Mandriva Linux Security Advisory : firefox (MDVSA-2009:134)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Security vulnerabilities have been discovered and corrected in Mozilla
Firefox 3.x :

CVE-2009-1392: Firefox browser engine crashes CVE-2009-1832: Firefox
double frame construction flaw CVE-2009-1833: Firefox JavaScript
engine crashes CVE-2009-1834: Firefox URL spoofing with invalid
unicode characters CVE-2009-1835: Firefox Arbitrary domain cookie
access by local file: resources CVE-2009-1836: Firefox SSL tampering
via non-200 responses to proxy CONNECT requests CVE-2009-1837: Firefox
Race condition while accessing the private data of a NPObject JS
wrapper class object CVE-2009-1838: Firefox arbitrary code execution
flaw CVE-2009-1839: Firefox information disclosure flaw CVE-2009-1840:
Firefox XUL scripts skip some security checks CVE-2009-1841: Firefox
JavaScript arbitrary code execution CVE-2009-2043: firefox - remote
TinyMCE denial of service CVE-2009-2044: firefox - remote GIF denial
of service CVE-2009-2061: firefox - man-in-the-middle exploit
CVE-2009-2065: firefox - man-in-the-middle exploit

This update provides the latest Mozilla Firefox 3.x to correct these

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

See also :

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now