English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 105790 CVE descriptions
and 56160 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63528
Category:Fedora Local Security Checks
Title:Fedora Core 9 FEDORA-2009-2421 (firefox)
Summary:Fedora Core 9 FEDORA-2009-2421 (firefox)
Description:Description:
The remote host is missing an update to firefox
announced via advisory FEDORA-2009-2421.

Update Information:

Update to the new upstream Firefox 3.0.7 / XULRunner 1.9.0.7 fixing multiple
security issues:
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.7

This update also contains new builds of all applications depending on
Gecko libraries, built against the new version.

Note: after the updated packages are installed, Firefox must be
restarted for the update to take effect.

References:

[ 1 ] Bug #488272 - CVE-2009-0771 Firefox 3 Layout Engine Crashes
https://bugzilla.redhat.com/show_bug.cgi?id=488272
[ 2 ] Bug #488273 - CVE-2009-0772 Firefox 2 and 3 - Layout engine crashes
https://bugzilla.redhat.com/show_bug.cgi?id=488273
[ 3 ] Bug #488276 - CVE-2009-0773 Firefox 3 crashes in the JavaScript engine
https://bugzilla.redhat.com/show_bug.cgi?id=488276
[ 4 ] Bug #488283 - CVE-2009-0774 Firefox 2 and 3 crashes in the JavaScript engine
https://bugzilla.redhat.com/show_bug.cgi?id=488283
[ 5 ] Bug #488287 - CVE-2009-0775 Firefox XUL Linked Clones Double Free Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=488287
[ 6 ] Bug #488290 - CVE-2009-0776 Firefox XML data theft via RDFXMLDataSource and cross-domain redirect
https://bugzilla.redhat.com/show_bug.cgi?id=488290
[ 7 ] Bug #488292 - CVE-2009-0777 Firefox URL spoofing with invisible control characters
https://bugzilla.redhat.com/show_bug.cgi?id=488292

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update firefox' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2421

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0771
Debian Security Information: DSA-1751 (Google Search)
http://www.debian.org/security/2009/dsa-1751
Debian Security Information: DSA-1830 (Google Search)
http://www.debian.org/security/2009/dsa-1830
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
http://www.redhat.com/support/errata/RHSA-2009-0315.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
SuSE Security Announcement: SUSE-SA:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
BugTraq ID: 33990
http://www.securityfocus.com/bid/33990
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11314
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5250
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6163
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6196
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6755
http://www.securitytracker.com/id?1021795
http://secunia.com/advisories/34145
http://secunia.com/advisories/34272
http://secunia.com/advisories/34383
http://secunia.com/advisories/34462
http://secunia.com/advisories/34464
http://secunia.com/advisories/34527
http://secunia.com/advisories/34140
http://www.vupen.com/english/advisories/2009/0632
Common Vulnerability Exposure (CVE) ID: CVE-2009-0772
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
http://www.redhat.com/support/errata/RHSA-2009-0258.html
http://www.redhat.com/support/errata/RHSA-2009-0325.html
SuSE Security Announcement: SUSE-SA:2009:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
http://www.ubuntulinux.org/support/documentation/usn/usn-741-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5703
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5945
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6097
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6811
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9609
http://secunia.com/advisories/34387
http://secunia.com/advisories/34324
http://secunia.com/advisories/34417
http://secunia.com/advisories/34137
Common Vulnerability Exposure (CVE) ID: CVE-2009-0773
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10491
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5856
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5980
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6141
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6708
Common Vulnerability Exposure (CVE) ID: CVE-2009-0774
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11138
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5947
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6057
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6121
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6945
Common Vulnerability Exposure (CVE) ID: CVE-2009-0775
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5806
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5816
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6207
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7584
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9681
http://www.securitytracker.com/id?1021796
Common Vulnerability Exposure (CVE) ID: CVE-2009-0776
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5956
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6017
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6191
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7390
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9241
http://www.securitytracker.com/id?1021797
Common Vulnerability Exposure (CVE) ID: CVE-2009-0777
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11222
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6039
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6157
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6229
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7435
http://securitytracker.com/alerts/2009/Mar/1021799.html
XForce ISS Database: mozilla-invisible-url-spoofing(49087)
http://xforce.iss.net/xforce/xfdb/49087
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 56160 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2017 E-Soft Inc. All rights reserved.