Solution
Please Install the Updated Packages.
Insight
Mozilla Firefox is an open source Web browser.
Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)
Several flaws were found in the way malformed web content was displayed. A web page containing specially-crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-2800)
Two local file disclosure flaws were found in Firefox. A web page containing malicious content could cause Firefox to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)
A flaw was found in the way a malformed .properties file was processed by Firefox. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807)
A flaw was found in the way Firefox escaped a listing of local file names.
If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Firefox. (CVE-2008-2808)
A flaw was found in the way Firefox displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site.
(CVE-2008-2809)
All Mozilla Firefox users should upgrade to this updated package, which contains backported patches that correct these issues.
Affected
firefox on CentOS 4
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities