Firefox Information Disclosure Vulnerability Jan09 (Linux) Network Vulnerability

Summary

The host is installed with Mozilla Firefox browser and is prone to information disclosure vulnerability.

Impact

Successful exploitation will let the attacker execute arbitrary codes in the context of the web browser and can obtain sensitive information of the remote user through the web browser. Impact Level: Application

Solution

Upgrade to Mozilla Firefox version 3.6.3 or later For updates refer to http://www.getfirefox.com

Insight

The Web Browser fails to properly enforce the same-origin policy, which leads to cross-domain information disclosure.

Affected

Mozilla Firefox version from 2.0 to 3.0.5 on Linux.

References

http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=480938

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-5913
CVSS Base Score: 2.1
AV:N/AC:H/Au:S/C:N/I:P/A:N

Related Vulnerabilities

NetSaro Enterprise Messenger Cross Site Scripting and HTML Injection Vulnerabilities
Atlassian Confluence Multiple Cross Site Scripting Vulnerabilities
Moodle Prior to 1.9.8/1.8.12 Multiple Vulnerabilities
MantisBT 'adm_config_report.php' Cross-Site Scripting Vulnerability - January15
Nagios XI 'users.php' Multiple Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities