Mozilla Products 'Firefox Recovery Key.html' Information Disclosure Vulnerability (MAC OS X) Network Vulnerability

Summary

The host is installed with Mozilla firefox/seamonkey and is prone to information disclosure vulnerability.

Impact

Successful exploitation will let attackers to read a Firefox Sync key via standard filesystem operations and gain sensitive information. Impact Level: System/Application

Solution

Upgrade to Mozilla Firefox version 10.0 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html Upgrade to SeaMonkey version to 2.7 or later http://www.mozilla.org/projects/seamonkey/

Insight

The flaw is due to setting weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.

Affected

SeaMonkey version prior to 2.7 Mozilla Firefox version 4.x through 9.0

References

http://www.mozilla.org/security/announce/2012/mfsa2012-09.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0450

CVSS	Base Score: 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Leave information on scanned Windows hosts
Elecard MPEG Player Application Version Detection
Firewall Builder Privilege Escalation Vulnerability (Linux)
HP Jet Admin 7.x Directory Traversal
IMP Detection

Take action and discover your vulnerabilities