The remote Scientific Linux host is missing one or more security
Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511,
Several flaws were found in the way malformed content was processed. A
website containing specially crafted content could potentially trick a
Firefox user into surrendering sensitive information. (CVE-2008-5506,
A flaw was found in the way Firefox stored attributes in XML User
Interface Language (XUL) elements. A website could use this flaw to
track users across browser sessions, even if users did not allow the
site to store cookies in the victim's browser. (CVE-2008-5505)
A flaw was found in the way malformed URLs were processed by Firefox.
This flaw could prevent various URL sanitization mechanisms from
properly parsing a malicious URL. (CVE-2008-5508)
A flaw was found in Firefox's CSS parser. A malicious web page could
inject NULL characters into a CSS input string, possibly bypassing an
application's script sanitization routines. (CVE-2008-5510)
For technical details regarding these flaws, please see the Mozilla
security advisories for Firefox 3.0.5. You can find a link to the
Mozilla advisories in the References section.
Note: after the errata packages are installed, Firefox must be
restarted for the update to take effect.
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0