Mandriva Linux Security Advisory : firefox (MDVSA-2011:041)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox
before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12,
allows remote attackers to hijack the authentication of arbitrary
users for requests that were initiated by a plugin and received a 307
redirect to a page on a different website. (CVE-2011-0059)

Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird
before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers
to execute arbitrary code or cause a denial of service (application
crash) via a crafted JPEG image. (CVE-2011-0061)

The nsIScriptableUnescapeHTML.parseFragment method in the
ParanoidFragmentSink protection mechanism in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and
SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome
document, which makes it easier for remote attackers to execute
arbitrary JavaScript with chrome privileges via a javascript: URI in
input to an extension, as demonstrated by a javascript:alert sequence
in (1) the HREF attribute of an A element or (2) the ACTION attribute
of a FORM element. (CVE-2010-1585)

Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before
3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote
attackers to execute arbitrary code or cause a denial of service
(memory corruption) via a long string that triggers construction of a
long text run. (CVE-2011-0058)

Use-after-free vulnerability in the Web Workers implementation in
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey
before 2.0.12, allows remote attackers to execute arbitrary code via
vectors related to a JavaScript Worker and garbage collection.
(CVE-2011-0057)

Buffer overflow in the JavaScript engine in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might
allow remote attackers to execute arbitrary code via vectors involving
exception timing and a large number of string values, aka an atom map
issue. (CVE-2011-0056)

Buffer overflow in the JavaScript engine in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might
allow remote attackers to execute arbitrary code via vectors involving
non-local JavaScript variables, aka an upvarMap issue. (CVE-2011-0054)

Use-after-free vulnerability in the JSON.stringify method in Mozilla
Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before
2.0.12, might allow remote attackers to execute arbitrary code via
unspecified vectors. (CVE-2011-0055)

Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey
before 2.0.12, does not properly handle certain recursive eval calls,
which makes it easier for remote attackers to force a user to respond
positively to a dialog question, as demonstrated by a question about
granting privileges. (CVE-2011-0051)

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow
remote attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors. (CVE-2011-0062)

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

See also :

http://www.nessus.org/u?2f087a83

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now