[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2009:1430 -- centos 5 x86_64 firefox, nspr and xulrunner

ID: oval:org.secpod.oval:def:202113Date: (C)2012-01-31   (M)2024-02-19
Class: PATCHFamily: unix




Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime . Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A use-after-free flaw was found in Firefox. An attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox handles malformed JavaScript. A website with an object containing malicious JavaScript could execute that JavaScript with the privileges of the user running Firefox. Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user"s machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox displays the address bar when window.open is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. A flaw was found in the way Firefox displays certain Unicode characters. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.14. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.14, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

Platform:
CentOS 5
Product:
firefox
xulrunner
nspr
Reference:
CESA-2009:1430
CVE-2009-2654
CVE-2009-3070
CVE-2009-3071
CVE-2009-3072
CVE-2009-3074
CVE-2009-3075
CVE-2009-3076
CVE-2009-3077
CVE-2009-3078
CVE-2009-3079
CVE    10
CVE-2009-2654
CVE-2009-3077
CVE-2009-3078
CVE-2009-3079
...
CPE    94
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
cpe:/a:mozilla:firefox:3.5.1
cpe:/a:mozilla:firefox:3.5.2
...

© SecPod Technologies