Fedora 9 : devhelp-0.19.1-3.fc9 / epiphany-2.22.2-3.fc9 / epiphany-extensions-2.22.1-3.fc9 / etc (2008-6518)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing one or more security updates.

Description :

Updated firefox packages that fix several security issues are now
available for Fedora 9. An integer overflow flaw was found in the way
Firefox displayed certain web content. A malicious website could cause
Firefox to crash, or execute arbitrary code with the permissions of
the user running Firefox. (CVE-2008-2785) A flaw was found in the way
Firefox handled certain command line URLs. If another application
passed Firefox a malformed URL, it could result in Firefox executing
local malicious content with chrome privileges. (CVE-2008-2933)
Updated packages update Mozilla Firefox to upstream version 3.0.1 to
address these flaws: http://www.mozilla.org/security/known-
vulnerabilities/firefox30.html#firefox3.0.1 This update also contains
devhelp, epiphany, epiphany-extensions, and yelp packages rebuilt
against new Firefox / Gecko libraries.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.mozilla.org/security/known-
https://bugzilla.redhat.com/show_bug.cgi?id=452204
https://bugzilla.redhat.com/show_bug.cgi?id=454697
http://www.nessus.org/u?d274af40
http://www.nessus.org/u?eeedb76f
http://www.nessus.org/u?2c69f870
http://www.nessus.org/u?8a7c4350
http://www.nessus.org/u?adf48c9d
http://www.nessus.org/u?41c6c0c6

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Fedora Local Security Checks

Nessus Plugin ID: 33542 (fedora_2008-6518.nasl)

Bugtraq ID: 29802
30242

CVE ID: CVE-2008-2785
CVE-2008-2933

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now