Test ID:	1.3.6.1.4.1.25623.1.0.66831
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2010:0112
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2010:0112. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0159, CVE-2010-0160) Two flaws were found in the way certain content was processed. An attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript. (CVE-2009-3988, CVE-2010-0162) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.18. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0112.html http://www.redhat.com/security/updates/classification/#critical http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.18 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1571 Bugtraq: 20100218 Secunia Research: Mozilla Firefox Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/509585/100/0/threaded Debian Security Information: DSA-1999 (Google Search) http://www.debian.org/security/2010/dsa-1999 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 http://www.mandriva.com/security/advisories?name=MDVSA-2010:051 http://secunia.com/secunia_research/2009-45/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11227 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8615 http://www.redhat.com/support/errata/RHSA-2010-0112.html http://www.redhat.com/support/errata/RHSA-2010-0113.html http://www.redhat.com/support/errata/RHSA-2010-0153.html http://www.redhat.com/support/errata/RHSA-2010-0154.html http://secunia.com/advisories/37242 http://secunia.com/advisories/38770 http://secunia.com/advisories/38772 http://secunia.com/advisories/38847 SuSE Security Announcement: SUSE-SA:2010:015 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://www.ubuntu.com/usn/USN-895-1 http://www.ubuntu.com/usn/USN-896-1 http://www.vupen.com/english/advisories/2010/0405 http://www.vupen.com/english/advisories/2010/0650 XForce ISS Database: mozilla-htmlparser-code-exec(56361) https://exchange.xforce.ibmcloud.com/vulnerabilities/56361 Common Vulnerability Exposure (CVE) ID: CVE-2009-3988 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9384 XForce ISS Database: mozilla-showmodaldialog-xss(56362) https://exchange.xforce.ibmcloud.com/vulnerabilities/56362 Common Vulnerability Exposure (CVE) ID: CVE-2010-0159 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8485 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9590 XForce ISS Database: mozilla-browsereng-code-execution(56359) https://exchange.xforce.ibmcloud.com/vulnerabilities/56359 Common Vulnerability Exposure (CVE) ID: CVE-2010-0160 Bugtraq: 20100402 ZDI-10-046: Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/510533/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-046 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11166 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8465 XForce ISS Database: mozilla-webworkers-code-execution(56360) https://exchange.xforce.ibmcloud.com/vulnerabilities/56360 Common Vulnerability Exposure (CVE) ID: CVE-2010-0162 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10697 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8631 XForce ISS Database: mozilla-svg-xss(56363) https://exchange.xforce.ibmcloud.com/vulnerabilities/56363
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.