CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.0%
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the ‘Mozilla Application Suite’. XULRunner is a Mozilla runtime package that can be used to bootstrap XUL+XPCOM applications like Firefox and Thunderbird.
The following vulnerabilities were reported in all mentioned Mozilla products:
The following vulnerabilities were reported in Firefox, SeaMonkey and XULRunner:
The following vulnerability was reported in Firefox only:
A remote attacker could entice a user to view a specially crafted web page or email that will trigger one of the vulnerabilities, possibly leading to the execution of arbitrary code or a Denial of Service. It is also possible for an attacker to trick a user to upload arbitrary files or to accept an invalid certificate for a spoofed web site, to read uninitialized memory, to violate Same Origin Policy, or to conduct Cross-Site Scripting attacks.
There is no known workaround at this time.
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-2.0.0.16"
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-2.0.0.16"
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-2.0.0.16"
All Mozilla Thunderbird binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-2.0.0.16"
All Seamonkey users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-1.1.11"
All Seamonkey binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/seamonkey-bin-1.1.11"
All XULRunner users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/xulrunner-1.8.1.16"
All XULRunner binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/xulrunner-bin-1.8.1.16"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | www-client/mozilla-firefox | < 2.0.0.16 | UNKNOWN |
Gentoo | any | all | www-client/mozilla-firefox-bin | < 2.0.0.16 | UNKNOWN |
Gentoo | any | all | mail-client/mozilla-thunderbird | < 2.0.0.16 | UNKNOWN |
Gentoo | any | all | mail-client/mozilla-thunderbird-bin | < 2.0.0.16 | UNKNOWN |
Gentoo | any | all | www-client/seamonkey | < 1.1.11 | UNKNOWN |
Gentoo | any | all | www-client/seamonkey-bin | < 1.1.11 | UNKNOWN |
Gentoo | any | all | net-libs/xulrunner | < 1.8.1.16 | UNKNOWN |
Gentoo | any | all | net-libs/xulrunner-bin | < 1.8.1.16 | UNKNOWN |