Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Mac OS X) Network Vulnerability

Summary

The host is installed with Mozilla firefox/thunderbird and is prone to privilege escalation vulnerability.

Impact

Successful exploitation will let attackers to gain privileges via a crafted web site. Impact Level: System/Application

Solution

Upgrade to Mozilla Firefox version 8.0 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html Upgrade to Thunderbird version to 8.0 or later http://www.mozilla.org/en-US/thunderbird/

Insight

The flaw is due to, performing access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.

Affected

Thunderbird version 5.0 through 7.0 Mozilla Firefox version 4.x through 7.0 on Mac OS X

References

http://www.mozilla.org/security/announce/2011/mfsa2011-52.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3655
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Default password router Zyxel
ArcaVir AntiVirus Products Privilege Escalation Vulnerability
Sun VirtualBox 'VBoxNetAdpCtl' Privilege Escalation Vulnerability
Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Mac OS X)
Adobe Flash Media Server Privilege Escalation Vulnerability

Take action and discover your vulnerabilities