Mozilla Firefox < 1.0.2 Multiple Vulnerabilities

Medium Log Correlation Engine Plugin ID 801335

Synopsis

The remote host is missing a critical security patch or upgrade.

Description

The remote host is using Firefox. The remote version of this software contains multiple security flaws that can be exploited by a malicious website. An attacker exploiting one of these flaws would need to be able to either convince a remote user to visit a malicious website or convince the remote user to open an HTML email and save an attachment.
In addition, this version is vulnerable to a remote flaw that could result in arbitrary code execution. Specifically, if a malicious web page is bookmarked as a sidebar panel, the malicious page may open and inject code into privileged pages. An attacker exploiting this flaw would need to be able to convince a user to both visit and bookmark their malicious web page.

Solution

Upgrade to version 1.0.2 or higher.

See Also

http://.mozilla.org

Plugin Details

Severity: Medium

ID: 801335

File Name: 801335.prm

Family: Web Clients

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Reference Information

CVE: CVE-2005-0401, CVE-2005-4809, CVE-2005-0402

BID: 12672, 12798, 12884, 12885