Mandriva Linux Security Advisory : firefox (MDVSA-2011:068)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Several invalid HTTPS certificates were placed on the certificate
blacklist to prevent their misuse.

Users on a compromised network could be directed to sites using the
fraudulent certificates and mistake them for the legitimate sites.
This could deceive them into revealing personal information such as
usernames and passwords. It may also deceive users into downloading
malware if they believe it's coming from a trusted site.

The NSS and NSPR packages were updated to the latest versions as well
as the rootcerts packages providing the latest root CA certs from
mozilla as of 2011/03/23.

The firefox packages were updated to the latest 3.6.16 version which
is not vulnerable to this issue.

The mozilla thunderbird 3.1.9 packages were patched with the same fix
as of firefox as a precaution.

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149 products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

See also :

http://www.nessus.org/u?75bf880e
http://www.nessus.org/u?23caafda
http://www.nessus.org/u?b8fdcaa8

Solution :

Update the affected packages.

Risk factor :

High

Family: Mandriva Local Security Checks

Nessus Plugin ID: 53327 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now