Info

Disclosure

Jul 20, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 20, 2010

Description

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

Upgrade to Firefox 3.6.7, Firefox 3.5.11, SeaMonkey 2.0.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

CVE ID: 2010-1214 (see also: NVD)
Secunia Advisory ID: 40642 40649 40650 40651 40680 40683 40688 40706 40707 40708 40714 40715 40724 40739 40795 42652 51766
Related OSVDB ID: 66590 66591 66592 66593 66595 66596 66597 66598 66599 66600 66601 66602 66603 66604 66605
Vendor Specific News/Changelog Entry: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_firefox_browser
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044428.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044449.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044450.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044464.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044465.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044469.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044477.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044478.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044487.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044488.html
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00008.html
http://www.gentoo.org/security/en/glsa/glsa-201301-01.xml
https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-July/001125.html
https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-July/001127.html
https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-July/001128.html
Vendor Specific Advisory URL: http://rhn.redhat.com/errata/RHSA-2010-0545.html
http://www.cometforums.com/topic/12795123-new-cometbird-version-367-has-been-released/
http://www.mozilla.org/security/announce/2010/mfsa2010-37.html
http://www.us.debian.org/security/2010/dsa-2075
RedHat RHSA: http://rhn.redhat.com/errata/RHSA-2010-0546.html
https://rhn.redhat.com/errata/RHSA-2010-0547.html
Mail List Post: http://seclists.org/fulldisclosure/2010/Jul/292
Other Advisory URL: http://www.mozilla.org/security/announce/2010/mfsa2010-34.html
http://www.mozilla.org/security/announce/2010/mfsa2010-35.html
http://www.zerodayinitiative.com/advisories/ZDI-10-132/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/66594