Summary
This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to inject script or execute arbitrary programs in the context of the browser.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 17.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
- An error within the 'Web Developer Toolbar' allows script to be executed in chrome privileged context.
- The 'Javascript:' URLs when opened in a New Tab page inherits the privileges of the privileged 'new tab' page.
Affected
Mozilla Firefox version before 17.0 on Mac OS X
References
- http://secunia.com/advisories/51358/
- http://securitytracker.com/id?1027791
- http://securitytracker.com/id?1027792
- http://www.mozilla.org/security/announce/2012/mfsa2012-95.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-102.html
- http://www.osvdb.org/87586
- http://www.osvdb.org/87600
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-4203, CVE-2012-5837 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)
- Apple Safari 'SRC' Remote Denial Of Service Vulnerability
- Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)