Test ID:	1.3.6.1.4.1.25623.1.0.880768
Category:	CentOS Local Security Checks
Title:	CentOS Update for firefox CESA-2009:0315 centos5 i386
Summary:	The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the referenced advisory. Vulnerability Insight: Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. A website containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0776, CVE-2009-0777) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.7. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.7, and which correct these issues. After installing the update, Firefox must be restarted for the changes to take effect. Affected Software/OS: firefox on CentOS 5 Solution: Please install the updated packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0040 1020521 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1 20090312 rPSA-2009-0046-1 libpng http://www.securityfocus.com/archive/1/501767/100/0/threaded 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues http://www.securityfocus.com/archive/1/503912/100/0/threaded 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server http://www.securityfocus.com/archive/1/505990/100/0/threaded 259989 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1 33827 http://www.securityfocus.com/bid/33827 33970 http://secunia.com/advisories/33970 33976 http://secunia.com/advisories/33976 33990 http://www.securityfocus.com/bid/33990 34137 http://secunia.com/advisories/34137 34140 http://secunia.com/advisories/34140 34143 http://secunia.com/advisories/34143 34145 http://secunia.com/advisories/34145 34152 http://secunia.com/advisories/34152 34210 http://secunia.com/advisories/34210 34265 http://secunia.com/advisories/34265 34272 http://secunia.com/advisories/34272 34320 http://secunia.com/advisories/34320 34324 http://secunia.com/advisories/34324 34388 http://secunia.com/advisories/34388 34462 http://secunia.com/advisories/34462 34464 http://secunia.com/advisories/34464 35074 http://secunia.com/advisories/35074 35258 http://secunia.com/advisories/35258 35302 http://secunia.com/advisories/35302 35379 http://secunia.com/advisories/35379 35386 http://secunia.com/advisories/35386 36096 http://secunia.com/advisories/36096 ADV-2009-0469 http://www.vupen.com/english/advisories/2009/0469 ADV-2009-0473 http://www.vupen.com/english/advisories/2009/0473 ADV-2009-0632 http://www.vupen.com/english/advisories/2009/0632 ADV-2009-1297 http://www.vupen.com/english/advisories/2009/1297 ADV-2009-1451 http://www.vupen.com/english/advisories/2009/1451 ADV-2009-1462 http://www.vupen.com/english/advisories/2009/1462 ADV-2009-1522 http://www.vupen.com/english/advisories/2009/1522 ADV-2009-1560 http://www.vupen.com/english/advisories/2009/1560 ADV-2009-1621 http://www.vupen.com/english/advisories/2009/1621 ADV-2009-2172 http://www.vupen.com/english/advisories/2009/2172 APPLE-SA-2009-05-12 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html APPLE-SA-2009-06-08-1 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html APPLE-SA-2009-06-17-1 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html APPLE-SA-2009-08-05-1 http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html DSA-1750 http://www.debian.org/security/2009/dsa-1750 DSA-1830 http://www.debian.org/security/2009/dsa-1830 FEDORA-2009-1976 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html FEDORA-2009-2045 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html FEDORA-2009-2882 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html FEDORA-2009-2884 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html GLSA-200903-28 http://security.gentoo.org/glsa/glsa-200903-28.xml GLSA-201209-25 http://security.gentoo.org/glsa/glsa-201209-25.xml MDVSA-2009:051 http://www.mandriva.com/security/advisories?name=MDVSA-2009:051 MDVSA-2009:075 http://www.mandriva.com/security/advisories?name=MDVSA-2009:075 MDVSA-2009:083 http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 RHSA-2009:0315 http://www.redhat.com/support/errata/RHSA-2009-0315.html RHSA-2009:0325 http://www.redhat.com/support/errata/RHSA-2009-0325.html RHSA-2009:0333 http://www.redhat.com/support/errata/RHSA-2009-0333.html RHSA-2009:0340 http://www.redhat.com/support/errata/RHSA-2009-0340.html SSA:2009-083-02 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 SSA:2009-083-03 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952 SUSE-SA:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html SUSE-SA:2009:023 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html SUSE-SR:2009:005 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html TA09-218A http://www.us-cert.gov/cas/techalerts/TA09-218A.html VU#649212 http://www.kb.cert.org/vuls/id/649212 [png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server http://lists.vmware.com/pipermail/security-announce/2009/000062.html ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441 http://support.apple.com/kb/HT3549 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639 http://support.apple.com/kb/HT3757 http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document http://wiki.rpath.com/Advisories:rPSA-2009-0046 http://www.vmware.com/security/advisories/VMSA-2009-0007.html libpng-pointer-arrays-code-execution(48819) https://exchange.xforce.ibmcloud.com/vulnerabilities/48819 oval:org.mitre.oval:def:10316 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316 oval:org.mitre.oval:def:6458 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458 Common Vulnerability Exposure (CVE) ID: CVE-2009-0771 1021795 http://www.securitytracker.com/id?1021795 34383 http://secunia.com/advisories/34383 34527 http://secunia.com/advisories/34527 DSA-1751 http://www.debian.org/security/2009/dsa-1751 FEDORA-2009-3101 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html http://www.mozilla.org/security/announce/2009/mfsa2009-07.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=424276%2C435209%2C436965%2C460706%2C466057%2C468578%2C471594%2C472502 oval:org.mitre.oval:def:11314 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11314 oval:org.mitre.oval:def:5250 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5250 oval:org.mitre.oval:def:6163 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6163 oval:org.mitre.oval:def:6196 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6196 oval:org.mitre.oval:def:6755 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6755 Common Vulnerability Exposure (CVE) ID: CVE-2009-0772 34387 http://secunia.com/advisories/34387 34417 http://secunia.com/advisories/34417 RHSA-2009:0258 http://www.redhat.com/support/errata/RHSA-2009-0258.html USN-741-1 https://usn.ubuntu.com/741-1/ https://bugzilla.mozilla.org/show_bug.cgi?id=475136 oval:org.mitre.oval:def:5703 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5703 oval:org.mitre.oval:def:5945 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5945 oval:org.mitre.oval:def:6097 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6097 oval:org.mitre.oval:def:6811 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6811 oval:org.mitre.oval:def:9609 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9609 Common Vulnerability Exposure (CVE) ID: CVE-2009-0773 https://bugzilla.mozilla.org/show_bug.cgi?id=457521 https://bugzilla.mozilla.org/show_bug.cgi?id=467499 https://bugzilla.mozilla.org/show_bug.cgi?id=472787 oval:org.mitre.oval:def:10491 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10491 oval:org.mitre.oval:def:5856 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5856 oval:org.mitre.oval:def:5980 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5980 oval:org.mitre.oval:def:6141 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6141 oval:org.mitre.oval:def:6708 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6708 Common Vulnerability Exposure (CVE) ID: CVE-2009-0774 https://bugzilla.mozilla.org/show_bug.cgi?id=473709 oval:org.mitre.oval:def:11138 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11138 oval:org.mitre.oval:def:5947 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5947 oval:org.mitre.oval:def:6057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6057 oval:org.mitre.oval:def:6121 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6121 oval:org.mitre.oval:def:6945 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6945 Common Vulnerability Exposure (CVE) ID: CVE-2009-0775 1021796 http://www.securitytracker.com/id?1021796 http://www.mozilla.org/security/announce/2009/mfsa2009-08.html https://bugzilla.mozilla.org/show_bug.cgi?id=474456 oval:org.mitre.oval:def:5806 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5806 oval:org.mitre.oval:def:5816 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5816 oval:org.mitre.oval:def:6207 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6207 oval:org.mitre.oval:def:7584 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7584 oval:org.mitre.oval:def:9681 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9681 Common Vulnerability Exposure (CVE) ID: CVE-2009-0776 1021797 http://www.securitytracker.com/id?1021797 http://www.mozilla.org/security/announce/2009/mfsa2009-09.html https://bugzilla.mozilla.org/show_bug.cgi?id=414540 oval:org.mitre.oval:def:5956 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5956 oval:org.mitre.oval:def:6017 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6017 oval:org.mitre.oval:def:6191 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6191 oval:org.mitre.oval:def:7390 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7390 oval:org.mitre.oval:def:9241 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9241 Common Vulnerability Exposure (CVE) ID: CVE-2009-0777 1021799 http://securitytracker.com/alerts/2009/Mar/1021799.html http://www.mozilla.org/security/announce/2009/mfsa2009-11.html https://bugzilla.mozilla.org/show_bug.cgi?id=452979 mozilla-invisible-url-spoofing(49087) https://exchange.xforce.ibmcloud.com/vulnerabilities/49087 oval:org.mitre.oval:def:11222 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11222 oval:org.mitre.oval:def:6039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6039 oval:org.mitre.oval:def:6157 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6157 oval:org.mitre.oval:def:6229 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6229 oval:org.mitre.oval:def:7435 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7435
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.