This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
A password manager installed on the remote host is affected by a
remote message hijacking vulnerability.
According to its version, the LastPass Firefox extension installed on
the remote Windows host is 4.0.x prior to 4.1.21a. It is, therefore,
affected by a message hijacking vulnerability due to improper
validation of messages sent between the extension and a privileged
iframe. An unauthenticated, remote attacker can exploit this issue, by
convincing a user into loading a specially crafted web page that
programmatically clicks a LastPass modified input element, to take
full control of the LastPass extension, including creating and
deleting files, executing scripts, and disclosing passwords.
See also :
Upgrade to LastPass Firefox extension version 4.1.21a or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now