| VID |
28642 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Mozilla/Firefox Web browser, according to its version number, contains multiple vulnerabilities.
Mozilla and Firefox are open-source Web browsers, developed by the Mozilla project. Mozilla versions prior to 1.7.3, Firefox versions prior to 1.0PR are vulnerable to the following vulnerabilities:
- Same-Origin Policy Bypass Vulnerability: Because of bypassing the browser same-origin policy security checks by dragging the link from one browser window and dropped into another browser window, a remote attacker could execute arbitrary script code in the context of a target domain.
- 'enablePrivilege' Dialog Manipulation Vulnerability: By using a specially-crafted enablePrivilege parameter, a remote attacker could modify the description of the security dialog and trick the user into to accepting the security dialog.
- Tar.GZ Archive Weak Permissions Vulnerability: Due to an improper permissions of 'tar.gz' archive that contains the installation files, attackers with local interactive could overwrite or modify installation files used during the installation of the browser.
- Unauthorized Clipboard Contents Disclosure Vulnerability: Because of permitting a remote site to gain access to contents of the client user's clipboard, a remote attacker could gain the clipboard contents.
- Non-ASCII Hostname Heap Overflow Vulnerability: Due to an improper handling of non-ascii characters in a URL, a remote attacker could overflow a buffer and execute arbitrary code on the system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Mozilla Project, Firefox prior to 1.0PR
Mozilla Project, Mozilla prior to 1.7.3
Apple Computer, Inc., Mac OS Any version
Linux Any version
Unix Any version
Microsoft Windows Any version |
| Recommendation |
For Mozilla Suite:
Upgrade to the latest version of Mozilla Suite (1.7.3 or later), available from the Mozilla Web site at http://www.mozilla.org/products/mozilla1.x/
For Mozilla Firefox:
Upgrade to the latest version of Mozilla Firefox (1.0PR or later), available from the Mozilla Web site at http://www.mozilla.org/product/firefox/ |
| Related URL |
(CVE) |
| Related URL |
11169,11177,11179,11192,11194 (SecurityFocus) |
| Related URL |
17374,17377,17378 (ISS) |
|
