Summary
The host is installed with Mozilla Firefox and is prone to spoofing vulnerability.
Impact
Successful exploitation will let attackers to conduct spoofing attacks.
Impact Level: Application
Solution
Upgrade to Firefox version 3.6.6 or later,
http://www.mozilla.com/en-US/firefox/all.html
Insight
The flaw is due to error in the 'startDocumentLoad()' function in 'browser/base/content/browser.js', fails to implement Same Origin Policy.
This can be exploited to display arbitrary content in the blank document while showing the URL of a trusted web site in the address bar.
Affected
Firefox version before 3.6.6
References
Severity
Classification
-
CVE CVE-2010-1206 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
- Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
- Apache Tomcat XML External Entity Information Disclosure Vulnerability
- APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability