| Description: | Description:
The remote host is missing an update to firefox
announced via advisory FEDORA-2005-246.
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
A buffer overflow bug was found in the way Firefox processes GIF images.
It is possible for an attacker to create a specially crafted GIF image,
which when viewed by a victim will execute arbitrary code as the victim.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-0399 to this issue.
A bug was found in the way Firefox processes XUL content. If a malicious
web page can trick a user into dragging an object, it is possible to
load malicious XUL content. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2005-0401 to this issue.
A bug was found in the way Firefox bookmarks content to the sidebar. If
a user can be tricked into bookmarking a malicious web page into the
sidebar panel, that page could execute arbitrary programs. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0402 to this issue.
Users of Firefox are advised to upgrade to this updated package which
contains Firefox version 1.0.2 and is not vulnerable to these issues.
Additionally, there was a bug found in the way Firefox rendered some
fonts, notably the Tahoma font while italicized. This issue has been
filed as Bug 150041 (bugzilla.redhat.com). This updated package
contains a fix for this issue.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
This update can also be installed with the Update Agent
you can
launch the Update Agent with the 'up2date' command.
Solution: Apply the appropriate updates.
http://www.fedoranews.org/blog/index.php?p=516
Risk factor : High
CVSS Score:
5.1
|
