Test ID:	1.3.6.1.4.1.25623.1.2.1.2016.54
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2016-54) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: Partial same-origin-policy through setting location.host through data URI Security researcher Armin Razmdjou reported that the location.host property can be set to an arbitrary string after creating an invalid data: URI. This allows for a bypass of some same-origin policy protections. This issue is mitigated by the data: URI in use and any same-origin checks for http: or https: are still enforced correctly. As a result cookie stealing and other common same-origin bypass attacks are not possible. Affected Software/OS: Firefox version(s) below 47. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2825 http://www.securitytracker.com/id/1036057 SuSE Security Announcement: openSUSE-SU-2016:1552 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html SuSE Security Announcement: openSUSE-SU-2016:1557 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://www.ubuntu.com/usn/USN-2993-1
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.