Summary
The remote host is missing an update to firefox
announced via advisory MDVSA-2009:182.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:182 http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.12
Insight
Security vulnerabilities have been discovered and corrected in Mozilla Firefox 3.0.x:
Several flaws were discovered in the Firefox browser and JavaScript engines, which could allow a malicious website to cause a denial of service or possibly execute arbitrary code with user privileges. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2468, CVE-2009-2471)
Attila Suszter discovered a flaw in the way Firefox processed Flash content, which could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2467)
It was discovered that Firefox did not properly handle some SVG content, which could lead to a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2469)
A flaw was discovered in the JavaScript engine which could be used to perform cross-site scripting attacks. (CVE-2009-2472)
This update provides the latest Mozilla Firefox 3.0.x to correct these issues.
Additionally, some packages which require so, have been rebuilt and are being provided as updates.
Affected: 2009.0, 2009.1
Severity
Classification
-
CVE CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2468, CVE-2009-2469, CVE-2009-2471, CVE-2009-2472 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities