

Insight

The flaws are due to error in browser engine - Fails to properly handle links from SVG mpath elements to non-SVG elements. - Fails to properly allocate memory.

Affected

Thunderbird version prior to 8.0 Mozilla Firefox version prior to 8.0

References

http://www.mozilla.org/security/announce/2011/mfsa2011-48.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3652, CVE-2011-3654
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Dnsmasq Remote Denial of Service Vulnerability
ActFax LPD/LPR Server Denial of Service Vulnerability
EMC NetWorker 'nsrexecd' RPC Packet Denial of Service Vulnerability
connect to all open ports
Apple QuickTime Multiple Vulnerabilities - Jun09

Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows)

Take action and discover your vulnerabilities