Fedora 9 : Miro-2.0.3-2.fc9 / blam-1.8.5-7.fc9.1 / chmsee-1.0.1-10.fc9 / devhelp-0.19.1-10.fc9 / etc (2009-3099)

high Nessus Plugin ID 36041
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Fedora host is missing one or more security updates.

Description

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?7f9c1612

http://www.nessus.org/u?b542ad2d

http://www.nessus.org/u?a5d22176

http://www.nessus.org/u?5c93b433

http://www.nessus.org/u?57053757

http://www.nessus.org/u?39789ca2

http://www.nessus.org/u?f9ba7b21

http://www.nessus.org/u?8a1e24b7

http://www.nessus.org/u?415d08fa

http://www.nessus.org/u?e324b372

http://www.nessus.org/u?72b77952

http://www.nessus.org/u?fb476644

http://www.nessus.org/u?66395d66

http://www.nessus.org/u?508e9e80

http://www.nessus.org/u?8f9e5fdc

http://www.nessus.org/u?283c9638

http://www.nessus.org/u?4bb2129f

http://www.nessus.org/u?ed31a681

http://www.nessus.org/u?17849551

http://www.nessus.org/u?92499e26

http://www.nessus.org/u?7631ea4b

http://www.nessus.org/u?da6c76e7

http://www.nessus.org/u?bfd1e5e2

http://www.nessus.org/u?38790867

http://www.nessus.org/u?5f303152

http://www.nessus.org/u?dc18ed11

http://www.nessus.org/u?155eaa70

http://www.nessus.org/u?bd569e79

http://www.nessus.org/u?d1092d36

http://www.nessus.org/u?81530d6f

http://www.nessus.org/u?985bca7d

http://www.nessus.org/u?88ae8ebb

http://www.nessus.org/u?8a88b845

http://www.nessus.org/u?485482d3

http://www.nessus.org/u?f9d3c0ab

http://www.nessus.org/u?d01ed437

Plugin Details

Severity: High

ID: 36041

File Name: fedora_2009-3099.nasl

Version: 1.21

Type: local

Agent: unix

Published: 3/30/2009

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:Miro, p-cpe:/a:fedoraproject:fedora:blam, p-cpe:/a:fedoraproject:fedora:chmsee, p-cpe:/a:fedoraproject:fedora:devhelp, p-cpe:/a:fedoraproject:fedora:epiphany, p-cpe:/a:fedoraproject:fedora:epiphany-extensions, p-cpe:/a:fedoraproject:fedora:firefox, p-cpe:/a:fedoraproject:fedora:galeon, p-cpe:/a:fedoraproject:fedora:gnome-python2-extras, p-cpe:/a:fedoraproject:fedora:gnome-web-photo, p-cpe:/a:fedoraproject:fedora:google-gadgets, p-cpe:/a:fedoraproject:fedora:gtkmozembedmm, p-cpe:/a:fedoraproject:fedora:kazehakase, p-cpe:/a:fedoraproject:fedora:mozvoikko, p-cpe:/a:fedoraproject:fedora:mugshot, p-cpe:/a:fedoraproject:fedora:totem, p-cpe:/a:fedoraproject:fedora:xulrunner, p-cpe:/a:fedoraproject:fedora:yelp, cpe:/o:fedoraproject:fedora:9

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/28/2009

Reference Information

CVE: CVE-2009-1044, CVE-2009-1169

BID: 34181, 34235

FEDORA: 2009-3099

CWE: 399