Oracle Linux 4 / 5 : firefox (ELSA-2007-0400)
High Nessus Plugin ID 67509
SynopsisThe remote Oracle Linux host is missing one or more security updates.
DescriptionFrom Red Hat Security Advisory 2007:0400 :
Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
Mozilla Firefox is an open source Web browser.
A flaw was found in the way Firefox handled certain FTP PASV commands.
A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562)
Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious website that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869)
A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site.
Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 220.127.116.11 that corrects these issues.
SolutionUpdate the affected firefox packages.