Test ID:	1.3.6.1.4.1.25623.1.2.1.2012.93
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2012-93) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: evalInSanbox location context incorrectly applied Mozilla security researcher moz_bug_r_a4 reported that if code executed by the evalInSandbox function sets location.href, it can get the wrong subject principal for the URL check, ignoring the sandbox's Javascript context and gaining the context of evalInSandbox object. This can lead to malicious web content being able to perform a cross-site scripting (XSS) attack or stealing a copy of a local file if the user has installed an add-on vulnerable to this attack. Affected Software/OS: Firefox version(s) below 17. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4201 BugTraq ID: 56618 http://www.securityfocus.com/bid/56618 Debian Security Information: DSA-2583 (Google Search) http://www.debian.org/security/2012/dsa-2583 Debian Security Information: DSA-2584 (Google Search) http://www.debian.org/security/2012/dsa-2584 Debian Security Information: DSA-2588 (Google Search) http://www.debian.org/security/2012/dsa-2588 http://www.mandriva.com/security/advisories?name=MDVSA-2012:173 http://osvdb.org/87594 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15995 RedHat Security Advisories: RHSA-2012:1482 http://rhn.redhat.com/errata/RHSA-2012-1482.html RedHat Security Advisories: RHSA-2012:1483 http://rhn.redhat.com/errata/RHSA-2012-1483.html http://secunia.com/advisories/51359 http://secunia.com/advisories/51360 http://secunia.com/advisories/51369 http://secunia.com/advisories/51370 http://secunia.com/advisories/51381 http://secunia.com/advisories/51434 http://secunia.com/advisories/51439 http://secunia.com/advisories/51440 SuSE Security Announcement: SUSE-SU-2012:1592 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html SuSE Security Announcement: openSUSE-SU-2012:1583 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html SuSE Security Announcement: openSUSE-SU-2012:1585 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html SuSE Security Announcement: openSUSE-SU-2012:1586 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html SuSE Security Announcement: openSUSE-SU-2013:0175 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://www.ubuntu.com/usn/USN-1636-1 http://www.ubuntu.com/usn/USN-1638-1 http://www.ubuntu.com/usn/USN-1638-2 http://www.ubuntu.com/usn/USN-1638-3 XForce ISS Database: firefox-evalinsandbox-sec-bypass(80171) https://exchange.xforce.ibmcloud.com/vulnerabilities/80171
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.