Summary
This host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to security bypass vulnerability
Impact
Successful exploitation could allow attackers to inject scripts or bypass certain security restrictions.
Impact Level: Application
Solution
Upgrade to Mozilla Firefox version 12.0 or later,
For updates refer to http://www.mozilla.com/en-US/firefox/all.html
Upgrade to SeaMonkey version to 2.9 or later,
http://www.mozilla.org/projects/seamonkey/
Upgrade to Thunderbird version to 12.0 or later,
http://www.mozilla.org/en-US/thunderbird/
Insight
The flaw is due to an error within the handling of XMLHttpRequest and WebSocket while using an IPv6 address can be exploited to bypass the same origin policy.
Affected
SeaMonkey version before 2.9
Thunderbird version 5.0 through 11.0
Mozilla Firefox version 4.x through 11.0
References
Severity
Classification
-
CVE CVE-2012-0475 -
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Compaq WBEM Server Detection
- Adobe Reader Temporary Files Arbitrary File Overwrite Vulnerability (Linux)
- Apple Safari Information Disclosure Vulnerability Dec13 (Mac OS X)
- ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
- Evolution Mail Client Information Disclosure Vulnerability