Test ID:	1.3.6.1.4.1.25623.1.0.900448
Category:	Web application abuses
Title:	Firefox Information Disclosure Vulnerability (Jan 2009) - Windows
Summary:	Mozilla Firefox browser is prone to an information disclosure vulnerability.
Description:	Summary: Mozilla Firefox browser is prone to an information disclosure vulnerability. Vulnerability Insight: The Web Browser fails to properly enforce the same-origin policy, which leads to cross-domain information disclosure. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes in the context of the web browser and can obtain sensitive information of the remote user through the web browser. Affected Software/OS: Mozilla Firefox version from 2.0 to 3.0.5 on Windows. Solution: Upgrade to Mozilla Firefox version 3.6.3 or later. CVSS Score: 4.9 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5913 BugTraq ID: 33276 http://www.securityfocus.com/bid/33276 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:125 http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161 http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11139 http://www.redhat.com/support/errata/RHSA-2010-0500.html http://www.redhat.com/support/errata/RHSA-2010-0501.html http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 SuSE Security Announcement: SUSE-SA:2010:030 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://ubuntu.com/usn/usn-930-1 http://www.ubuntu.com/usn/usn-930-2 http://www.vupen.com/english/advisories/2010/1551 http://www.vupen.com/english/advisories/2010/1557 http://www.vupen.com/english/advisories/2010/1592 http://www.vupen.com/english/advisories/2010/1640 http://www.vupen.com/english/advisories/2010/1773
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.