Red Hat Local Security Checks : RedHat Security Advisory RHSA-2008:0978

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.61815
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2008:0978
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2008:0978. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially-crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened file: URIs. If a file: URI was loaded in the same tab as a chrome or privileged about: page, the file: URI could execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-5015) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.4. You can find a link to the Mozilla advisories in the References section. All firefox users should upgrade to these updated packages, which contain backported patches that correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0978.html http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.4 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0017 BugTraq ID: 32281 http://www.securityfocus.com/bid/32281 Cert/CC Advisory: TA08-319A http://www.us-cert.gov/cas/techalerts/TA08-319A.html Debian Security Information: DSA-1669 (Google Search) http://www.debian.org/security/2008/dsa-1669 Debian Security Information: DSA-1671 (Google Search) http://www.debian.org/security/2008/dsa-1671 Debian Security Information: DSA-1697 (Google Search) http://www.debian.org/security/2009/dsa-1697 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html ISS Security Advisory: 20081113 Mozilla Unchecked Allocation Remote Code Execution http://www.iss.net/threats/311.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 https://bugzilla.mozilla.org/show_bug.cgi?id=443299 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11005 http://www.redhat.com/support/errata/RHSA-2008-0977.html http://www.redhat.com/support/errata/RHSA-2008-0978.html http://www.securitytracker.com/id?1021185 http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32714 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32845 http://secunia.com/advisories/32853 http://secunia.com/advisories/33433 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 SuSE Security Announcement: SUSE-SA:2008:055 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://ubuntu.com/usn/usn-667-1 http://www.vupen.com/english/advisories/2008/3146 http://www.vupen.com/english/advisories/2009/0977 Common Vulnerability Exposure (CVE) ID: CVE-2008-5014 1021182 http://www.securitytracker.com/id?1021182 256408 32011 http://secunia.com/advisories/32011 32281 32684 32693 32694 32695 32714 32715 http://secunia.com/advisories/32715 32721 32778 32798 http://secunia.com/advisories/32798 32845 32853 33433 33434 http://secunia.com/advisories/33434 34501 ADV-2008-3146 ADV-2009-0977 DSA-1669 DSA-1671 DSA-1696 http://www.debian.org/security/2009/dsa-1696 DSA-1697 FEDORA-2008-9667 FEDORA-2008-9669 MDVSA-2008:228 MDVSA-2008:230 MDVSA-2008:235 http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 RHSA-2008:0976 http://www.redhat.com/support/errata/RHSA-2008-0976.html RHSA-2008:0977 RHSA-2008:0978 SUSE-SA:2008:055 TA08-319A USN-667-1 http://www.mozilla.org/security/announce/2008/mfsa2008-50.html https://bugzilla.mozilla.org/show_bug.cgi?id=436741 oval:org.mitre.oval:def:9157 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9157 Common Vulnerability Exposure (CVE) ID: CVE-2008-5015 1021191 http://www.securitytracker.com/id?1021191 32713 http://www.mozilla.org/security/announce/2008/mfsa2008-51.html https://bugzilla.mozilla.org/show_bug.cgi?id=447579 oval:org.mitre.oval:def:11063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11063 Common Vulnerability Exposure (CVE) ID: CVE-2008-5016 1021183 http://www.securitytracker.com/id?1021183 http://www.mozilla.org/security/announce/2008/mfsa2008-52.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=439206%2C453406%2C458637%2C444864%2C452157%2C449111%2C444260%2C457375%2C433429%2C443528%2C430394 oval:org.mitre.oval:def:11356 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11356 Common Vulnerability Exposure (CVE) ID: CVE-2008-5017 https://bugzilla.mozilla.org/show_bug.cgi?id=455987 oval:org.mitre.oval:def:11436 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11436 Common Vulnerability Exposure (CVE) ID: CVE-2008-5018 https://bugzilla.mozilla.org/show_bug.cgi?id=452786 oval:org.mitre.oval:def:9872 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9872 Common Vulnerability Exposure (CVE) ID: CVE-2008-5019 1021184 http://www.securitytracker.com/id?1021184 http://www.mozilla.org/security/announce/2008/mfsa2008-53.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=459906%2C460983 oval:org.mitre.oval:def:10943 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10943 Common Vulnerability Exposure (CVE) ID: CVE-2008-5021 1021186 http://www.securitytracker.com/id?1021186 http://www.mozilla.org/security/announce/2008/mfsa2008-55.html https://bugzilla.mozilla.org/show_bug.cgi?id=460002 oval:org.mitre.oval:def:9642 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 Common Vulnerability Exposure (CVE) ID: CVE-2008-5022 1021188 http://www.securitytracker.com/id?1021188 http://www.mozilla.org/security/announce/2008/mfsa2008-56.html oval:org.mitre.oval:def:11186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11186 Common Vulnerability Exposure (CVE) ID: CVE-2008-5023 1021189 http://www.securitytracker.com/id?1021189 http://www.mozilla.org/security/announce/2008/mfsa2008-57.html https://bugzilla.mozilla.org/show_bug.cgi?id=424733 oval:org.mitre.oval:def:9908 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908 Common Vulnerability Exposure (CVE) ID: CVE-2008-5024 1021192 http://www.securitytracker.com/id?1021192 http://www.mozilla.org/security/announce/2008/mfsa2008-58.html https://bugzilla.mozilla.org/show_bug.cgi?id=453915 oval:org.mitre.oval:def:9063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9063
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com