Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67171
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0332
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0332.

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several use-after-free flaws were found in Firefox. Visiting a web page
containing malicious content could result in Firefox executing arbitrary
code with the privileges of the user running Firefox. (CVE-2010-0175,
CVE-2010-0176, CVE-2010-0177)

A flaw was found in Firefox that could allow an applet to generate a drag
and drop action from a mouse click. Such an action could be used to execute
arbitrary JavaScript with the privileges of the user running Firefox.
(CVE-2010-0178)

A privilege escalation flaw was found in Firefox when the Firebug add-on is
in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome
privilege escalation flaw that could be used to execute arbitrary
JavaScript with the privileges of the user running Firefox. (CVE-2010-0179)

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2010-0174)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.0.19. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.0.19, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0332.html
http://www.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.19

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0174
Debian Security Information: DSA-2027 (Google Search)
http://www.debian.org/security/2010/dsa-2027
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7615
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9502
http://www.redhat.com/support/errata/RHSA-2010-0332.html
http://www.redhat.com/support/errata/RHSA-2010-0333.html
http://securitytracker.com/id?1023775
http://securitytracker.com/id?1023781
http://secunia.com/advisories/38566
http://secunia.com/advisories/39117
http://secunia.com/advisories/39136
http://secunia.com/advisories/39204
http://secunia.com/advisories/39240
http://secunia.com/advisories/39242
http://secunia.com/advisories/39243
http://secunia.com/advisories/39308
http://secunia.com/advisories/39397
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://ubuntu.com/usn/usn-921-1
http://www.vupen.com/english/advisories/2010/0748
http://www.vupen.com/english/advisories/2010/0764
http://www.vupen.com/english/advisories/2010/0765
http://www.vupen.com/english/advisories/2010/0781
http://www.vupen.com/english/advisories/2010/0790
http://www.vupen.com/english/advisories/2010/0849
XForce ISS Database: mozilla-browser-eng-code-exec(57389)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57389
Common Vulnerability Exposure (CVE) ID: CVE-2010-0175
Bugtraq: 20100402 ZDI-10-050: Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/510542/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-050
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7546
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9834
http://securitytracker.com/id?1023780
http://securitytracker.com/id?1023782
XForce ISS Database: firefox-nstreeselection-code-execution(57390)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57390
Common Vulnerability Exposure (CVE) ID: CVE-2010-0176
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7222
http://securitytracker.com/id?1023776
XForce ISS Database: firefox-nstreecontentview-code-exec(57392)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57392
Common Vulnerability Exposure (CVE) ID: CVE-2010-0177
Bugtraq: 20100402 ZDI-10-049: Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/510540/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-049
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10833
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7622
XForce ISS Database: firefox-nspluginarray-code-execution(57393)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57393
Common Vulnerability Exposure (CVE) ID: CVE-2010-0178
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10460
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6975
XForce ISS Database: firefox-draganddrop-code-execution(57391)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57391
Common Vulnerability Exposure (CVE) ID: CVE-2010-0179
BugTraq ID: 39124
http://www.securityfocus.com/bid/39124
http://www.mandriva.com/security/advisories?name=MDVSA-2010:251
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6971
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9446
http://securitytracker.com/id?1023783
http://secunia.com/advisories/3924
http://secunia.com/advisories/42818
SuSE Security Announcement: SUSE-SA:2011:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html
http://www.vupen.com/english/advisories/2011/0030
XForce ISS Database: firefox-firebug-code-execution(57394)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57394
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.