Test ID:	1.3.6.1.4.1.25623.1.2.1.2014.10
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2014-10) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: Firefox default start page UI content invocable by script Yazan Tommalieh discovered a flaw that once users have viewed the default Firefox start page (about:home), subsequent pages they navigate to in that same tab could use script to activate the buttons that were on the about:home page. Most of these simply open Firefox dialogs such as Settings or History, which might alarm users. In some cases a malicious page could trigger session restore and cause data loss if the current tabs are replaced by a previously stored set. Affected Software/OS: Firefox version(s) below 27. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1489 BugTraq ID: 65329 http://www.securityfocus.com/bid/65329 https://security.gentoo.org/glsa/201504-01 http://osvdb.org/102874 http://www.securitytracker.com/id/1029717 http://secunia.com/advisories/56888 SuSE Security Announcement: SUSE-SU-2014:0248 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html SuSE Security Announcement: openSUSE-SU-2014:0212 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://www.ubuntu.com/usn/USN-2102-1 http://www.ubuntu.com/usn/USN-2102-2 XForce ISS Database: firefox-cve20141489-sec-bypass(90888) https://exchange.xforce.ibmcloud.com/vulnerabilities/90888
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.