Summary
This host is installed with Mozilla Product(s) and is prone to Cross-Site Scripting vulnerability.
Impact
Successful exploitation will allow attackers to conduct Cross-Site Scripting attacks in the victim's system.
Impact Level: Application
Solution
Upgrade to Firefox version 3.6.3 or later,
For updates refer to http://www.mozilla.org/
Insight
Firefox fails to sanitise the 'data:' URIs in Location headers in HTTP responses, which can be exploited via vectors related to injecting a Location header or Location HTTP response header.
Affected
Mozilla, Firefox version 3.0.13 and prior, 3.5 and 3.6/3.7 a1 pre on Windows.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-3012 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)
- Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
- CA Gateway Security Remote Code Execution Vulnerability
- Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Mac OS X)
- Asterisk SIP REGISTER Response Username Enumeration Vulnerability