Summary
This host is installed with Mozilla firefox and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to inject scripts, bypass certain security restrictions, execute arbitrary code in the context of the browser.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 14.0 or ESR version 10.0.6 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
- The improper implementation of drag-and-drop feature, fails to display the URL properly in addressbar.
- An error when handling 'feed:' URLs can be exploited to bypass the output filters and execute arbitrary JavaScript code.
- The context-menu restrictions for data: URLs are not the same as for javascript: URLs, which allows to conduct XSS attacks.
Affected
Mozilla Firefox version 4.x through 13.0
Mozilla Firefox ESR version 10.x before 10.0.6 on Mac OS X
References
- http://secunia.com/advisories/49965
- http://securitytracker.com/id/1027256
- http://securitytracker.com/id/1027257
- http://www.mozilla.org/security/announce/2012/mfsa2012-43.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-46.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-55.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-1950, CVE-2012-1965, CVE-2012-1966 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)
- Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
- Apache Tomcat XML External Entity Information Disclosure Vulnerability
- Apple iTunes Insecure Permissions Privilege Escalation Vulnerability (Mac OS X)
- Apache /server-status accessible