RHEL 5 / 6 : firefox (RHSA-2012:1088)

medium Nessus Plugin ID 60008

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for firefox.

Description

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1088 advisory.

- Mozilla: Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) (MFSA 2012-42) (CVE-2012-1948)

- Mozilla: Incorrect URL displayed in addressbar through drag and drop (MFSA 2012-43) (CVE-2012-1950)

- Mozilla: Gecko memory corruption (MFSA 2012-44) (CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954)

- Mozilla: Spoofing issue with location (MFSA 2012-45) (CVE-2012-1955)

- Mozilla: Improper filtering of javascript in HTML feed-view (MFSA 2012-47) (CVE-2012-1957)

- Mozilla: use-after-free in nsGlobalWindow::PageHidden (MFSA 2012-48) (CVE-2012-1958)

- Mozilla: Same-compartment Security Wrappers can be bypassed (MFSA 2012-49) (CVE-2012-1959)

- Mozilla: X-Frame-Options header ignored when duplicated (MFSA 2012-51) (CVE-2012-1961)

- Mozilla: JSDependentString::undepend string conversion results in memory corruption (MFSA 2012-52) (CVE-2012-1962)

- Mozilla: Content Security Policy 1.0 implementation errors cause data leakage (MFSA 2012-53) (CVE-2012-1963)

- Mozilla: Clickjacking of certificate warning page (MFSA 2012-54) (CVE-2012-1964)

- Mozilla: feed: URLs with an innerURI inherit security context of page (MFSA 2012-55) (CVE-2012-1965)

- Mozilla: XSS and code execution through data: URLs (MFSA 2012-46) (CVE-2012-1966)

- Mozilla: Code execution through javascript: URLs (MFSA 2012-56) (CVE-2012-1967)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL firefox package based on the guidance in RHSA-2012:1088.

Plugin Details

Severity: Medium

ID: 60008

File Name: redhat-RHSA-2012-1088.nasl

Version: 1.26

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 7/18/2012

Updated: 4/27/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-1967

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2012-1966

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:firefox, p-cpe:/a:redhat:enterprise_linux:xulrunner, p-cpe:/a:redhat:enterprise_linux:xulrunner-devel, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 7/17/2012

Vulnerability Publication Date: 7/18/2012

Reference Information

CVE: CVE-2012-1948, CVE-2012-1950, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1955, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1964, CVE-2012-1965, CVE-2012-1966, CVE-2012-1967

CWE: 416, 79

RHSA: 2012:1088

Detections

Analytics