Detections
Analytics
Firefox < 2.0.0.6 Multiple Vulnerabilities
high Log Correlation Engine Plugin ID 800738
Synopsis
The remote Windows host contains a web browser that is affected by multiple vulnerabilities.Description
The installed version of Firefox allows unescaped URIs to be passed to external programs, may lead to execution of arbitrary code on the affected host subject to the user's privileges, and could also allow privilege escalation attacks against addons that create 'about:blank' windows and populate them in certain ways.Solution
Upgrade to version 2.0.0.6 or higher.See Also
http://www.mozilla.org/security/announce/2007/mfsa2007-27.html
http://www.mozilla.org/security/announce/2007/mfsa2007-26.html
Plugin Details
Severity: High
ID: 800738
Family: Web Clients
Nessus ID: 25820
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4.5
Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P
Reference Information
CVE: CVE-2007-3844
BID: 25142