Summary
The remote host is missing an update to firefox
announced via advisory FEDORA-2009-3099.
Solution
Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update firefox' at the command line.
For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3099
Insight
Update Information:
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044)
This update also provides depending packages rebuilt against new Firefox version. Miro updates to upstream 2.0.3. Provides new features and fixes various bugs in 1.2.x series
ChangeLog:
* Fri Mar 27 2009 Christopher Aillon - 3.0.8-1
- Update to 3.0.8
* Wed Mar 4 2009 Jan Horak - 3.0.7-1
- Update to 3.0.7
Severity
Classification
-
CVE CVE-2009-1044, CVE-2009-1169 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities