Mandriva Linux Security Advisory : firefox (MDVSA-2009:134)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Security vulnerabilities have been discovered and corrected in Mozilla
Firefox 3.x :

CVE-2009-1392: Firefox browser engine crashes CVE-2009-1832: Firefox
double frame construction flaw CVE-2009-1833: Firefox JavaScript
engine crashes CVE-2009-1834: Firefox URL spoofing with invalid
unicode characters CVE-2009-1835: Firefox Arbitrary domain cookie
access by local file: resources CVE-2009-1836: Firefox SSL tampering
via non-200 responses to proxy CONNECT requests CVE-2009-1837: Firefox
Race condition while accessing the private data of a NPObject JS
wrapper class object CVE-2009-1838: Firefox arbitrary code execution
flaw CVE-2009-1839: Firefox information disclosure flaw CVE-2009-1840:
Firefox XUL scripts skip some security checks CVE-2009-1841: Firefox
JavaScript arbitrary code execution CVE-2009-2043: firefox - remote
TinyMCE denial of service CVE-2009-2044: firefox - remote GIF denial
of service CVE-2009-2061: firefox - man-in-the-middle exploit
CVE-2009-2065: firefox - man-in-the-middle exploit

This update provides the latest Mozilla Firefox 3.x to correct these
issues.

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

See also :

http://www.nessus.org/u?54b67820

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now