Summary
The host is installed with Mozilla Firefox ESR and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox ESR 10.0.9 or later
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
Security wrappers are unwrapped without doing a security check in defaultValue(). This can allow for improper access to the Location object.
Affected
Mozilla Firefox ESR versions 10.x before 10.0.9 on Mac OS X
References
Severity
Classification
-
CVE CVE-2012-4192, CVE-2012-4193 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities