PT-2013-3358 · Mozilla · Firefox
Takeshi Terada
·
Publicado
2013-09-18
·
Atualizado
2013-10-03
·
CVE-2013-1727
CVSS v2.0
4.0
Média
| Vetor | AV:N/AC:H/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions prior to 24.0 on Android
Description
The issue allows attackers to bypass the Same Origin Policy, which can lead to cross-site scripting (XSS) attacks or the unauthorized obtaining of password or cookie information. This is achieved by using a symlink in conjunction with a file: URL for a local file.
Recommendations
For Mozilla Firefox versions prior to 24.0 on Android, update to version 24.0 or later to resolve the issue.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Firefox