Test ID:	1.3.6.1.4.1.25623.1.2.1.2012.73
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2012-73) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: SPDY information disclosure Security researchers Thai Duong and Juliano Rizzo reported that SPDY's request header compression leads to information leakage, which can allow the extraction of private data such as session cookies, even over an encrypted SSL connection. Affected Software/OS: Firefox version(s) below 15. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4930 http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/ http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312 http://www.ekoparty.org/2012/thai-duong.php http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091 http://www.theregister.co.uk/2012/09/14/crime_tls_attack/ https://bugzilla.redhat.com/show_bug.cgi?id=857737 https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls SuSE Security Announcement: SUSE-SU-2012:1351 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.