Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.69176
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2011:0310
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2011:0310.

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

A flaw was found in the way Firefox sanitized HTML content in extensions.
If an extension loaded or rendered malicious content using the
ParanoidFragmentSink class, it could fail to safely display the content,
causing Firefox to execute arbitrary JavaScript with the privileges of the
user running Firefox. (CVE-2010-1585)

A flaw was found in the way Firefox handled dialog boxes. An attacker could
use this flaw to create a malicious web page that would present a blank
dialog box that has non-functioning buttons. If a user closes the dialog
box window, it could unexpectedly grant the malicious web page elevated
privileges. (CVE-2011-0051)

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2011-0053, CVE-2011-0055, CVE-2011-0058, CVE-2011-0062)

Several flaws were found in the way Firefox handled malformed JavaScript. A
website containing malicious JavaScript could cause Firefox to execute that
JavaScript with the privileges of the user running Firefox. (CVE-2011-0054,
CVE-2011-0056, CVE-2011-0057)

A flaw was found in the way Firefox handled malformed JPEG images. A
website containing a malicious JPEG image could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2011-0061)

A flaw was found in the way Firefox handled plug-ins that perform HTTP
requests. If a plug-in performed an HTTP request, and the server sent a 307
redirect response, the plug-in was not notified, and the HTTP request was
forwarded. The forwarded request could contain custom headers, which could
result in a Cross Site Request Forgery attack. (CVE-2011-0059)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.14. You can find a link to the Mozilla
advisories in the References section of this erratum.

This update also fixes the following bug:

* On Red Hat Enterprise Linux 4 and 5, running the firefox
- -setDefaultBrowser command caused warnings such as the following:

libgnomevfs-WARNING **: Deprecated function. User modifications to the
MIME database are no longer supported.

This update disables the setDefaultBrowser option. Red Hat Enterprise
Linux 4 users wishing to set a default web browser can use Applications ->
Preferences -> More Preferences -> Preferred Applications. Red Hat
Enterprise Linux 5 users can use System -> Preferences -> Preferred
Applications. (BZ#463131, BZ#665031)

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.14, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-0310.html
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.14

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-1585
Bugtraq: 20100421 Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox & Exploiting Cross Context Scripting vulnerabilities in Firefox (Google Search)
http://www.securityfocus.com/archive/1/510883/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2011:041
http://www.mandriva.com/security/advisories?name=MDVSA-2011:042
http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12532
Common Vulnerability Exposure (CVE) ID: CVE-2011-0051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211
http://www.redhat.com/support/errata/RHSA-2011-0312.html
http://www.redhat.com/support/errata/RHSA-2011-0313.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-0053
BugTraq ID: 46645
http://www.securityfocus.com/bid/46645
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14379
Common Vulnerability Exposure (CVE) ID: CVE-2011-0054
BugTraq ID: 46648
http://www.securityfocus.com/bid/46648
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14018
Common Vulnerability Exposure (CVE) ID: CVE-2011-0055
BugTraq ID: 46661
http://www.securityfocus.com/bid/46661
Bugtraq: 20110302 ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/516802
http://www.zerodayinitiative.com/advisories/ZDI-11-103/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14476
Common Vulnerability Exposure (CVE) ID: CVE-2011-0056
BugTraq ID: 46650
http://www.securityfocus.com/bid/46650
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14013
Common Vulnerability Exposure (CVE) ID: CVE-2011-0057
BugTraq ID: 46663
http://www.securityfocus.com/bid/46663
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14200
Common Vulnerability Exposure (CVE) ID: CVE-2011-0058
BugTraq ID: 46660
http://www.securityfocus.com/bid/46660
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14254
Common Vulnerability Exposure (CVE) ID: CVE-2011-0059
BugTraq ID: 46652
http://www.securityfocus.com/bid/46652
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14473
Common Vulnerability Exposure (CVE) ID: CVE-2011-0061
BugTraq ID: 46651
http://www.securityfocus.com/bid/46651
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14486
Common Vulnerability Exposure (CVE) ID: CVE-2011-0062
BugTraq ID: 46647
http://www.securityfocus.com/bid/46647
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14409
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.