Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.

The installed version of SeaMonkey is earlier than 2.0.9.  Such versions are potentially affected by the following security issues :

  - Multiple memory safety bugs could lead to memory     corruption, potentially resulting in arbitrary     code execution. (MFSA 2010-64)

  - By passing an excessively long string to     'document.write', it may be possible to trigger a buffer     overflow condition resulting in arbitrary code execution     on the remote system. (MFSA 2010-65)

  - A use-after-free error in nsBarProp could allow     arbitrary code execution on the remote system.
    (MFSA 2010-66)

  - A dangling pointer vulnerability in LookupGetterOrSetter     could allow arbitrary code execution. (MFSA 2010-67)

  - The Gopher parser is affected by a cross-site scripting     vulnerability. (MFSA 2010-68)

  - It is possible to steal information from a site in a     different domain using modal calls. (MFSA 2010-69)

  - It is possible to establish a valid SSL connection     to a remote host, provided the SSL certificate was     created with a common name containing a wild card     followed by partial IP address of the remote host.
    (MFSA 2010-70)

  - A function used to load external libraries on Windows     platform could allow loading of unsafe DLLs thus     allowing binary planting attacks. (MFSA 2010-71)

  - The SSL implementation allows servers to use     Diffie-Hellman Ephemeral mode (DHE) with a very     short key length. Such key lengths could be easily     breakable with modern hardware. (MFSA 2010-72)

The installed version of Thunderbird 3.1 is earlier than 3.1.5.  Such versions are potentially affected by the following security issues :

  - Multiple memory safety bugs could lead to memory     corruption, potentially resulting in arbitrary     code execution. (MFSA 2010-64)

  - By passing an excessively long string to     'document.write', it may be possible to trigger a buffer     overflow condition resulting in arbitrary code execution     on the remote system. (MFSA 2010-65)

  - A use-after-free error in nsBarProp could allow     arbitrary code execution on the remote system.
    (MFSA 2010-66)

  - A dangling pointer vulnerability in LookupGetterOrSetter     could allow arbitrary code execution. (MFSA 2010-67)

  - It is possible to steal information from a site in a     different domain using modal calls. (MFSA 2010-69)

  - It is possible to establish a valid SSL connection     to a remote host, provided the SSL certificate was     created with a common name containing a wild card     followed by partial IP address of the remote host.
    (MFSA 2010-70)

  - A function used to load external libraries on Windows     platform could allow loading of unsafe DLLs thus     allowing binary planting attacks. (MFSA 2010-71)

  - The SSL implementation allows servers to use     Diffie-Hellman Ephemeral mode (DHE) with a very     short key length. Such key lengths could be easily     breakable with modern hardware. (MFSA 2010-72)

The installed version of Thunderbird is earlier than 3.0.9.  Such versions are potentially affected by the following security issues :

  - Multiple memory safety bugs could lead to memory     corruption, potentially resulting in arbitrary     code execution. (MFSA 2010-64)

  - By passing an excessively long string to     'document.write', it may be possible to trigger a buffer     overflow condition resulting in arbitrary code execution     on the remote system. (MFSA 2010-65)

  - A use-after-free error in nsBarProp could allow     arbitrary code execution on the remote system.
    (MFSA 2010-66)

  - A dangling pointer vulnerability in LookupGetterOrSetter     could allow arbitrary code execution. (MFSA 2010-67)

  - It is possible to steal information from a site in a     different domain using modal calls. (MFSA 2010-69)

  - It is possible to establish a valid SSL connection     to a remote host, provided the SSL certificate was     created with a common name containing a wild card     followed by partial IP address of the remote host.
    (MFSA 2010-70)

  - A function used to load external libraries on Windows     platform could allow loading of unsafe DLLs thus     allowing binary planting attacks. (MFSA 2010-71)

  - The SSL implementation allows servers to use     Diffie-Hellman Ephemeral mode (DHE) with a very     short key length. Such key lengths could be easily     breakable with modern hardware. (MFSA 2010-72)

The installed version of Firefox 3.6 is earlier than 3.6.11.  Such versions are potentially affected by the following security issues :

  - Multiple memory safety bugs could lead to memory     corruption, potentially resulting in arbitrary     code execution. (MFSA 2010-64)

  - By passing an excessively long string to     'document.write', it may be possible to trigger a buffer     overflow condition resulting in arbitrary code execution     on the remote system. (MFSA 2010-65)

  - A use-after-free error in nsBarProp could allow     arbitrary code execution on the remote system.
    (MFSA 2010-66)

  - A dangling pointer vulnerability in LookupGetterOrSetter     could allow arbitrary code execution. (MFSA 2010-67)

  - The Gopher parser is affected by a cross-site scripting     vulnerability. (MFSA 2010-68)

  - It is possible to steal information from a site in a     different domain using modal calls. (MFSA 2010-69)

  - It is possible to establish a valid SSL connection     to a remote host, provided the SSL certificate was     created with a common name containing a wild card     followed by partial IP address of the remote host.
    (MFSA 2010-70)

  - A function used to load external libraries on Windows     platform could allow loading of unsafe DLLs thus     allowing binary planting attacks. (MFSA 2010-71)

  - The SSL implementation allows servers to use     Diffie-Hellman Ephemeral mode (DHE) with a very     short key length. Such key lengths could be easily     breakable with modern hardware. (MFSA 2010-72)

The installed version of Firefox is earlier than 3.5.14.  Such versions are potentially affected by the following security issues :

  - Multiple memory safety bugs could lead to memory     corruption, potentially resulting in arbitrary     code execution. (MFSA 2010-64)

  - By passing an excessively long string to     'document.write', it may be possible to trigger a buffer     overflow condition resulting in arbitrary code execution     on the remote system. (MFSA 2010-65)

  - A use-after-free error in nsBarProp could allow     arbitrary code execution on the remote system.
    (MFSA 2010-66)

  - A dangling pointer vulnerability in LookupGetterOrSetter     could allow arbitrary code execution. (MFSA 2010-67)

  - The Gopher parser is affected by a cross-site scripting     vulnerability. (MFSA 2010-68)

  - It is possible to steal information from a site in a     different domain using modal calls. (MFSA 2010-69)

  - It is possible to establish a valid SSL connection     to a remote host, provided the SSL certificate was     created with a common name containing a wild card     followed by partial IP address of the remote host.
    (MFSA 2010-70)

  - A function used to load external libraries on Windows     platform could allow loading of unsafe DLLs thus     allowing binary planting attacks. (MFSA 2010-71)

  - The SSL implementation allows servers to use     Diffie-Hellman Ephemeral mode (DHE) with a very     short key length. Such key lengths could be easily     breakable with modern hardware. (MFSA 2010-72)

The Mozilla Project reports :

MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)

MFSA 2010-65 Buffer overflow and memory corruption using document.write

MFSA 2010-66 Use-after-free error in nsBarProp

MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter

MFSA 2010-68 XSS in gopher parser when parsing hrefs

MFSA 2010-69 Cross-site information disclosure via modal calls

MFSA 2010-70 SSL wildcard certificate matching IP addresses

MFSA 2010-71 Unsafe library loading vulnerabilities

MFSA 2010-72 Insecure Diffie-Hellman key exchange

Versions of SeaMonkey 2.0.x earlier than 2.0.9 are potentially affected by multiple vulnerabilities :

  - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-64)

  - By passing an excessively long string to 'document.write' it may be possible to trigger a buffer overflow condition resulting in arbitrary code execution on the remote system. (MFSA 2010-65)

  - A use-after-free error in nsBarProp could allow arbitrary code execution on the remote system. (MFSA 2010-66)

  - A dangling pointer vulnerability in LookupGetterOrSetter could allow arbitrary code execution. (MFSA 2010-67)

  - The Gopher parser is affected by a cross-site scripting vulnerability. (MFSA 2010-68)

  - It is possible to steal information from a site in a different domain using modal calls. (MFSA 2010-69)

  - It is possible to establish a valid SSL connection to a remote host, provided the SSL certificate was created with a common name containing a wild card followed by the partial IP address of the remote host. (MFSA 2010-70)

  - A function used to load external libraries on the Windows platform could allow loading of unsafe DLL's thus allowing binary planting attack. (MFSA 2010-71)

  - The SSL implementation allows servers to use Diffie-Hellman mode (DHE) with a very short key length.  Such key lengths could be easily breakable with modern hardware. (MFSA 2010-72)

Versions of Mozilla Thunderbird 3.1.x prior to 3.1.5 are affected by the following vulnerabilities :

 - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-64)
 - By passing an excessively long string to 'document.write' it may be possible to trigger a buffer overflow condition resulting in arbitrary code execution on the remote system. (MFSA 2010-65)
 - A use-after-free error in 'nsBarProp' could allow arbitrary code execution on the remote system. (MFSA 2010-66)
 - A dangling pointer vulnerability in 'LookupGetterOrSetter' could allow arbitrary code execution. (MFSA 2010-67)
 - It is possible to steal information from a site in a different domain using modal calls. (MFSA 2010-69)
 - It is possible to establish a valid SSL connection to a remote host, provided the SSL certificate was created with a common name containing a wild card followed by the partial IP address of the remote host. (MFSA 2010-70)
 - A function used to load external libraries on the Windows platform could allow loading of unsafe DLL's thus allowing binary planting attack. (MFSA 2010-71)
 - The SSL implementation allows servers to use Diffie-Hellman mode (DHE) with a very short key length. Such key lengths could be easily breakable with modern hardware. (MFSA 2010-72)

Versions of Mozilla Thunderbird 3.0.x prior to 3.0.9 are affected by the following vulnerabilities :

 - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-64)
 - By passing an excessively long string to 'document.write' it may be possible to trigger a buffer overflow condition resulting in arbitrary code execution on the remote system. (MFSA 2010-65)
 - A use-after-free error in 'nsBarProp' could allow arbitrary code execution on the remote system. (MFSA 2010-66)
 - A dangling pointer vulnerability in 'LookupGetterOrSetter' could allow arbitrary code execution. (MFSA 2010-67)
 - It is possible to steal information from a site in a different domain using modal calls. (MFSA 2010-69)
 - It is possible to establish a valid SSL connection to a remote host, provided the SSL certificate was created with a common name containing a wild card followed by the partial IP address of the remote host. (MFSA 2010-70)
 - A function used to load external libraries on the Windows platform could allow loading of unsafe DLL's thus allowing binary planting attack. (MFSA 2010-71)
 - The SSL implementation allows servers to use Diffie-Hellman mode (DHE) with a very short key length. Such key lengths could be easily breakable with modern hardware. (MFSA 2010-72)

Versions of Firefox 3.6.x earlier than 3.6.11 are potentially affected by multiple vulnerabilities :

 - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-64)
 - By passing an excessively long string to 'document.write' it may be possible to trigger a buffer overflow condition resulting in arbitrary code execution on the remote system. (MFSA 2010-65)
 - A use-after-free error in nsBarProp could allow arbitrary code execution on the remote system. (MFSA 2010-66)
 - A dangling pointer vulnerability in LookupGetterOrSetter could allow arbitrary code execution. (MFSA 2010-67)
 - The Gopher parser is affected by a cross-site scripting vulnerability. (MFSA 2010-68)
 - It is possible to steal information from a site in a different domain using modal calls. (MFSA 2010-69)
 - It is possible to establish a valid SSL connection to a remote host, provided the SSL certificate was created with a common name containing a wild card followed by the partial IP address of the remote host. (MFSA 2010-70)
 - A function used to load external libraries on the Windows platform could allow loading of unsafe DLL's thus allowing binary planting attack. (MFSA 2010-71)
 - The SSL implementation allows servers to use Diffie-Hellman mode (DHE) with a very short key length.  Such key lengths could be easily breakable with modern hardware. (MFSA 2010-72)

Versions of Firefox 3.5.x earlier than 3.5.14 are potentially affected by multiple vulnerabilities :

 - Multiple memory safety bugs could lead to memory corruption, potentially resulting in arbitrary code execution. (MFSA 2010-64)
 - By passing an excessively long string to 'document.write' it may be possible to trigger a buffer overflow condition resulting in arbitrary code execution on the remote system. (MFSA 2010-65)
 - A use-after-free error in nsBarProp could allow arbitrary code execution on the remote system. (MFSA 2010-66)
 - A dangling pointer vulnerability in LookupGetterOrSetter could allow arbitrary code execution. (MFSA 2010-67)
 - The Gopher parser is affected by a cross-site scripting vulnerability. (MFSA 2010-68)
 - It is possible to steal information from a site in a different domain using modal calls. (MFSA 2010-69)
 - It is possible to establish a valid SSL connection to a remote host, provided the SSL certificate was created with a common name containing a wild card followed by the partial IP address of the remote host. (MFSA 2010-70)
 - A function used to load external libraries on the Windows platform could allow loading of unsafe DLL's thus allowing binary planting attack. (MFSA 2010-71)
 - The SSL implementation allows servers to use Diffie-Hellman mode (DHE) with a very short key length.  Such key lengths could be easily breakable with modern hardware. (MFSA 2010-72)

ID	Name	Product	Family	Severity
50088	SeaMonkey < 2.0.9 Multiple Vulnerabilities	Nessus	Windows	high
50087	Mozilla Thunderbird 3.1 < 3.1.5 Multiple Vulnerabilities	Nessus	Windows	high
50086	Mozilla Thunderbird < 3.0.9 Multiple Vulnerabilities	Nessus	Windows	high
50085	Firefox 3.6 < 3.6.11 Multiple Vulnerabilities	Nessus	Windows	high
50084	Firefox < 3.5.14 Multiple Vulnerabilities	Nessus	Windows	high
50074	FreeBSD : mozilla -- multiple vulnerabilities (c4f067b9-dc4a-11df-8e32-000f20797ede)	Nessus	FreeBSD Local Security Checks	high
5685	SeaMonkey 2.0.x < 2.0.9 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
5684	Mozilla Thunderbird 3.1.x < 3.1.5 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
5683	Mozilla Thunderbird 3.0.x < 3.0.9 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
5682	Mozilla Firefox 3.6.x < 3.6.11 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
5681	Mozilla Firefox 3.5.x < 3.5.14 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium

Detections

Analytics

CVE-2010-3181

high

Tenable Plugins

high

high

high

high

high

high

medium

medium

medium

medium

medium