Mandriva Linux Security Advisory : firefox (MDVSA-2011:079)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Chris Evans of the Chrome Security Team reported that the XSLT
generate-id() function returned a string that revealed a specific
valid address of an object on the memory heap. It is possible that in
some cases this address would be valuable information that could be
used by an attacker while exploiting a different memory corruption
but, in order to make an exploit more reliable or work around
mitigation features in the browser or operating system

Security researcher Soroush Dalili reported that the resource:
protocol could be exploited to allow directory traversal on Windows
and the potential loading of resources from non-permitted locations.
The impact would depend on whether interesting files existed in
predictable locations in a useful format. For example, the existence
or non-existence of particular images might indicate whether certain
software was installed (CVE-2011-0071).

David Remahl of Apple Product Security reported that the Java
Embedding Plugin (JEP) shipped with the Mac OS X versions of Firefox
could be exploited to obtain elevated access to resources on a user's
system (CVE-2011-0076).

Security researcher Paul Stone reported that a Java applet could be
used to mimic interaction with form autocomplete controls and steal
entries from the form history (CVE-2011-0067).

Security researcher regenrecht reported several dangling pointer
vulnerabilities via TippingPoint's Zero Day Initiative (CVE-2011-0065,
CVE-2011-0066, CVE-2011-0073).

Mozilla developers identified and fixed several memory safety bugs in
the browser engine used in Firefox and other Mozilla-based products.
Some of these bugs showed evidence of memory corruption under certain
circumstances, and we presume that with enough effort at least some of
these could be exploited to run arbitrary code (CVE-2011-0081,
CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074,
CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072).

Additionally the sqlite3 packages were upgraded to the
version. A new package that provides /usr/bin/lemon was added. The
lemon software was previousely provided with sqlite3 and is used in
some cases when building php.

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more: products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

See also :

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now