Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Mozilla Firefox < 44.0.2 Security Bypass Vulnerability

Medium

Synopsis

The remote host contains a web browser that is affected by a security bypass vulnerability.

Description

The version of Firefox installed is prior to 44.0.2 and is affected by a security bypass vulnerability due to improper restriction of interaction between service workers and plugins. An unauthenticated, remote attacker can exploit this using a crafted web site that triggers spoofed responses to requests that use NPAPI to bypass the same-origin policy. (CVE-2016-1949)

Solution

Upgrade to Firefox 44.0.2 or later.