Netscape/Mozilla Navigator Plugin Path Disclosure (deprecated)

Medium Nessus Network Monitor Plugin ID 1313

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is running a version of the Mozilla browser that is prone to a path-disclosure issue. Javascript may be used to communicate with the plugin. It is possible to access the filename of the plugin using JavaScript, and on some systems this also will expose the full path to the plugin. If the plugin is located in the home directory of the user, this also has the potential to disclose their username.

Solution

Upgrade to the latest version of Mozilla or Netscape

Plugin Details

Severity: Medium

ID: 1313

File Name: 1313.prm

Family: SMTP Clients

Published: 2004/08/20

Modified: 2016/02/05

Dependencies: 1330

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:U/RC:C

CVSSv3

Base Score: 3.6

Temporal Score: 3.3

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:U/RL:U/RC:C

Reference Information

BID: 5741