GLSA-200503-10 : Mozilla Firefox: Various vulnerabilities
High Nessus Plugin ID 17276
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200503-10 (Mozilla Firefox: Various vulnerabilities)
The following vulnerabilities were found and fixed in Mozilla Firefox:
By setting up malicious websites and convincing users to follow untrusted links or obey very specific drag-and-drop or download instructions, attackers may leverage the various spoofing issues to fake other websites to get access to confidential information, push users to download malicious files or make them interact with their browser preferences.
The temporary directory issue allows local attackers to overwrite arbitrary files with the rights of another local user.
The overflow issues, while not thought to be exploitable, may allow a malicious downloaded page to execute arbitrary code with the rights of the user viewing the page.
There is no known workaround at this time.
SolutionAll Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-1.0.1' All Firefox binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-1.0.1'