Fedora 7 : Miro-1.0-2.fc7 / blam-1.8.3-10.fc7 / chmsee-1.0.0-1.27.fc7 / devhelp-0.13-12.fc7 / etc (2007-3952)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing one or more security updates.

Description :

Updated firefox packages that fix several security issues are now
available for Fedora 7.

This update has been rated as having critical security impact by the
Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage
this flaw and conduct a cross-site scripting attack against a user
running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain
malformed web content. A web page containing malicious content could
cause Firefox to crash, or potentially execute arbitrary code as the
user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the 'window.location'
property for a web page. This flaw could allow a web page to set an
arbitrary Referer header, which may lead to a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer
header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?0f4e38da
http://www.nessus.org/u?391a9f25
http://www.nessus.org/u?db401f4f
http://www.nessus.org/u?9f3f7b4d
http://www.nessus.org/u?2ffece71
http://www.nessus.org/u?12393ef3
http://www.nessus.org/u?0af9fb9c
http://www.nessus.org/u?c8360769
http://www.nessus.org/u?6b7e7175
http://www.nessus.org/u?aadc3c9e
http://www.nessus.org/u?28660866
http://www.nessus.org/u?237b9220
http://www.nessus.org/u?914cc116
http://www.nessus.org/u?f4ca37d7
http://www.nessus.org/u?766f2f9d

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 28345 (fedora_2007-3952.nasl)

Bugtraq ID: 26385
26589
26593

CVE ID: CVE-2007-5947
CVE-2007-5959
CVE-2007-5960

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now