Summary
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to inject scripts and bypass certain security restrictions.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox ESR version 10.0.10 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
Multiple errors
- When handling the 'window.location' object.
- Within CheckURL() function of the 'window.location' object, which can be forced to return the wrong calling document and principal.
- Within handling of 'Location' object can be exploited to bypass security wrapper protection.
Affected
Mozilla Firefox ESR version 10.x before 10.0.10 on Mac OS X
References
Severity
Classification
-
CVE CVE-2012-4194, CVE-2012-4195, CVE-2012-4196 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat AJP Request Remote Denial Of Service Vulnerability
- Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)
- Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
- Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
- Apple Remote Desktop Information Disclosure Vulnerability