Cisco WebEx for Firefox RCE (cisco-sa-20170124-webex)
High Nessus Plugin ID 96907
SynopsisA browser extension installed on the remote host is affected by a remote code execution vulnerability.
DescriptionThe Cisco WebEx Extension for Firefox installed on the remote host is affected by a remote code execution vulnerability due to a crafted pattern that permits any URL utilizing it to automatically use native messaging to access sensitive functionality provided by the extension.
An unauthenticated, remote attacker can exploit this vulnerability to execute arbitrary code by convincing a user to visit a web page that contains this pattern and starting a WebEx session.
SolutionUpgrade ActiveTouch General Plugin Container to version 106, or else upgrade Cisco WebEx Extension to version 1.0.5 or later. However, if you are using both, then you will need to upgrade both.