Summary
This host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to inject scripts and bypass certain security restrictions.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox ESR version 10.0.10 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
Multiple errors
- When handling the 'window.location' object.
- Within CheckURL() function of the 'window.location' object, which can be forced to return the wrong calling document and principal.
- Within handling of 'Location' object can be exploited to bypass security wrapper protection.
Affected
Mozilla Firefox ESR version 10.x before 10.0.10 on Windows
References
Severity
Classification
-
CVE CVE-2012-4194, CVE-2012-4195, CVE-2012-4196 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
- Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
- Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability
- Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)