| Description: | Summary:
The remote host is missing an update for the 'firefox'
package(s) announced via the referenced advisory.
Vulnerability Insight:
Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could possibly lead to arbitrary code
execution with the privileges of the user running Firefox. (CVE-2011-0080,
CVE-2011-0081)
An arbitrary memory write flaw was found in the way Firefox handled
out-of-memory conditions. If all memory was consumed when a user visited a
malicious web page, it could possibly lead to arbitrary code execution
with the privileges of the user running Firefox. (CVE-2011-0078)
An integer overflow flaw was found in the way Firefox handled the HTML
frameset tag. A web page with a frameset tag containing large values for
the 'rows' and 'cols' attributes could trigger this flaw, possibly leading
to arbitrary code execution with the privileges of the user running
Firefox. (CVE-2011-0077)
A flaw was found in the way Firefox handled the HTML iframe tag. A web page
with an iframe tag containing a specially-crafted source address could
trigger this flaw, possibly leading to arbitrary code execution with the
privileges of the user running Firefox. (CVE-2011-0075)
A flaw was found in the way Firefox displayed multiple marquee elements. A
malformed HTML document could cause Firefox to execute arbitrary code with
the privileges of the user running Firefox. (CVE-2011-0074)
A flaw was found in the way Firefox handled the nsTreeSelection element.
Malformed content could cause Firefox to execute arbitrary code with the
privileges of the user running Firefox. (CVE-2011-0073)
A use-after-free flaw was found in the way Firefox appended frame and
iframe elements to a DOM tree when the NoScript add-on was enabled.
Malicious HTML content could cause Firefox to execute arbitrary code with
the privileges of the user running Firefox. (CVE-2011-0072)
A directory traversal flaw was found in the Firefox resource:// protocol
handler. Malicious content could cause Firefox to access arbitrary files
accessible to the user running Firefox. (CVE-2011-0071)
A double free flaw was found in the way Firefox handled
'application/http-index-format' documents. A malformed HTTP response could
cause Firefox to execute arbitrary code with the privileges of the user
running Firefox. (CVE-2011-0070)
A flaw was found in the way Firefox handled certain JavaScript cross-domain
requests. If malicious content generated a large number of cross-domain
JavaScript reque ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
firefox on CentOS 4
Solution:
Please install the updated packages.
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
