Mozilla Firefox Multiple Vulnerabilities Feb-09 (Linux)

Published: 2009-02-20 16:40:17
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:

Successful exploitation could result in bypassing certain security restrictions, information disclosures, JavaScript code executions which can be executed with the privileges of the signed users.

Affected Versions:
Firefox version 2.x to 3.0.5 on Linux.

Technical Details:
Multiple flaws are due to - Cookies marked 'HTTPOnly' are readable by JavaScript through the request calls of XMLHttpRequest methods i.e. XMLHttpRequest.getAllResponseHeaders and XMLHttpRequest.getResponseHeader. - Using local internet shortcut files to access other sites could be bypassed by redirecting to a privileged 'about:' URI e.g. 'about:plugins'. - Chrome XBL methods can be used to execute arbitrary Javascripts within the context of another website through the same origin policy by using 'window.eval' method. - 'components/sessionstore/src/nsSessionStore.js' file does not block the changes of INPUT elements to type='file' during tab restoration. - Error in caching certain HTTP directives which is being ignored by Firefox which can expose sensitive data in any shared network.

Upgrade to Firefox version 3.0.6.

The host is installed with Mozilla Firefox browser and is prone to multiple vulnerabilities.

Detection Type:
Executable Unreliable

Solution Type:
Vendor Patch

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

SecurityFocus Bugtraq ID:


CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.