Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.880726
Category:CentOS Local Security Checks
Title:CentOS Update for firefox CESA-2009:1430 centos5 i386
Summary:The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'firefox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox. nspr provides the Netscape
Portable Runtime (NSPR).

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074,
CVE-2009-3075)

A use-after-free flaw was found in Firefox. An attacker could use this flaw
to crash Firefox or, potentially, execute arbitrary code with the
privileges of the user running Firefox. (CVE-2009-3077)

A flaw was found in the way Firefox handles malformed JavaScript. A website
with an object containing malicious JavaScript could execute that
JavaScript with the privileges of the user running Firefox. (CVE-2009-3079)

Descriptions in the dialogs when adding and removing PKCS #11 modules were
not informative. An attacker able to trick a user into installing a
malicious PKCS #11 module could use this flaw to install their own
Certificate Authority certificates on a user's machine, making it possible
to trick the user into believing they are viewing a trusted site or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2009-3076)

A flaw was found in the way Firefox displays the address bar when
window.open() is called in a certain way. An attacker could use this flaw
to conceal a malicious URL, possibly tricking a user into believing they
are viewing a trusted site. (CVE-2009-2654)

A flaw was found in the way Firefox displays certain Unicode characters. An
attacker could use this flaw to conceal a malicious URL, possibly tricking
a user into believing they are viewing a trusted site. (CVE-2009-3078)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.0.14. You can find a link to the Mozilla
advisories in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.0.14, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

Affected Software/OS:
firefox on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-2654
BugTraq ID: 35803
http://www.securityfocus.com/bid/35803
Bugtraq: 20090724 URL spoofing bug involving Firefox's error pages and document.write (Google Search)
http://www.securityfocus.com/archive/1/505242/30/0/threaded
Bugtraq: 20090727 Re: URL spoofing bug involving Firefox's error pages and document.write (Google Search)
http://www.securityfocus.com/archive/1/505265
Debian Security Information: DSA-1873 (Google Search)
http://www.debian.org/security/2009/dsa-1873
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html
http://es.geocities.com/jplopezy/firefoxspoofing.html
http://osvdb.org/56717
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9686
http://www.redhat.com/support/errata/RHSA-2009-1430.html
http://www.redhat.com/support/errata/RHSA-2009-1431.html
http://www.redhat.com/support/errata/RHSA-2009-1432.html
http://www.securitytracker.com/id?1022603
http://secunia.com/advisories/36001
http://secunia.com/advisories/36126
http://secunia.com/advisories/36141
http://secunia.com/advisories/36435
http://secunia.com/advisories/36669
http://secunia.com/advisories/36670
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1
https://usn.ubuntu.com/811-1/
http://www.vupen.com/english/advisories/2009/2006
http://www.vupen.com/english/advisories/2009/2142
Common Vulnerability Exposure (CVE) ID: CVE-2009-3070
BugTraq ID: 36343
http://www.securityfocus.com/bid/36343
Debian Security Information: DSA-1885 (Google Search)
http://www.debian.org/security/2009/dsa-1885
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11702
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6073
http://secunia.com/advisories/36671
http://secunia.com/advisories/36692
http://secunia.com/advisories/37098
SuSE Security Announcement: SUSE-SA:2009:048 (Google Search)
http://www.novell.com/linux/security/advisories/2009_48_firefox.html
Common Vulnerability Exposure (CVE) ID: CVE-2009-3071
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10698
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5905
Common Vulnerability Exposure (CVE) ID: CVE-2009-3072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10349
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6315
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://secunia.com/advisories/38977
http://secunia.com/advisories/39001
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2010/0648
http://www.vupen.com/english/advisories/2010/0650
Common Vulnerability Exposure (CVE) ID: CVE-2009-3074
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6053
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9444
XForce ISS Database: firefox-javascript-code-exec(53157)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53157
Common Vulnerability Exposure (CVE) ID: CVE-2009-3075
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11365
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5717
XForce ISS Database: mozilla-javascript-engine-code-exec(53158)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53158
Common Vulnerability Exposure (CVE) ID: CVE-2009-3076
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6140
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9306
http://www.securitytracker.com/id?1022877
Common Vulnerability Exposure (CVE) ID: CVE-2009-3077
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10730
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5606
Common Vulnerability Exposure (CVE) ID: CVE-2009-3078
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10871
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5418
http://www.securitytracker.com/id?1022875
Common Vulnerability Exposure (CVE) ID: CVE-2009-3079
Debian Security Information: DSA-1886 (Google Search)
http://www.debian.org/security/2009/dsa-1886
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10390
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6250
http://www.securitytracker.com/id?1022873
http://secunia.com/advisories/36757
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.