Mozilla Firefox < 1.0.2 Multiple Vulnerabilities

medium Log Correlation Engine Plugin ID 801335

Synopsis

The remote host is missing a critical security patch or upgrade.

Description

The remote host is using Firefox. The remote version of this software contains multiple security flaws that can be exploited by a malicious website. An attacker exploiting one of these flaws would need to be able to either convince a remote user to visit a malicious website or convince the remote user to open an HTML email and save an attachment.
In addition, this version is vulnerable to a remote flaw that could result in arbitrary code execution. Specifically, if a malicious web page is bookmarked as a sidebar panel, the malicious page may open and inject code into privileged pages. An attacker exploiting this flaw would need to be able to convince a user to both visit and bookmark their malicious web page.

Solution

Upgrade to version 1.0.2 or higher.

See Also

http://.mozilla.org

Plugin Details

Severity: Medium

ID: 801335

Family: Web Clients

Reference Information

CVE: CVE-2005-0401, CVE-2005-0402, CVE-2005-4809

BID: 12672, 12798, 12884, 12885