Mozilla Products 'Firefox Recovery Key.html' Information Disclosure Vulnerability (MAC OS X) Network Vulnerability

Summary

The host is installed with Mozilla firefox/seamonkey and is prone to information disclosure vulnerability.

Impact

Successful exploitation will let attackers to read a Firefox Sync key via standard filesystem operations and gain sensitive information. Impact Level: System/Application

Solution

Upgrade to Mozilla Firefox version 10.0 or later, For updates refer to http://www.mozilla.com/en-US/firefox/all.html Upgrade to SeaMonkey version to 2.7 or later http://www.mozilla.org/projects/seamonkey/

Insight

The flaw is due to setting weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations.

Affected

SeaMonkey version prior to 2.7 Mozilla Firefox version 4.x through 9.0

References

http://www.mozilla.org/security/announce/2012/mfsa2012-09.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0450
CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Microsoft dotNET version grabber
MikMod Module Player Version Detection (Linux)
HTTP Server type and version
CheckPoint InterSpect
KTorrent Version Detection (Linux)

Take action and discover your vulnerabilities