Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.900742 |
Category: | General |
Title: | Firefox Multiple Vulnerabilities Feb-10 (Windows) |
Summary: | The host is installed with Firefox Browser and is prone to multiple; vulnerabilities. |
Description: | Summary: The host is installed with Firefox Browser and is prone to multiple vulnerabilities. Vulnerability Insight: - The malformed stylesheet document and cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type. - IFRAME element allows placing the site&qts URL in the HREF attribute of a stylesheet 'LINK' element, and then reading the 'document.styleSheets[0].href' property value. Vulnerability Impact: Successful exploitation allows attackers to obtain sensitive information via a crafted document. Affected Software/OS: Firefox version prior to 3.6 on Windows. Solution: Upgrade to Firefox version 3.6. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-0648 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html http://code.google.com/p/chromium/issues/detail?id=32309 http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12665 Common Vulnerability Exposure (CVE) ID: CVE-2010-0654 http://code.google.com/p/chromium/issues/detail?id=9877 http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html http://websec.sv.cmu.edu/css/css.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11811 |
Copyright | Copyright (C) 2010 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |