Fedora 9 : Miro-1.2.7-2.fc9 / cairo-dock-1.6.3.1-1.fc9.1 / chmsee-1.0.1-6.fc9 / devhelp-0.19.1-6.fc9 / etc (2008-9669)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing one or more security updates.

Description :

Updated firefox and xulrunner packages that fix various security
issues are now available for Fedora Core 9. This update has been rated
as having critical security impact by the Fedora Security Response
Team. Mozilla Firefox is an open source Web browser. Several flaws
were found in the processing of malformed web content. A web page
containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017,
CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found
in the way malformed content was processed. A website containing
specially crafted content could potentially trick a Firefox user into
surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023,
CVE-2008-5024) A flaw was found in the way Firefox opened 'file:'
URIs. If a file: URI was loaded in the same tab as a chrome or
privileged 'about:' page, the file: URI could execute arbitrary code
with the permissions of the user running Firefox. (CVE-2008-5015) For
technical details regarding these flaws, please see the Mozilla
security advisories for Firefox 3.0.4[1]. All firefox users and users
of packages depending on xulrunner[2] should upgrade to these updated
packages, which contain patches that correct these issues. [1]
http://www.mozilla.org/security/known-
vulnerabilities/firefox30.html#firefox3.0.4 [2] cairo-dock chmsee
devhelp epiphany epiphany-extensions evolution-rss galeon
gnome-python2-extras gnome- web-photo google-gadgets gtkmozembedmm
kazehakase Miro mozvoikko mugshot ruby- gnome2 totem yelp Provides
Python bindings for libgdl on PPC64. This update fixes a build break.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.mozilla.org/security/known-
https://bugzilla.redhat.com/show_bug.cgi?id=470873
https://bugzilla.redhat.com/show_bug.cgi?id=470876
https://bugzilla.redhat.com/show_bug.cgi?id=470881
https://bugzilla.redhat.com/show_bug.cgi?id=470883
https://bugzilla.redhat.com/show_bug.cgi?id=470884
https://bugzilla.redhat.com/show_bug.cgi?id=470889
https://bugzilla.redhat.com/show_bug.cgi?id=470892
https://bugzilla.redhat.com/show_bug.cgi?id=470894
https://bugzilla.redhat.com/show_bug.cgi?id=470895
https://bugzilla.redhat.com/show_bug.cgi?id=470898
https://bugzilla.redhat.com/show_bug.cgi?id=470902
https://bugzilla.redhat.com/show_bug.cgi?id=470903
http://www.nessus.org/u?b8075280
http://www.nessus.org/u?5fa23fca
http://www.nessus.org/u?b128c08f
http://www.nessus.org/u?51682c95
http://www.nessus.org/u?d3cdac40
http://www.nessus.org/u?0d1e7150
http://www.nessus.org/u?5ac830d0
http://www.nessus.org/u?84a7006c
http://www.nessus.org/u?26d313e9
http://www.nessus.org/u?7310946f
http://www.nessus.org/u?e2a88a65
http://www.nessus.org/u?9d1573ff
http://www.nessus.org/u?63be9ff8
http://www.nessus.org/u?29e7e1a1
http://www.nessus.org/u?e2c2f70c
http://www.nessus.org/u?41430d17
http://www.nessus.org/u?63261f01
http://www.nessus.org/u?8a9a1067
http://www.nessus.org/u?f8bf60bf
http://www.nessus.org/u?9cb2f896
http://www.nessus.org/u?0d5534a2

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Fedora Local Security Checks

Nessus Plugin ID: 34778 (fedora_2008-9669.nasl)

Bugtraq ID:

CVE ID: CVE-2008-0017
CVE-2008-4582
CVE-2008-5014
CVE-2008-5015
CVE-2008-5016
CVE-2008-5017
CVE-2008-5018
CVE-2008-5019
CVE-2008-5021
CVE-2008-5022
CVE-2008-5023
CVE-2008-5024

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now