GLSA-200604-12 : Mozilla Firefox: Multiple vulnerabilities

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200604-12
(Mozilla Firefox: Multiple vulnerabilities)

Several vulnerabilities were found in Mozilla Firefox. Versions
1.0.8 and 1.5.0.2 were released to fix them.

Impact :

A remote attacker could craft malicious web pages that would
leverage these issues to inject and execute arbitrary script code with
elevated privileges, steal local files, cookies or other information
from web pages, and spoof content. Some of these vulnerabilities might
even be exploited to execute arbitrary code with the rights of the
browser user.

Workaround :

There are no known workarounds for all the issues at this time.

See also :

http://www.nessus.org/u?9101c648
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml

Solution :

All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-1.0.8'
All Mozilla Firefox binary users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-1.0.8'

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)