Summary
The host is installed with Mozilla Firefox browser and is prone to status bar spoofing vulnerability.
Impact
Successful remote exploitation will let the attacker spoof the status bar information and can gain sensitive information by redirecting the authentic user to any malicious URL.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 3.6.3 or later
For updates refer to http://www.getfirefox.com
Insight
Firefox doesn't properly handle the crafted URL which is being displayed in the user's browser which lets the attacker perform clickjacking attack and can spoof the user redirect to a different arbitrary malformed website.
Affected
Mozilla Firefox version 3.0.5 and 2.0.0.18/19 on Linux.
Severity
Classification
-
CVE CVE-2009-0253 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability