Summary
The host is installed with Mozilla Firefox and is prone to security bypass vulnerability.
Impact
Successful exploitation allows remote attackers to trigger an installation dialog for a add-on or theme.
Impact Level: Application
Solution
Upgrade to Firefox version 5.0 or later
http://www.mozilla.com/en-US/firefox/all.html
Insight
The flaw is due to firefox does not properly enforce the whitelist for the xpinstall functionality, which allows a non-whitelisted site to trigger an install dialog for add-ons and themes.
Affected
Mozilla Firefox versions before 5.0.
References
Severity
Classification
-
CVE CVE-2011-2370 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apple Mac OS X Authentication Bypass Vulnerability
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)
- Apache Tomcat Multiple Vulnerabilities - 01 Mar14
- CA Gateway Security Remote Code Execution Vulnerability
- APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability