English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.880667
Category:CentOS Local Security Checks
Title:CentOS Update for firefox CESA-2009:0436 centos5 i386
Summary:The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'firefox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)

Several flaws were found in the way malformed web content was processed. A
web page containing malicious content could execute arbitrary JavaScript in
the context of the site, possibly presenting misleading data to a user, or
stealing sensitive information such as login credentials. (CVE-2009-0652,
CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310,
CVE-2009-1312)

A flaw was found in the way Firefox saved certain web pages to a local
file. If a user saved the inner frame of a web page containing POST data,
the POST data could be revealed to the inner frame, possibly surrendering
sensitive information such as login credentials. (CVE-2009-1311)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.0.9. You can find a link to the Mozilla advisories
in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.0.9, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

Affected Software/OS:
firefox on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0652
BugTraq ID: 33837
http://www.securityfocus.com/bid/33837
Debian Security Information: DSA-1797 (Google Search)
http://www.debian.org/security/2009/dsa-1797
Debian Security Information: DSA-1830 (Google Search)
http://www.debian.org/security/2009/dsa-1830
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike
https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf
http://lists.immunitysec.com/pipermail/dailydave/2009-February/005556.html
http://lists.immunitysec.com/pipermail/dailydave/2009-February/005563.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11396
http://www.redhat.com/support/errata/RHSA-2009-0436.html
RedHat Security Advisories: RHSA-2009:0437
http://rhn.redhat.com/errata/RHSA-2009-0437.html
http://secunia.com/advisories/34096
http://secunia.com/advisories/34843
http://secunia.com/advisories/34844
http://secunia.com/advisories/34894
http://secunia.com/advisories/35042
http://secunia.com/advisories/35065
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
https://usn.ubuntu.com/764-1/
http://www.vupen.com/english/advisories/2009/1125
XForce ISS Database: mozilla-firefox-homoglyph-spoofing(48974)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48974
Common Vulnerability Exposure (CVE) ID: CVE-2009-1302
1022090
http://www.securitytracker.com/id?1022090
264308
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
34656
http://www.securityfocus.com/bid/34656
34758
http://secunia.com/advisories/34758
34780
http://secunia.com/advisories/34780
34843
34894
35042
35065
35602
http://secunia.com/advisories/35602
ADV-2009-1125
DSA-1797
DSA-1830
FEDORA-2009-3875
MDVSA-2009:111
MDVSA-2009:141
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
RHSA-2009:0436
SSA:2009-178-01
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
SUSE-SR:2009:010
USN-764-1
http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
https://bugzilla.mozilla.org/show_bug.cgi?id=428113
https://bugzilla.mozilla.org/show_bug.cgi?id=431260
https://bugzilla.mozilla.org/show_bug.cgi?id=432114
https://bugzilla.mozilla.org/show_bug.cgi?id=454276
https://bugzilla.mozilla.org/show_bug.cgi?id=461053
https://bugzilla.mozilla.org/show_bug.cgi?id=462517
https://bugzilla.mozilla.org/show_bug.cgi?id=467881
https://bugzilla.mozilla.org/show_bug.cgi?id=477775
https://bugzilla.mozilla.org/show_bug.cgi?id=483444
oval:org.mitre.oval:def:10106
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10106
oval:org.mitre.oval:def:5527
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5527
oval:org.mitre.oval:def:6070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6070
oval:org.mitre.oval:def:6170
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6170
oval:org.mitre.oval:def:7030
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7030
Common Vulnerability Exposure (CVE) ID: CVE-2009-1303
34844
35536
http://secunia.com/advisories/35536
RHSA-2009:0437
RHSA-2009:1125
http://www.redhat.com/support/errata/RHSA-2009-1125.html
RHSA-2009:1126
http://www.redhat.com/support/errata/RHSA-2009-1126.html
USN-782-1
http://www.ubuntu.com/usn/usn-782-1
https://bugzilla.mozilla.org/show_bug.cgi?id=453736
oval:org.mitre.oval:def:5810
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5810
oval:org.mitre.oval:def:5992
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5992
oval:org.mitre.oval:def:6151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6151
oval:org.mitre.oval:def:6646
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6646
oval:org.mitre.oval:def:9455
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9455
Common Vulnerability Exposure (CVE) ID: CVE-2009-1304
https://bugzilla.mozilla.org/show_bug.cgi?id=461158
https://bugzilla.mozilla.org/show_bug.cgi?id=475971
oval:org.mitre.oval:def:5319
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5319
oval:org.mitre.oval:def:5480
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5480
oval:org.mitre.oval:def:6015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6015
oval:org.mitre.oval:def:7516
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7516
oval:org.mitre.oval:def:9535
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9535
Common Vulnerability Exposure (CVE) ID: CVE-2009-1305
https://bugzilla.mozilla.org/show_bug.cgi?id=476049
oval:org.mitre.oval:def:10110
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10110
oval:org.mitre.oval:def:6090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6090
oval:org.mitre.oval:def:6232
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6232
oval:org.mitre.oval:def:6248
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6248
oval:org.mitre.oval:def:6921
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6921
Common Vulnerability Exposure (CVE) ID: CVE-2009-1306
1022095
http://www.securitytracker.com/id?1022095
http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
https://bugzilla.mozilla.org/show_bug.cgi?id=474536
oval:org.mitre.oval:def:10150
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10150
oval:org.mitre.oval:def:6021
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6021
oval:org.mitre.oval:def:6194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6194
oval:org.mitre.oval:def:6312
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6312
oval:org.mitre.oval:def:6710
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6710
Common Vulnerability Exposure (CVE) ID: CVE-2009-1307
1022093
http://www.securitytracker.com/id?1022093
35561
http://secunia.com/advisories/35561
35882
http://secunia.com/advisories/35882
FEDORA-2009-7567
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
FEDORA-2009-7614
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
SSA:2009-176-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
https://bugzilla.mozilla.org/show_bug.cgi?id=481342
oval:org.mitre.oval:def:10972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972
oval:org.mitre.oval:def:5933
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933
oval:org.mitre.oval:def:6154
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154
oval:org.mitre.oval:def:6266
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266
oval:org.mitre.oval:def:7008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008
Common Vulnerability Exposure (CVE) ID: CVE-2009-1308
1022097
http://www.securitytracker.com/id?1022097
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
https://bugzilla.mozilla.org/show_bug.cgi?id=481558
oval:org.mitre.oval:def:10428
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428
oval:org.mitre.oval:def:6173
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173
oval:org.mitre.oval:def:6185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185
oval:org.mitre.oval:def:6296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296
oval:org.mitre.oval:def:7285
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285
Common Vulnerability Exposure (CVE) ID: CVE-2009-1309
1022094
http://www.securitytracker.com/id?1022094
http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
https://bugzilla.mozilla.org/show_bug.cgi?id=478433
https://bugzilla.mozilla.org/show_bug.cgi?id=482206
oval:org.mitre.oval:def:5265
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5265
oval:org.mitre.oval:def:5591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5591
oval:org.mitre.oval:def:6139
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6139
oval:org.mitre.oval:def:6831
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6831
oval:org.mitre.oval:def:9494
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9494
Common Vulnerability Exposure (CVE) ID: CVE-2009-1310
36757
http://secunia.com/advisories/36757
DSA-1886
http://www.debian.org/security/2009/dsa-1886
http://www.mozilla.org/security/announce/2009/mfsa2009-20.html
https://bugzilla.mozilla.org/show_bug.cgi?id=483086
oval:org.mitre.oval:def:11520
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11520
oval:org.mitre.oval:def:6242
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6242
Common Vulnerability Exposure (CVE) ID: CVE-2009-1311
http://www.mozilla.org/security/announce/2009/mfsa2009-21.html
https://bugzilla.mozilla.org/show_bug.cgi?id=471962
oval:org.mitre.oval:def:10939
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10939
oval:org.mitre.oval:def:6200
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6200
oval:org.mitre.oval:def:6222
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6222
oval:org.mitre.oval:def:7235
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7235
Common Vulnerability Exposure (CVE) ID: CVE-2009-1312
1022096
http://www.securitytracker.com/id?1022096
20090702 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome
http://www.securityfocus.com/archive/1/504718/100/0/threaded
20090703 Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome
http://www.securityfocus.com/archive/1/504723/100/0/threaded
http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution/
http://websecurity.com.ua/3275/
http://websecurity.com.ua/3386/
http://www.mozilla.org/security/announce/2009/mfsa2009-22.html
https://bugzilla.mozilla.org/show_bug.cgi?id=475636
oval:org.mitre.oval:def:6064
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6064
oval:org.mitre.oval:def:6131
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6131
oval:org.mitre.oval:def:6731
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6731
oval:org.mitre.oval:def:9818
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9818
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.