Tenable2652.PRMMozilla Firefox < 1.0.1 Multiple Vulnerabilities
The remote host is using Firefox. The remote version of this software contains the following security flaws:
- There is a flaw in the way that the browser handle scripting within ‘tabbed’ cross-domains. An attacker exploiting this flaw would need to be able to coerce a user into clicking on a malicious URL which would then open a separate ‘TAB’ within the browser. The attacker could then retrieve data relevant to other tabbed connections or execute code locally.
2)There is a flaw in the default about: config script that would allow an attacker to modify configuration data. In order to execute such an attack, the attacker would need to be able to entice the user into visiting or clicking on a malicious URL. A successful attacker would be able to modify the local configuration file, resulting in enhanced access rights or other potential exploits.
Binary data 2652.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0597
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0599
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0718
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0722
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0757
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0758
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0759
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0760
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0762
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0763
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0764
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0230
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0231
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0232
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0255
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0399
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0401
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0402
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0527
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0578
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0584
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0585
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0587
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0588
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0589
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0590
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0591
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0592
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0593
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1153
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1154
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1155
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1156
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1157
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1159
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1160
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1476
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1477
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2701
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2702
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2703
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2704
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2705
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2706
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2707
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4809
www.mozilla.org/security/announce/2005/mfsa2005-30.html
www.mozilla.org/security/announce/2005/mfsa2005-31.html
www.mozilla.org/security/announce/2005/mfsa2005-32.html