Summary
The host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to conduct cross-site scripting, clickjacking attacks or cause a denial of service or possibly execute arbitrary code.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 16.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Insight
The flaws are due to
- An error while handling navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks.
- An invalid cast when using the instance of operator on certain types of JavaScript objects.
- An error when implementing the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.
Affected
Mozilla Firefox versions before 16.0 on Windows
References
Severity
Classification
-
CVE CVE-2012-3984, CVE-2012-3985, CVE-2012-3989, CVE-2012-5354 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
- Adobe Dreamweaver Insecure Library Loading Vulnerability
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Mac OS X)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)