Mandriva Linux Security Advisory : firefox (MDVSA-2010:210)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Security issues were identified and fixed in firefox :

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
recognize a wildcard IP address in the subject's Common Name field of
an X.509 certificate, which might allow man-in-the-middle attackers to
spoof arbitrary SSL servers via a crafted certificate issued by a
legitimate Certification Authority (CVE-2010-3170).

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x
before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and
SeaMonkey before 2.0.9 does not properly set the minimum key length
for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for
remote attackers to defeat cryptographic protection mechanisms via a
brute-force attack (CVE-2010-3173).

Unspecified vulnerability in the browser engine in Mozilla Firefox
3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before
2.0.9 allows remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors (CVE-2010-3174, CVE-2010-3175, CVE-2010-3176).

Multiple cross-site scripting (XSS) vulnerabilities in the Gopher
parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and
SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web
script or HTML via a crafted name of a (1) file or (2) directory on a
Gopher server (CVE-2010-3177).

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not
properly handle certain modal calls made by javascript: URLs in
circumstances related to opening a new window and performing
cross-domain navigation, which allows remote attackers to bypass the
Same Origin Policy via a crafted HTML document (CVE-2010-3178).

Stack-based buffer overflow in the text-rendering functionality in
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird
before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows
remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a long argument
to the document.write method (CVE-2010-3179).

Use-after-free vulnerability in the nsBarProp function in Mozilla
Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before
3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote
attackers to execute arbitrary code by accessing the locationbar
property of a closed window (CVE-2010-3180).

A certain application-launch script in Mozilla Firefox before 3.5.14
and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before
3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length
directory name in the LD_LIBRARY_PATH, which allows local users to
gain privileges via a Trojan horse shared library in the current
working directory (CVE-2010-3182).

The LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and
3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5,
and SeaMonkey before 2.0.9 does not properly support
window.__lookupGetter__ function calls that lack arguments, which
allows remote attackers to execute arbitrary code or cause a denial of
service (incorrect pointer dereference and application crash) via a
crafted HTML document (CVE-2010-3183).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4
90

Additionally, some packages which require so, have been rebuilt and
are being provided as updates. The NSS and SQLite3 packages has been
upgraded to the latest versions.

See also :

http://www.nessus.org/u?ebdf7518

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now