Fedora 8 : Miro-1.0-2.fc8 / blam-1.8.3-12.fc8 / chmsee-1.0.0-1.27.fc8 / devhelp-0.16.1-4.fc8 / etc (2007-3962)

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing one or more security updates.

Description :

Updated firefox packages that fix several security issues are now
available for Fedora 8.

This update has been rated as having critical security impact by the
Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage
this flaw and conduct a cross-site scripting attack against a user
running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain
malformed web content. A web page containing malicious content could
cause Firefox to crash, or potentially execute arbitrary code as the
user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the 'window.location'
property for a web page. This flaw could allow a web page to set an
arbitrary Referer header, which may lead to a Cross-site Request
Forgery (CSRF) attack against websites that rely only on the Referer
header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages,
which contain backported patches to resolve these issues.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?42165fcb
http://www.nessus.org/u?91c0d240
http://www.nessus.org/u?8a8fdc96
http://www.nessus.org/u?113cda54
http://www.nessus.org/u?08069940
http://www.nessus.org/u?b394e036
http://www.nessus.org/u?c6952d66
http://www.nessus.org/u?406afd4f
http://www.nessus.org/u?2f16147a
http://www.nessus.org/u?9287faff
http://www.nessus.org/u?8ffa26a8
http://www.nessus.org/u?353ee3a0
http://www.nessus.org/u?2d25070f
http://www.nessus.org/u?cb692f3d
http://www.nessus.org/u?4b2629cc
http://www.nessus.org/u?2a6a9c4c

Solution :

Update the affected packages.

Risk factor :

High

Family: Fedora Local Security Checks

Nessus Plugin ID: 28347 (fedora_2007-3962.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now