Summary
The host is installed with Firefox browser and is prone to multiple spoofing vulnerabilies.
Impact
Successful exploitation will allow attackers to conduct spoofing attacks and possibly launch further attacks on the system.
Impact Level:System/Application
Solution
Upgrade to Firefox version 3.6.3 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/firefox.html
Insight
- A race condition error allows attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.
- Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.
Affected
Mozilla Firefox version 3.0 to 3.5.5 on Linux.
References
Severity
Classification
-
CVE CVE-2009-4129, CVE-2009-4130 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
- Apple iTunes Insecure Permissions Privilege Escalation Vulnerability (Mac OS X)
- Apache Tomcat Multiple Vulnerabilities - 02 Mar14
- Apache Tomcat AJP Request Remote Denial Of Service Vulnerability
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)