Summary
The host is installed with Firefox Browser and is prone to multiple vulnerabilities.
Impact
Successful exploitation allows attackers to obtain sensitive information via a crafted document.
Impact Level: Application.
Solution
Upgrade to Firefox version 3.6,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
- The malformed stylesheet document and cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type.
- IFRAME element allows placing the site&qts URL in the HREF attribute of a stylesheet 'LINK' element, and then reading the 'document.styleSheets[0].href' property value.
Affected
Firefox version prior to 3.6 on Linux.
References
Severity
Classification
-
CVE CVE-2010-0648, CVE-2010-0654 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe Reader Plugin Signature Bypass Vulnerability (Windows)
- Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
- Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
- Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)