Summary
This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to inject script or execute arbitrary programs in the context of the browser.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 17.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
- An error within the 'Web Developer Toolbar' allows script to be executed in chrome privileged context.
- The 'Javascript:' URLs when opened in a New Tab page inherits the privileges of the privileged 'new tab' page.
Affected
Mozilla Firefox version before 17.0 on Windows
References
- http://secunia.com/advisories/51358/
- http://securitytracker.com/id?1027791
- http://securitytracker.com/id?1027792
- http://www.mozilla.org/security/announce/2012/mfsa2012-95.html
- http://www.mozilla.org/security/announce/2012/mfsa2012-102.html
- http://www.osvdb.org/87586
- http://www.osvdb.org/87600
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-4203, CVE-2012-5837 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Flash Media Server Video Stream Capture Security Issue
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)
- Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
- aMSN session hijack vulnerability (Windows)
- Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)