Detections
Analytics
RHEL 5 / 6 : firefox (RHSA-2012:0515)
medium Nessus Plugin ID 58867
Language:
Synopsis
The remote Red Hat host is missing one or more security updates for firefox.Description
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0515 advisory.- Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31) (CVE-2011-3062)
- Mozilla: Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4) (MFSA 2012-20) (CVE-2012-0467, CVE-2012-0468)
- Mozilla: use-after-free in IDBKeyRange (MFSA 2012-22) (CVE-2012-0469)
- Mozilla: Invalid frees causes heap corruption in gfxImageSurface (MFSA 2012-23) (CVE-2012-0470)
- Mozilla: Potential XSS via multibyte content processing errors (MFSA 2012-24) (CVE-2012-0471)
- Mozilla: Potential memory corruption during font rendering using cairo-dwrite (MFSA 2012-25) (CVE-2012-0472)
- Mozilla: WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error (MFSA 2012-26) (CVE-2012-0473)
- Mozilla: Page load short-circuit can lead to XSS (MFSA 2012-27) (CVE-2012-0474)
- Mozilla: Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues (MFSA 2012-29) (CVE-2012-0477)
- Mozilla: Crash with WebGL content using textImage2D (MFSA 2012-30) (CVE-2012-0478)
- Mozilla: Potential site identity spoofing when loading RSS and Atom feeds (MFSA 2012-33) (CVE-2012-0479)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL firefox package based on the guidance in RHSA-2012:0515.See Also
http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
http://www.nessus.org/u?c55d772c
https://access.redhat.com/errata/RHSA-2012:0515
https://access.redhat.com/security/updates/classification/#critical
https://bugzilla.redhat.com/show_bug.cgi?id=815000
https://bugzilla.redhat.com/show_bug.cgi?id=815019
https://bugzilla.redhat.com/show_bug.cgi?id=815020
https://bugzilla.redhat.com/show_bug.cgi?id=815021
https://bugzilla.redhat.com/show_bug.cgi?id=815022
https://bugzilla.redhat.com/show_bug.cgi?id=815023
https://bugzilla.redhat.com/show_bug.cgi?id=815024
https://bugzilla.redhat.com/show_bug.cgi?id=815026
https://bugzilla.redhat.com/show_bug.cgi?id=815037
Plugin Details
Severity: Medium
ID: 58867
File Name: redhat-RHSA-2012-0515.nasl
Version: 1.30
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 4/25/2012
Updated: 4/21/2024
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.8
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2012-0470
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
CVSS Score Source: CVE-2012-0474
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:firefox, p-cpe:/a:redhat:enterprise_linux:xulrunner, p-cpe:/a:redhat:enterprise_linux:xulrunner-devel, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:6
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/24/2012
Vulnerability Publication Date: 3/30/2012
Reference Information
CVE: CVE-2011-3062, CVE-2012-0467, CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479
BID: 53218, 53219, 53220, 53221, 53222, 53223, 53224, 53225, 53227, 53228, 53229, 53231