firefox: Multiple vulnerabilities

Users of firefox please be advised of Multiple vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

MDVSA-2010:210: [MDVSA-2010:210] firefox – Multiple Issues
Problem Description:

Security issues were identified and fixed in firefox:

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird

before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9

recognize a wildcard IP address in the subject’s Common Name field of

an X.509 certificate, which might allow man-in-the-middle attackers

to spoof arbitrary SSL servers via a crafted certificate issued by

a legitimate Certification Authority (CVE-2010-3170).

Multiple cross-site scripting (XSS) vulnerabilities in the Gopher

parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and

SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary

web script or HTML via a crafted name of a (1) file or (2) directory

on a Gopher server (CVE-2010-3177).Read more at http://www.criticalwatch.com
 

Advertisements