Summary
The host is installed with Mozilla Firefox browser and is prone to status bar spoofing vulnerability.
Impact
Successful remote exploitation will let the attacker spoof the status bar information and can gain sensitive information by redirecting the authentic user to any malicious URL.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 3.6.3 or later
For updates refer to http://www.getfirefox.com
Insight
Firefox doesn't properly handle the crafted URL which is being displayed in the user's browser which lets the attacker perform clickjacking attack and can spoof the user redirect to a different arbitrary malformed website.
Affected
Mozilla Firefox version 3.0.5 and 2.0.0.18/19 on Linux.
Severity
Classification
-
CVE CVE-2009-0253 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat source.jsp malformed request information disclosure
- Apache Solr Directory Traversal Vulnerability Jan-14
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Struts Directory Traversal Vulnerability