Detections
Analytics
Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150113)
high Nessus Plugin ID 80545
Language:
Synopsis
The remote Scientific Linux host is missing one or more security updates.Description
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-8634, CVE-2014-8639, CVE-2014-8641)It was found that the Beacon interface implementation in Firefox did not follow the Cross-Origin Resource Sharing (CORS) specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (XSRF) attack. (CVE-2014-8638)
This update also fixes the following bug :
- The default dictionary for Firefox's spell checker is now correctly set to the system's locale language.
After installing the update, Firefox must be restarted for the changes to take effect.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 80545
File Name: sl_20150113_firefox_on_SL5_x.nasl
Version: 1.8
Type: local
Agent: unix
Published: 1/15/2015
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:fermilab:scientific_linux:firefox, p-cpe:/a:fermilab:scientific_linux:firefox-debuginfo, p-cpe:/a:fermilab:scientific_linux:xulrunner, p-cpe:/a:fermilab:scientific_linux:xulrunner-debuginfo, p-cpe:/a:fermilab:scientific_linux:xulrunner-devel, x-cpe:/o:fermilab:scientific_linux
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list
Patch Publication Date: 1/13/2015
Vulnerability Publication Date: 1/14/2015
Reference Information
CVE: CVE-2014-8634, CVE-2014-8638, CVE-2014-8639, CVE-2014-8641