Summary
The host is installed with Mozilla Firefox and is prone to multiple vulnerabilities.
Impact
Successful exploitation allows remote attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, which results into cross site scripting, cross site request forgery and denial of service attacks.
Impact Level: Application
Solution
Upgrade to Firefox version 4.0 or later
http://www.mozilla.com/en-US/firefox/all.html
Insight
Multiple flaws are due to not properly restricting modifications to cookies established in HTTPS sessions.
Affected
Mozilla Firefox versions before 4.0
References
Severity
Classification
-
CVE CVE-2008-7293 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
- Apple Safari WebKit Information Disclosure Vulnerability (Windows)
- Adobe Reader Multiple Vulnerabilities - Aug07 (Linux)
- Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)