icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Firefox < 2.0.0.20 Cross-Domain Data Theft

Medium

Synopsis

The remote Windows host contains a web browser that is affected by a cross-domain data theft vulnerability.

Description

The installed version of Firefox is earlier than 2.0.0.20. Such versions shipped without a fix for a security issue that was reportedly fixed in version 2.0.0.19. Specifically :

- A website may be able to access a limited amount of data from a different domain by loading a same-domain JavaScript URL which redirects to an off-domain target resource containing data that is not parsable as JavaScript. (MFSA 2008-65)

Note that Mozilla is not planning further security / stability updates for Firefox 2.x.

Solution

Upgrade to version 2.0.0.20 or higher.