Fedora 9 : Miro-1.2.4-3.fc9 / blam-1.8.5-2.fc9 / cairo-dock-1.6.2.3-1.fc9.1 / chmsee-1.0.1-5.fc9 / etc (2008-8425)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing one or more security updates.

Description :

Mozilla Firefox is an open source Web browser. Several flaws were
found in the processing of malformed web content. A web page
containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,
CVE-2008-4063, CVE-2008-4064) Several flaws were found in the way
malformed web content was displayed. A web page containing specially
crafted content could potentially trick a Firefox user into
surrendering sensitive information. (CVE-2008-4067, CVE-2008-4068) A
flaw was found in the way Firefox handles mouse click events. A web
page containing specially crafted JavaScript code could move the
content window while a mouse-button was pressed, causing any item
under the pointer to be dragged. This could, potentially, cause the
user to perform an unsafe drag-and-drop action. (CVE-2008-3837) A flaw
was found in Firefox that caused certain characters to be stripped
from JavaScript code. This flaw could allow malicious JavaScript to
bypass or evade script filters. (CVE-2008-4065) For technical details
regarding these flaws, please see the Mozilla security advisories for
Firefox 3.0.2.[1] All Firefox users should upgrade to these updated
packages, which contain patches that correct these issues. [1]
http://www.mozilla.org/security/known-
vulnerabilities/firefox30.html#firefox3.0.2

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.mozilla.org/security/known-
https://bugzilla.redhat.com/show_bug.cgi?id=449279
http://www.nessus.org/u?e49007fa
http://www.nessus.org/u?0b8f062c
http://www.nessus.org/u?868e3751
http://www.nessus.org/u?7cbb557a
http://www.nessus.org/u?7a97020a
http://www.nessus.org/u?9e9ad788
http://www.nessus.org/u?39f412e5
http://www.nessus.org/u?381c8f3b
http://www.nessus.org/u?807ed49c
http://www.nessus.org/u?f02b8822
http://www.nessus.org/u?95a3925b
http://www.nessus.org/u?859df869
http://www.nessus.org/u?3c562682
http://www.nessus.org/u?27efaa31
http://www.nessus.org/u?2297c7ec
http://www.nessus.org/u?5e12c3c6
http://www.nessus.org/u?17e217fa
http://www.nessus.org/u?70f80df7
http://www.nessus.org/u?9aadc226
http://www.nessus.org/u?cb101b51
http://www.nessus.org/u?3a936866

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Fedora Local Security Checks

Nessus Plugin ID: 34308 (fedora_2008-8425.nasl)

Bugtraq ID:

CVE ID: CVE-2008-3837
CVE-2008-4058
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now