Detections
Analytics

MiracleLinux 3 : firefox-3.6.23-2.0.1.AXS3, xulrunner-1.9.2.23-1.0.1.AXS3 (AXSA:2011-322:07)

high Nessus Plugin ID 284258

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-322:07 advisory.

 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.
 Security issues fixed with this release:
 CVE-2011-2372 Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.
 CVE-2011-2995 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
 CVE-2011-2998 Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.
 CVE-2011-2999 Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle 'location' as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.
 CVE-2011-3000 Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected firefox and / or xulrunner packages.

See Also

https://tsn.miraclelinux.com/en/node/2034

Plugin Details

Severity: High

ID: 284258

File Name: miracle_linux_AXSA-2011-322.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-2998

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2011-2995

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:firefox, cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:xulrunner

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 10/14/2011

Vulnerability Publication Date: 9/27/2011

Reference Information

CVE: CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000