Summary
This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to inject script or execute arbitrary programs in the context of the browser.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 17.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
- An error within the 'Web Developer Toolbar' allows script to be executed in chrome privileged context.
- The 'Javascript:' URLs when opened in a New Tab page inherits the privileges of the privileged 'new tab' page.
Affected
Mozilla Firefox version before 17.0 on Mac OS X
References
- http://secunia.com/advisories/51358/
- http://securitytracker.com/id?1027791
- http://securitytracker.com/id?1027792
- http://www.mozilla.org/security/announce/2012/mfsa2012-95.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-102.html
- http://www.osvdb.org/87586
- http://www.osvdb.org/87600
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-4203, CVE-2012-5837 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
- Adobe Reader Information Disclosure & Denial of Service Vulnerabilities (Windows)
- Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)
- Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
- Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)