Fedora 9 : Miro-1.2.4-3.fc9 / blam-1.8.5-2.fc9 / cairo-dock-1.6.2.3-1.fc9.1 / chmsee-1.0.1-5.fc9 / etc (2008-8425)

Critical Nessus Plugin ID 34308

Synopsis

The remote Fedora host is missing one or more security updates.

Description

Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064) Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-4067, CVE-2008-4068) A flaw was found in the way Firefox handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837) A flaw was found in Firefox that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.2.[1] All Firefox users should upgrade to these updated packages, which contain patches that correct these issues. [1] http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.2

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

https://www.mozilla.org/en-US/security/known-

https://bugzilla.redhat.com/show_bug.cgi?id=449279

http://www.nessus.org/u?e49007fa

http://www.nessus.org/u?0b8f062c

http://www.nessus.org/u?868e3751

http://www.nessus.org/u?7cbb557a

http://www.nessus.org/u?7a97020a

http://www.nessus.org/u?9e9ad788

http://www.nessus.org/u?39f412e5

http://www.nessus.org/u?381c8f3b

http://www.nessus.org/u?807ed49c

http://www.nessus.org/u?f02b8822

http://www.nessus.org/u?95a3925b

http://www.nessus.org/u?859df869

http://www.nessus.org/u?3c562682

http://www.nessus.org/u?27efaa31

http://www.nessus.org/u?2297c7ec

http://www.nessus.org/u?5e12c3c6

http://www.nessus.org/u?17e217fa

http://www.nessus.org/u?70f80df7

http://www.nessus.org/u?9aadc226

http://www.nessus.org/u?cb101b51

http://www.nessus.org/u?3a936866

Plugin Details

Severity: Critical

ID: 34308

File Name: fedora_2008-8425.nasl

Version: 1.16

Type: local

Agent: unix

Published: 2008/09/29

Updated: 2018/11/20

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:Miro, p-cpe:/a:fedoraproject:fedora:blam, p-cpe:/a:fedoraproject:fedora:cairo-dock, p-cpe:/a:fedoraproject:fedora:chmsee, p-cpe:/a:fedoraproject:fedora:devhelp, p-cpe:/a:fedoraproject:fedora:epiphany, p-cpe:/a:fedoraproject:fedora:epiphany-extensions, p-cpe:/a:fedoraproject:fedora:evolution-rss, p-cpe:/a:fedoraproject:fedora:firefox, p-cpe:/a:fedoraproject:fedora:galeon, p-cpe:/a:fedoraproject:fedora:gnome-python2-extras, p-cpe:/a:fedoraproject:fedora:gnome-web-photo, p-cpe:/a:fedoraproject:fedora:google-gadgets, p-cpe:/a:fedoraproject:fedora:gtkmozembedmm, p-cpe:/a:fedoraproject:fedora:kazehakase, p-cpe:/a:fedoraproject:fedora:mozvoikko, p-cpe:/a:fedoraproject:fedora:mugshot, p-cpe:/a:fedoraproject:fedora:ruby-gnome2, p-cpe:/a:fedoraproject:fedora:totem, p-cpe:/a:fedoraproject:fedora:xulrunner, p-cpe:/a:fedoraproject:fedora:yelp, cpe:/o:fedoraproject:fedora:9

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2008/09/27

Reference Information

CVE: CVE-2008-3837, CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068

FEDORA: 2008-8425

CWE: 22, 79, 189, 264, 399