Mandriva Linux Security Advisory : firefox (MDVSA-2010:125)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Security issues were identified and fixed in firefox :

An unspecified function in the JavaScript implementation in Mozilla
Firefox creates and exposes a temporary footprint when there is a
current login to a website, which makes it easier for remote attackers
to trick a user into acting upon a spoofed pop-up message, aka an
in-session phishing attack. (CVE-2008-5913).

The JavaScript implementation in Mozilla Firefox 3.x allows remote
attackers to send selected keystrokes to a form field in a hidden
frame, instead of the intended form field in a visible frame, via
certain calls to the focus method (CVE-2010-1125).

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function
in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,
Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote
attackers to execute arbitrary code via a DOM node with a long text
value that triggers a heap-based buffer overflow (CVE-2010-1196).

Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and
SeaMonkey before 2.0.5, does not properly handle situations in which
both Content-Disposition: attachment and Content-Type: multipart are
present in HTTP headers, which allows remote attackers to conduct
cross-site scripting (XSS) attacks via an uploaded HTML document
(CVE-2010-1197).

Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10
and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote
attackers to execute arbitrary code via vectors involving multiple
plugin instances (CVE-2010-1198).

Integer overflow in the XSLT node sorting implementation in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before
3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute
arbitrary code via a large text value for a node (CVE-2010-1199).

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before
3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors (CVE-2010-1200).

Multiple unspecified vulnerabilities in the JavaScript engine in
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4,
Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors (CVE-2010-1202).

Multiple unspecified vulnerabilities in the JavaScript engine in
Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors (CVE-2010-1203).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4
90

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

See also :

http://www.nessus.org/u?5d8d267f

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 47132 (mandriva_MDVSA-2010-125.nasl)

Bugtraq ID: 33276
40701
41082
41087
41090
41094
41099
41102
41103

CVE ID: CVE-2008-5913
CVE-2010-1125
CVE-2010-1196
CVE-2010-1197
CVE-2010-1198
CVE-2010-1199
CVE-2010-1200
CVE-2010-1202
CVE-2010-1203

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now