Fedora 9 : Miro-2.0.3-2.fc9 / blam-1.8.5-7.fc9.1 / chmsee-1.0.1-10.fc9 / devhelp-0.19.1-10.fc9 / etc (2009-3099)

high Nessus Plugin ID 36041

Synopsis

The remote Fedora host is missing one or more security updates.

Description

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?155eaa70

http://www.nessus.org/u?17849551

http://www.nessus.org/u?283c9638

http://www.nessus.org/u?38790867

http://www.nessus.org/u?39789ca2

http://www.nessus.org/u?415d08fa

http://www.nessus.org/u?485482d3

http://www.nessus.org/u?4bb2129f

http://www.nessus.org/u?508e9e80

http://www.nessus.org/u?57053757

http://www.nessus.org/u?5c93b433

http://www.nessus.org/u?5f303152

http://www.nessus.org/u?66395d66

http://www.nessus.org/u?72b77952

http://www.nessus.org/u?7631ea4b

http://www.nessus.org/u?7f9c1612

http://www.nessus.org/u?81530d6f

http://www.nessus.org/u?88ae8ebb

http://www.nessus.org/u?8a1e24b7

http://www.nessus.org/u?8a88b845

http://www.nessus.org/u?8f9e5fdc

http://www.nessus.org/u?92499e26

http://www.nessus.org/u?985bca7d

http://www.nessus.org/u?a5d22176

http://www.nessus.org/u?b542ad2d

http://www.nessus.org/u?bd569e79

http://www.nessus.org/u?bfd1e5e2

http://www.nessus.org/u?d01ed437

http://www.nessus.org/u?d1092d36

http://www.nessus.org/u?da6c76e7

http://www.nessus.org/u?dc18ed11

http://www.nessus.org/u?e324b372

http://www.nessus.org/u?ed31a681

http://www.nessus.org/u?f9ba7b21

http://www.nessus.org/u?f9d3c0ab

http://www.nessus.org/u?fb476644

Plugin Details

Severity: High

ID: 36041

File Name: fedora_2009-3099.nasl

Version: 1.21

Type: Local

Agent: unix

Published: 3/30/2009

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:totem, p-cpe:/a:fedoraproject:fedora:epiphany-extensions, p-cpe:/a:fedoraproject:fedora:blam, p-cpe:/a:fedoraproject:fedora:chmsee, p-cpe:/a:fedoraproject:fedora:yelp, p-cpe:/a:fedoraproject:fedora:miro, p-cpe:/a:fedoraproject:fedora:xulrunner, p-cpe:/a:fedoraproject:fedora:devhelp, p-cpe:/a:fedoraproject:fedora:gtkmozembedmm, p-cpe:/a:fedoraproject:fedora:galeon, p-cpe:/a:fedoraproject:fedora:mugshot, p-cpe:/a:fedoraproject:fedora:gnome-python2-extras, p-cpe:/a:fedoraproject:fedora:epiphany, p-cpe:/a:fedoraproject:fedora:google-gadgets, cpe:/o:fedoraproject:fedora:9, p-cpe:/a:fedoraproject:fedora:kazehakase, p-cpe:/a:fedoraproject:fedora:gnome-web-photo, p-cpe:/a:fedoraproject:fedora:mozvoikko, p-cpe:/a:fedoraproject:fedora:firefox

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/28/2009

Reference Information

CVE: CVE-2009-1044, CVE-2009-1169

BID: 34181, 34235

CWE: 399

FEDORA: 2009-3099