RHEL 4 : firefox (RHSA-2005:176)

High Nessus Plugin ID 17252

Synopsis

The remote Red Hat host is missing a security update.

Description

Updated firefox packages that fix various bugs are now available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

A bug was found in the Firefox string handling functions. If a malicious website is able to exhaust a system's memory, it becomes possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0255 to this issue.

A bug was found in the way Firefox handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CVE-2004-1156)

A bug was found in the way Firefox allows plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. (CVE-2005-0232 and CVE-2005-0527).

A flaw was found in the way Firefox displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CVE-2005-0233)

A bug was found in the way Firefox handles plug-in temporary files. A malicious local user could create a symlink to a victims directory, causing it to be deleted when the victim exits Firefox.
(CVE-2005-0578)

A bug has been found in one of Firefox's UTF-8 converters. It may be possible for an attacker to supply a specially crafted UTF-8 string to the buggy converter, leading to arbitrary code execution.
(CVE-2005-0592)

A bug was found in the Firefox JavaScript security manager. If a user drags a malicious link to a tab, the JavaScript security manager is bypassed which could result in remote code execution or information disclosure. (CVE-2005-0231)

A bug was found in the way Firefox displays the HTTP authentication prompt. When a user is prompted for authentication, the dialog window is displayed over the active tab, regardless of the tab that caused the pop-up to appear and could trick a user into entering their username and password for a trusted site. (CVE-2005-0584)

A bug was found in the way Firefox displays the save file dialog. It is possible for a malicious webserver to spoof the Content-Disposition header, tricking the user into thinking they are downloading a different filetype. (CVE-2005-0586)

A bug was found in the way Firefox handles users 'down-arrow' through auto completed choices. When an autocomplete choice is selected, the information is copied into the input control, possibly allowing a malicious website to steal information by tricking a user into arrowing through autocompletion choices. (CVE-2005-0589)

Several bugs were found in the way Firefox displays the secure site icon. It is possible that a malicious website could display the secure site icon along with incorrect certificate information.
(CVE-2005-0593)

A bug was found in the way Firefox displays the download dialog window. A malicious site can obfuscate the content displayed in the source field, tricking a user into thinking they are downloading content from a trusted source. (CVE-2005-0585)

A bug was found in the way Firefox handles xsl:include and xsl:import directives. It is possible for a malicious website to import XSLT stylesheets from a domain behind a firewall, leaking information to an attacker. (CVE-2005-0588)

A bug was found in the way Firefox displays the installation confirmation dialog. An attacker could add a long user:pass before the true hostname, tricking a user into thinking they were installing content from a trusted source. (CVE-2005-0590)

A bug was found in the way Firefox displays download and security dialogs. An attacker could cover up part of a dialog window tricking the user into clicking 'Allow' or 'Open', which could potentially lead to arbitrary code execution. (CVE-2005-0591)

Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.1 and is not vulnerable to these issues.

Solution

Update the affected firefox package.

See Also

https://access.redhat.com/security/cve/cve-2004-1156

https://access.redhat.com/security/cve/cve-2005-0231

https://access.redhat.com/security/cve/cve-2005-0232

https://access.redhat.com/security/cve/cve-2005-0233

https://access.redhat.com/security/cve/cve-2005-0255

https://access.redhat.com/security/cve/cve-2005-0527

https://access.redhat.com/security/cve/cve-2005-0578

https://access.redhat.com/security/cve/cve-2005-0584

https://access.redhat.com/security/cve/cve-2005-0585

https://access.redhat.com/security/cve/cve-2005-0586

https://access.redhat.com/security/cve/cve-2005-0588

https://access.redhat.com/security/cve/cve-2005-0589

https://access.redhat.com/security/cve/cve-2005-0590

https://access.redhat.com/security/cve/cve-2005-0591

https://access.redhat.com/security/cve/cve-2005-0592

https://access.redhat.com/security/cve/cve-2005-0593

https://www.mozilla.org/en-US/security/known-vulnerabilities/

https://access.redhat.com/errata/RHSA-2005:176

Plugin Details

Severity: High

ID: 17252

File Name: redhat-RHSA-2005-176.nasl

Version: 1.24

Type: local

Agent: unix

Published: 2005/03/02

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:firefox, cpe:/o:redhat:enterprise_linux:4

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2005/03/01

Vulnerability Publication Date: 2004/12/31

Reference Information

CVE: CVE-2004-1156, CVE-2005-0231, CVE-2005-0232, CVE-2005-0233, CVE-2005-0255, CVE-2005-0527, CVE-2005-0578, CVE-2005-0584, CVE-2005-0585, CVE-2005-0586, CVE-2005-0588, CVE-2005-0589, CVE-2005-0590, CVE-2005-0591, CVE-2005-0592, CVE-2005-0593

RHSA: 2005:176