The host is installed with Mozilla Firefox browser and is prone to multiple vulnerabilities.

Successful exploitation could result in bypassing certain security restrictions, information disclosures, JavaScript code executions which can be executed with the privileges of the signed users. Impact Level: System/Application

Upgrade to Firefox version 3.0.6 http://www.mozilla.com/en-US/firefox/all.html

Multiple flaws are due to - Cookies marked 'HTTPOnly' are readable by JavaScript through the request calls of XMLHttpRequest methods i.e. XMLHttpRequest.getAllResponseHeaders and XMLHttpRequest.getResponseHeader. - Using local internet shortcut files to access other sites could be bypassed by redirecting to a privileged 'about:' URI e.g. 'about:plugins'. - Chrome XBL methods can be used to execute arbitrary Javascripts within the context of another website through the same origin policy by using 'window.eval' method. - 'components/sessionstore/src/nsSessionStore.js' file does not block the changes of INPUT elements to type='file' during tab restoration. - Error in caching certain HTTP directives which is being ignored by Firefox which can expose sentive data in any shared network.

Firefox version 2.x to 3.0.5 on Linux.

• http://www.mozilla.org/security/announce/2009/mfsa2009-01.html
• http://www.mozilla.org/security/announce/2009/mfsa2009-02.html
• http://www.mozilla.org/security/announce/2009/mfsa2009-03.html
• http://www.mozilla.org/security/announce/2009/mfsa2009-04.html
• http://www.mozilla.org/security/announce/2009/mfsa2009-05.html
• http://www.mozilla.org/security/announce/2009/mfsa2009-06.html

---

Updated on 2015-03-25