Test ID:	1.3.6.1.4.1.25623.1.0.802582
Category:	General
Title:	Mozilla Products 'Firefox Recovery Key.html' Information Disclosure Vulnerability - Mac OS X
Summary:	Mozilla Firefox/Seamonkey is prone to an information disclosure vulnerability.
Description:	Summary: Mozilla Firefox/Seamonkey is prone to an information disclosure vulnerability. Vulnerability Insight: The flaw is due to setting weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. Vulnerability Impact: Successful exploitation will let attackers to read a Firefox Sync key via standard filesystem operations and gain sensitive information. Affected Software/OS: SeaMonkey version prior to 2.7 Mozilla Firefox version 4.x through 9.0 Solution: Upgrade to Mozilla Firefox version 10.0 or later, Upgrade to SeaMonkey version to 2.7 or later. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0450 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://osvdb.org/78741 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14670 SuSE Security Announcement: openSUSE-SU-2012:0234 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html XForce ISS Database: mozilla-keyhtml-info-disclosure(72869) https://exchange.xforce.ibmcloud.com/vulnerabilities/72869
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.