Mozilla Firefox Multiple Vulnerabilities

Last Update Date: 9 Apr 2015 Release Date: 8 Apr 2015 3600 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Browsers

TYPE: Browsers

Multiple vulnerabilities were identified in Mozilla Firefox, which could be exploited by a remote user to obtain potentially sensitive information on the target system, and bypass certificate verification.

  1. A remote user can create specially crafted HTML that, when loaded by the target user, will invoke 'Reader mode' and bypass security restrictions to access potentially sensitive information from privileged URLs.
  2. A remote user with the ability to conduct a man-in-the-middle attack can trigger a flaw in the Firefox HTTP Alternative Services implementation by specifying an Alt-Svc header to bypass SSL certificate verification and impersonate the target site.

 

Impact

  • Security Restriction Bypass
  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • Versions prior to 37.0.1

 

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (37.0.1).

Vulnerability Identifier

Source

Related Link

Share with

Previous

Network Time Protocol daemon (ntpd) Multiple Vulnerabilities

8 Apr 2015 3725 Views

Next

Apple Products Multiple Vulnerabilities

9 Apr 2015 3841 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY