Mozilla Firefox ESR Security Bypass Vulnerabilities - Oct 12 (Mac OS X) Network Vulnerability

Summary

The host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.

Impact

Successful exploitation will let attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site. Impact Level: Application

Solution

Upgrade to Mozilla Firefox ESR 10.0.9 or later For updates refer to http://www.mozilla.com/en-US/firefox/all.html

Insight

Security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object.

Affected

Mozilla Firefox ESR versions 10.x before 10.0.9 on Mac OS X

References

http://secunia.com/advisories/50856
http://secunia.com/advisories/50935
http://www.mozilla.org/security/announce/2012/mfsa2012-89.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4192, CVE-2012-4193

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Unspecified Vulnerabilities - Mac OS X
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Linux)
Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)

Take action and discover your vulnerabilities