Detections
Analytics
Firefox < 2.0.0.7 Apple QuickTime Plug-In .qtl File qtnext Field Cross-context Scripting
high Nessus Plugin ID 26068
Synopsis
The remote Windows host contains a web browser that may allow arbitrary code execution.Description
The installed version of Firefox may allow a remote attacker to run script commands subject to the user's privileges via 'qtnext' attributes in QuickTime Media-Link files.Note that this issue can be exploited even if support for JavaScript in the browser has been disabled.
Solution
Upgrade to Firefox 2.0.0.7 or later.See Also
https://www.mozilla.org/en-US/security/advisories/mfsa2007-28/
Plugin Details
Severity: High
ID: 26068
File Name: mozilla_firefox_2007.nasl
Version: 1.12
Type: local
Agent: windows
Family: Windows
Published: 9/20/2007
Updated: 8/10/2018
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: High
Base Score: 9.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:mozilla:firefox
Required KB Items: Mozilla/Firefox/Version
Patch Publication Date: 9/18/2006
Vulnerability Publication Date: 9/20/2006
Reference Information
CVE: CVE-2006-4965
CWE: 94