Test ID:	1.3.6.1.4.1.25623.1.0.880954
Category:	CentOS Local Security Checks
Title:	CentOS Update for firefox CESA-2011:0885 centos4 i386
Summary:	The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the referenced advisory. Vulnerability Insight: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2377) Multiple dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376) An integer overflow flaw was found in the way Firefox handled JavaScript Array objects. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2371) A use-after-free flaw was found in the way Firefox handled malformed JavaScript. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2373) It was found that Firefox could treat two separate cookies as interchangeable if both were for the same domain name but one of those domain names had a trailing '.' character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain. (CVE-2011-2362) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.18. You can find a link to the Mozilla advisories in the References section of this erratum. This update also fixes the following bug: * With previous versions of Firefox on Red Hat Enterprise Linux 5, the 'background-repeat' CSS (Cascading Style Sheets) property did not work (such images were not displayed and repeated as expected). (BZ#698313) All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. Affected Software/OS: firefox on CentOS 4 Solution: Please install the updated packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0083 Debian Security Information: DSA-2268 (Google Search) http://www.debian.org/security/2011/dsa-2268 Debian Security Information: DSA-2269 (Google Search) http://www.debian.org/security/2011/dsa-2269 Debian Security Information: DSA-2273 (Google Search) http://www.debian.org/security/2011/dsa-2273 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13543 http://www.redhat.com/support/errata/RHSA-2011-0885.html http://www.redhat.com/support/errata/RHSA-2011-0886.html http://www.redhat.com/support/errata/RHSA-2011-0887.html http://www.redhat.com/support/errata/RHSA-2011-0888.html http://secunia.com/advisories/45002 SuSE Security Announcement: SUSE-SA:2011:028 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://www.ubuntu.com/usn/USN-1149-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-0085 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14432 Common Vulnerability Exposure (CVE) ID: CVE-2011-2362 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13693 Common Vulnerability Exposure (CVE) ID: CVE-2011-2363 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14046 Common Vulnerability Exposure (CVE) ID: CVE-2011-2364 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13318 Common Vulnerability Exposure (CVE) ID: CVE-2011-2365 BugTraq ID: 48368 http://www.securityfocus.com/bid/48368 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14184 Common Vulnerability Exposure (CVE) ID: CVE-2011-2371 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13987 http://securityreason.com/securityalert/8472 Common Vulnerability Exposure (CVE) ID: CVE-2011-2373 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14178 XForce ISS Database: thunderbird-xul-code-exec(68133) https://exchange.xforce.ibmcloud.com/vulnerabilities/68133 Common Vulnerability Exposure (CVE) ID: CVE-2011-2374 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14123 XForce ISS Database: thunderbird-memory-ce(68128) https://exchange.xforce.ibmcloud.com/vulnerabilities/68128 Common Vulnerability Exposure (CVE) ID: CVE-2011-2375 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14071 Common Vulnerability Exposure (CVE) ID: CVE-2011-2376 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14396 Common Vulnerability Exposure (CVE) ID: CVE-2011-2377 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13872
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.