| Beschreibung: | Summary:
The remote host is missing an update for the 'mozilla'
package(s) announced via the referenced advisory.
Vulnerability Insight:
Security issues were identified and fixed in mozilla firefox and
thunderbird:
Security researchers Blair Strang and Scott Bell of Security Assessment
found that when a parent window spawns and closes a child window that
uses the file open dialog, a crash can be induced in shlwapi.dll on
32-bit Windows 7 systems. This crash may be potentially exploitable
(CVE-2012-0454).
Firefox prevents the dropping of javascript: links onto a frame
to prevent malicious sites from tricking users into performing
a cross-site scripting (XSS) attacks on themselves. Security
researcher Soroush Dalili reported a way to bypass this protection
(CVE-2012-0455).
Security researcher Atte Kettunen from OUSPG found two issues with
Firefox's handling of SVG using the Address Sanitizer tool. The first
issue, critically rated, is a use-after-free in SVG animation that
could potentially lead to arbitrary code execution. The second issue
is rated moderate and is an out of bounds read in SVG Filters. This
could potentially incorporate data from the user's memory, making it
accessible to the page content (CVE-2012-0457, CVE-2012-0456).
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
mozilla on Mandriva Linux 2011.0
Solution:
Please Install the Updated Packages.
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
