RHEL 4 : firefox (RHSA-2005:176)
High Nessus Plugin ID 17252
SynopsisThe remote Red Hat host is missing a security update.
DescriptionUpdated firefox packages that fix various bugs are now available.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser.
A bug was found in the Firefox string handling functions. If a malicious website is able to exhaust a system's memory, it becomes possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0255 to this issue.
A bug was found in the way Firefox handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CVE-2004-1156)
A bug was found in the way Firefox allows plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. (CVE-2005-0232 and CVE-2005-0527).
A flaw was found in the way Firefox displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CVE-2005-0233)
A bug was found in the way Firefox handles plug-in temporary files. A malicious local user could create a symlink to a victims directory, causing it to be deleted when the victim exits Firefox.
A bug has been found in one of Firefox's UTF-8 converters. It may be possible for an attacker to supply a specially crafted UTF-8 string to the buggy converter, leading to arbitrary code execution.
A bug was found in the way Firefox displays the HTTP authentication prompt. When a user is prompted for authentication, the dialog window is displayed over the active tab, regardless of the tab that caused the pop-up to appear and could trick a user into entering their username and password for a trusted site. (CVE-2005-0584)
A bug was found in the way Firefox displays the save file dialog. It is possible for a malicious webserver to spoof the Content-Disposition header, tricking the user into thinking they are downloading a different filetype. (CVE-2005-0586)
A bug was found in the way Firefox handles users 'down-arrow' through auto completed choices. When an autocomplete choice is selected, the information is copied into the input control, possibly allowing a malicious website to steal information by tricking a user into arrowing through autocompletion choices. (CVE-2005-0589)
Several bugs were found in the way Firefox displays the secure site icon. It is possible that a malicious website could display the secure site icon along with incorrect certificate information.
A bug was found in the way Firefox displays the download dialog window. A malicious site can obfuscate the content displayed in the source field, tricking a user into thinking they are downloading content from a trusted source. (CVE-2005-0585)
A bug was found in the way Firefox handles xsl:include and xsl:import directives. It is possible for a malicious website to import XSLT stylesheets from a domain behind a firewall, leaking information to an attacker. (CVE-2005-0588)
A bug was found in the way Firefox displays the installation confirmation dialog. An attacker could add a long user:pass before the true hostname, tricking a user into thinking they were installing content from a trusted source. (CVE-2005-0590)
A bug was found in the way Firefox displays download and security dialogs. An attacker could cover up part of a dialog window tricking the user into clicking 'Allow' or 'Open', which could potentially lead to arbitrary code execution. (CVE-2005-0591)
Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.1 and is not vulnerable to these issues.
SolutionUpdate the affected firefox package.