Summary
This host is installed with Mozilla Product(s) and is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will allow attackers to conduct Cross-Site Scripting attacks in the victim's system.
Impact Level: Application
Solution
Upgrade Firefox version 3.6.3 or later,
For updates refer to http://www.mozilla.org/
Insight
Firefox fails to sanitise the 'data:' URIs in Location headers in HTTP responses, which can be exploited via vectors related to injecting a Location header or Location HTTP response header.
Affected
Mozilla, Firefox version 3.0.13 and prior, 3.5 and 3.6/3.7 a1 pre on Linux.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3012 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Windows)
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
- Asterisk SIP REGISTER Response Username Enumeration Vulnerability