Fedora 10 : Miro-2.0.3-2.fc10 / blam-1.8.5-8.fc10 / devhelp-0.22-6.fc10 / epiphany-2.24.3-4.fc10 / etc (2009-3100)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing one or more security updates.

Description :

A memory corruption flaw was discovered in the way Firefox handles XML
files containing an XSLT transform. A remote attacker could use this
flaw to crash Firefox or, potentially, execute arbitrary code as the
user running Firefox. (CVE-2009-1169) A flaw was discovered in the way
Firefox handles certain XUL garbage collection events. A remote
attacker could use this flaw to crash Firefox or, potentially, execute
arbitrary code as the user running Firefox. (CVE-2009-1044)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?6e27367e
http://www.nessus.org/u?3c2e4e00
http://www.nessus.org/u?ead787e6
http://www.nessus.org/u?82fb14d4
http://www.nessus.org/u?c0a8ab71
http://www.nessus.org/u?b8b93ce0
http://www.nessus.org/u?527bdd4d
http://www.nessus.org/u?317c4055
http://www.nessus.org/u?39045ac3
http://www.nessus.org/u?042bfeb9
http://www.nessus.org/u?1b6b5508
http://www.nessus.org/u?ac5c0a7c
http://www.nessus.org/u?5be312ab
http://www.nessus.org/u?c03fa684
http://www.nessus.org/u?49be5a5b
http://www.nessus.org/u?d73b1b01
http://www.nessus.org/u?ef8d768d
http://www.nessus.org/u?388377f6
http://www.nessus.org/u?288b32e8

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 37824 (fedora_2009-3100.nasl)

Bugtraq ID: 34181
34235

CVE ID: CVE-2009-1044
CVE-2009-1169

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now