Fedora 15 : firefox-9.0.1-1.fc15 / gnome-python2-extras-2.25.3-35.fc15.4 / nspr-4.8.9-2.fc15 / etc (2011-17399)

high Nessus Plugin ID 57622

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The latest version of Firefox and Thunderbird have the following changes :

- Added Type Inference, significantly improving JavaScript performance

- Added support for querying Do Not Track status via JavaScript

- Added support for font-stretch

- Improved support for text-overflow

- Improved standards support for HTML5, MathML, and CSS

- Fixed several stability issues

- Fixed several security issues

Notable nss changes include :

1. SSL 2.0 is disabled by default.

2. A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it.

3. SHA-224 is supported.

4. Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code.

5. Added NSS_GetVersion to return the NSS version string.

6. Added experimental support of RSA-PSS to the softoken only (contributed by Hanno Bock, http://rsapss.hboeck.de/).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

https://rsapss.hboeck.de/

http://www.nessus.org/u?47ee3616

http://www.nessus.org/u?12cc855e

http://www.nessus.org/u?0bf1b5d3

http://www.nessus.org/u?3c745d9a

http://www.nessus.org/u?648a9ef9

http://www.nessus.org/u?9ab134ef

http://www.nessus.org/u?2aa50f32

http://www.nessus.org/u?9f1fb28a

http://www.nessus.org/u?0e3ea6b9

http://www.nessus.org/u?a402c324

Plugin Details

Severity: High

ID: 57622

File Name: fedora_2011-17399.nasl

Version: 1.12

Type: local

Agent: unix

Published: 1/23/2012

Updated: 1/11/2021

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:firefox, p-cpe:/a:fedoraproject:fedora:gnome-python2-extras, p-cpe:/a:fedoraproject:fedora:nspr, p-cpe:/a:fedoraproject:fedora:nss, p-cpe:/a:fedoraproject:fedora:nss-softokn, p-cpe:/a:fedoraproject:fedora:nss-util, p-cpe:/a:fedoraproject:fedora:perl-Gtk2-MozEmbed, p-cpe:/a:fedoraproject:fedora:thunderbird, p-cpe:/a:fedoraproject:fedora:thunderbird-lightning, p-cpe:/a:fedoraproject:fedora:xulrunner, cpe:/o:fedoraproject:fedora:15

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 12/23/2011

Reference Information

FEDORA: 2011-17399