| Description: | Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts, sqlite3' package(s) announced via the MGASA-2013-0320 advisory.
Vulnerability Insight:
Updated firefox packages fix security vulnerabilities:
Mozilla Network Security Services (NSS) before 3.15.2 does not ensure
that data structures are initialized before read operations, which
allow remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors that trigger a decryption failure
(CVE-2013-1739).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to terminate
unexpectedly or, potentially, execute arbitrary code with the privileges of
the user running Firefox (CVE-2013-5590, CVE-2013-5597, CVE-2013-5599,
CVE-2013-5600, CVE-2013-5601, CVE-2013-5602).
It was found that the Firefox JavaScript engine incorrectly allocated
memory for certain functions. An attacker could combine this flaw with
other vulnerabilities to execute arbitrary code with the privileges of the
user running Firefox (CVE-2013-5595).
A flaw was found in the way Firefox handled certain Extensible Stylesheet
Language Transformations (XSLT) files. An attacker could combine this flaw
with other vulnerabilities to execute arbitrary code with the privileges of
the user running Firefox (CVE-2013-5604).
Additionally, the rootcerts, nspr, nss, and sqlite3 packages have been updated
to newer versions required by this update.
Affected Software/OS:
'firefox, firefox-l10n, nspr, nss, rootcerts, sqlite3' package(s) on Mageia 2, Mageia 3.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
