| Description: | Summary:
The remote host is missing an update to firefox
announced via advisory MDVSA-2009:182.
Vulnerability Insight:
Security vulnerabilities have been discovered and corrected in Mozilla
Firefox 3.0.x:
Several flaws were discovered in the Firefox browser and
JavaScript engines, which could allow a malicious website to
cause a denial of service or possibly execute arbitrary code with
user privileges. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464,
CVE-2009-2465, CVE-2009-2466, CVE-2009-2468, CVE-2009-2471)
Attila Suszter discovered a flaw in the way Firefox processed
Flash content, which could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-2467)
It was discovered that Firefox did not properly handle some
SVG content, which could lead to a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-2469)
A flaw was discovered in the JavaScript engine which could be used
to perform cross-site scripting attacks. (CVE-2009-2472)
This update provides the latest Mozilla Firefox 3.0.x to correct
these issues.
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
Affected: 2009.0, 2009.1
Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
