Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871163
Category:Red Hat Local Security Checks
Title:RedHat Update for firefox RHSA-2014:0448-01
Summary:The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'firefox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla Firefox is an open source web browser.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)

A use-after-free flaw was found in the way Firefox resolved hosts in
certain circumstances. An attacker could use this flaw to crash Firefox or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1532)

An out-of-bounds read flaw was found in the way Firefox decoded JPEG
images. Loading a web page containing a specially crafted JPEG image could
cause Firefox to crash. (CVE-2014-1523)

A flaw was found in the way Firefox handled browser navigations through
history. An attacker could possibly use this flaw to cause the address bar
of the browser to display a web page name while loading content from an
entirely different web page, which could allow for cross-site scripting
(XSS) attacks. (CVE-2014-1530)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary
Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,
Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and Jesse
Schwartzentrube as the original reporters of these issues.

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.5.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to this updated package, which contains
Firefox version 24.5.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.

Affected Software/OS:
firefox on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-1518
BugTraq ID: 67123
http://www.securityfocus.com/bid/67123
Debian Security Information: DSA-2918 (Google Search)
http://www.debian.org/security/2014/dsa-2918
Debian Security Information: DSA-2924 (Google Search)
http://www.debian.org/security/2014/dsa-2924
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html
https://security.gentoo.org/glsa/201504-01
RedHat Security Advisories: RHSA-2014:0448
http://rhn.redhat.com/errata/RHSA-2014-0448.html
RedHat Security Advisories: RHSA-2014:0449
http://rhn.redhat.com/errata/RHSA-2014-0449.html
http://www.securitytracker.com/id/1030163
http://www.securitytracker.com/id/1030164
http://secunia.com/advisories/59866
SuSE Security Announcement: SUSE-SU-2014:0665 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html
SuSE Security Announcement: SUSE-SU-2014:0727 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html
SuSE Security Announcement: openSUSE-SU-2014:0599 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html
SuSE Security Announcement: openSUSE-SU-2014:0602 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html
SuSE Security Announcement: openSUSE-SU-2014:0629 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html
SuSE Security Announcement: openSUSE-SU-2014:0640 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html
http://www.ubuntu.com/usn/USN-2185-1
http://www.ubuntu.com/usn/USN-2189-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-1523
BugTraq ID: 67129
http://www.securityfocus.com/bid/67129
http://www.securitytracker.com/id/1030165
Common Vulnerability Exposure (CVE) ID: CVE-2014-1524
BugTraq ID: 67131
http://www.securityfocus.com/bid/67131
Common Vulnerability Exposure (CVE) ID: CVE-2014-1529
BugTraq ID: 67135
http://www.securityfocus.com/bid/67135
Common Vulnerability Exposure (CVE) ID: CVE-2014-1530
BugTraq ID: 67137
http://www.securityfocus.com/bid/67137
Common Vulnerability Exposure (CVE) ID: CVE-2014-1531
BugTraq ID: 67134
http://www.securityfocus.com/bid/67134
Common Vulnerability Exposure (CVE) ID: CVE-2014-1532
BugTraq ID: 67130
http://www.securityfocus.com/bid/67130
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.