Mozilla Firefox Security Bypass Vulnerability July-11 (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox and is prone to security bypass vulnerability.

Impact

Successful exploitation allows remote attackers to trigger an installation dialog for a add-on or theme. Impact Level: Application

Solution

Upgrade to Firefox version 5.0 or later http://www.mozilla.com/en-US/firefox/all.html

Insight

The flaw is due to firefox does not properly enforce the whitelist for the xpinstall functionality, which allows a non-whitelisted site to trigger an install dialog for add-ons and themes.

Affected

Mozilla Firefox versions before 5.0.

References

http://www.mozilla.org/security/announce/2011/mfsa2011-28.html
https://bugzilla.mozilla.org/show_bug.cgi?id=645699

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2370

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
Adobe Reader Information Disclosure & Denial of Service Vulnerabilities (Windows)
Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Windows)
Apple Safari Multiple Vulnerabilities

Take action and discover your vulnerabilities