Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mozilla Firefox Multiple Vulnerabilities Feb-09 (Linux)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is installed with Mozilla Firefox browser and is prone to multiple vulnerabilities.
Insight
Insight
Multiple flaws are due to - Cookies marked 'HTTPOnly' are readable by JavaScript through the request calls of XMLHttpRequest methods i.e. XMLHttpRequest.getAllResponseHeaders and XMLHttpRequest.getResponseHeader. - Using local internet shortcut files to access other sites could be bypassed by redirecting to a privileged 'about:' URI e.g. 'about:plugins'. - Chrome XBL methods can be used to execute arbitrary Javascripts within the context of another website through the same origin policy by using 'window.eval' method. - 'components/sessionstore/src/nsSessionStore.js' file does not block the changes of INPUT elements to type='file' during tab restoration. - Error in caching certain HTTP directives which is being ignored by Firefox which can expose sensitive data in any shared network.
Affected Software
Affected Software
Firefox version 2.x to 3.0.5 on Linux.
Solution
Solution
Upgrade to Firefox version 3.0.6.
Common Vulnerabilities and Exposures (CVE)
References
- http://www.mozilla.org/security/announce/2009/mfsa2009-01.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-02.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-03.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-04.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-05.html
- http://www.mozilla.org/security/announce/2009/mfsa2009-06.html