Mandriva Linux Security Advisory : mozilla (MDVSA-2012:022-1)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Security issues were identified and fixed in mozilla firefox and
thunderbird :

An integer overflow in the libpng library can lead to a heap-buffer
overflow when decompressing certain PNG images. This leads to a crash,
which may be potentially exploitable (CVE-2011-3026).

The mozilla firefox and thunderbird packages has been upgraded to the
latest respective versions whish is not affecte dby this security
flaw.

Additionally the rootcerts packages (root CA cerificates bundle) has
been upgraded to the latest version as of 2012/02/18 and the NSS
library has been rebuilt accordingly to pickup the changes.

Update :

This is a symbolic advisory correction because there was a clash with
MDVSA-2012:022 that addressed libpng.

See also :

https://www.mozilla.org/security/announce/2012/mfsa2012-11.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 58082 ()

Bugtraq ID: 52049

CVE ID: CVE-2011-3026

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now