| VID |
28650 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Mozilla/Firefox, according to its version number, has an IMG tag File Existance Verification Vulnerability.
Mozilla/Firefox are open-source Web browsers, developed by the Mozilla project. Mozilla Firefox versions prior to 1.0 allow a remote attacker to determine the existence of local files. A remote attacker could create a specially crafted web page containing malicious IMG tag, and then could persuade a target user to visit it. Once the web page is viewed, a remote attacker could detect particular files on a target system and gain information. An attacker could use this information to launch further attacks against the target system.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=11590
* Platforms Affected:
Mozilla Firefox versions prior to 1.0
Mac OS 10.1.x, 10.2 and later
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Mozilla Firefox (1.0 or later), available from the Mozilla Web site at http://www.mozilla.org/products/firefox/ |
| Related URL |
(CVE) |
| Related URL |
11648 (SecurityFocus) |
| Related URL |
18015 (ISS) |
|
