Summary
This host is installed with Mozilla Firefox and is prone to Chrome Privilege Escalation vulnerability.
Impact
Successful exploitation will let attacker to execute arbitrary JavaScript with chrome privileges when certain add-ons are enabled.
Impact Level: Application
Solution
Upgrade to Firefox version 3.5.2
http://www.mozilla.com/en-US/firefox/all.html
Insight
Error in 'nsDocument::SetScriptGlobalObject()' function in 'nsDocument.cpp' in content/base/src/ which does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper.
Affected
Firefox version 3.5 before 3.5.2 on Windows.
References
Severity
Classification
-
CVE CVE-2009-2665 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities