Fedora 8 : Miro-1.2.3-3.fc8 / blam-1.8.3-17.fc8 / cairo-dock-1.6.1.1-1.fc8.1 / chmsee-1.0.0-3.31.fc8 / etc (2008-6491)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing one or more security updates.

Description :

Updated firefox packages that fix several security issues are now
available for Fedora 8. An integer overflow flaw was found in the way
Firefox displayed certain web content. A malicious website could cause
Firefox to crash, or execute arbitrary code with the permissions of
the user running Firefox. (CVE-2008-2785) A flaw was found in the way
Firefox handled certain command line URLs. If another application
passed Firefox a malformed URL, it could result in Firefox executing
local malicious content with chrome privileges. (CVE-2008-2933)
Updated packages update Mozilla Firefox to upstream version 2.0.0.16
to address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox20.html#firefox2.0.0.16 This update also
contains blam, cairo-dock, chmsee, devhelp, epiphany,
epiphany-extensions, galeon, gnome- python2-extras, gnome-web-photo,
gtkmozembedmm, kazehakase, liferea, Miro, openvrml, ruby-gnome2 and
yelp packages rebuilt against new Firefox / Gecko libraries.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.mozilla.org/security/known-
https://bugzilla.redhat.com/show_bug.cgi?id=452204
https://bugzilla.redhat.com/show_bug.cgi?id=454697
http://www.nessus.org/u?1a3b6f8e
http://www.nessus.org/u?5ec9e6bb
http://www.nessus.org/u?e01f1cb6
http://www.nessus.org/u?4372fcdb
http://www.nessus.org/u?51d27fad
http://www.nessus.org/u?8a47ec31
http://www.nessus.org/u?dfe87787
http://www.nessus.org/u?d5fbfe29
http://www.nessus.org/u?48b791b9
http://www.nessus.org/u?c726b1d6
http://www.nessus.org/u?71ee7abc
http://www.nessus.org/u?476ec4c3
http://www.nessus.org/u?ca7535ac
http://www.nessus.org/u?7ef6b6b5
http://www.nessus.org/u?f0d929a1
http://www.nessus.org/u?6658669d
http://www.nessus.org/u?fc904475

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 33539 (fedora_2008-6491.nasl)

Bugtraq ID: 29802
30242

CVE ID: CVE-2008-2785
CVE-2008-2933

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now