Summary
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to same origin policy bypass vulnerability.
Impact
Successful exploitation will let attackers to bypass the same-origin policy, execute arbitrary script code, obtain potentially sensitive information, or launch spoofing attacks against other sites.
Impact Level: System/Application
Solution
Upgrade to Mozilla Firefox version 3.6.23 or 6.0 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.3 or later
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version to 6.0 or later
http://www.mozilla.org/en-US/thunderbird/
Insight
The flaw is due to some plugins, which use the value of 'window.location' to determine the page origin this could fool the plugin into granting the plugin content access to another site or the local file system in violation of the Same Origin Policy.
Affected
SeaMonkey version prior to 2.3
Thunderbird version prior to 6.0
Mozilla Firefox before 3.6.23 and 4.x through 5
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2999 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X)
- Apple Safari WebKit Information Disclosure Vulnerability (Mac OS X)
- Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability