This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated firefox packages that fix several security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having critical security impact by the
Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser.
content. A web page containing such malicious content could cause
Firefox to crash or, potentially, execute arbitrary code as the user
running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)
Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)
Several flaws were found in the way malformed web content was
displayed. A web page containing specially crafted content could
potentially trick a Firefox user into surrendering sensitive
Two local file disclosure flaws were found in Firefox. A web page
containing malicious content could cause Firefox to reveal the
contents of a local file to a remote attacker. (CVE-2008-2805,
A flaw was found in the way a malformed .properties file was processed
by Firefox. A malicious extension could read uninitialized memory,
possibly leaking sensitive data to the extension. (CVE-2008-2807)
A flaw was found in the way Firefox escaped a listing of local file
names. If a user could be tricked into listing a local directory
with the permissions of the user running Firefox. (CVE-2008-2808)
A flaw was found in the way Firefox displayed information about
self-signed certificates. It was possible for a self-signed
certificate to contain multiple alternate name entries, which were not
all displayed to the user, allowing them to mistakenly extend trust to
an unknown site. (CVE-2008-2809)
All Mozilla Firefox users should upgrade to these updated packages,
which contain backported patches that correct these issues.
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true