Detections
Analytics
Scientific Linux Security Update : firefox on SL4.x i386/x86_64
critical Nessus Plugin ID 60766
Language:
Synopsis
The remote Scientific Linux host is missing a security update.Description
Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox.(CVE-2010-0175, CVE-2010-0176, CVE-2010-0177)
A flaw was found in Firefox that could allow an applet to generate a drag and drop action from a mouse click. Such an action could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0178)
A privilege escalation flaw was found in Firefox when the Firebug add-on is in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome privilege escalation flaw that could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0179)
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0174)
After installing the update, Firefox must be restarted for the changes to take effect.
Solution
Update the affected firefox package.See Also
Plugin Details
Severity: Critical
ID: 60766
File Name: sl_20100330_firefox_on_SL4_x.nasl
Version: 1.5
Type: local
Agent: unix
Published: 8/1/2012
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: x-cpe:/o:fermilab:scientific_linux
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Patch Publication Date: 3/30/2010
Reference Information
CVE: CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179