Mandriva Update For Firefox MDVSA-2010:000 (firefox) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Security issues were identified and fixed in firefox 3.5.x: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array (CVE-2010-0220). Additionally, some packages which require so, have been rebuilt and are being provided as updates.

Affected

firefox on Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64

Severity

Classification

CVE CVE-2010-0220

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:105 (memcached)
Mandrake Security Advisory MDVSA-2009:025 (pidgin)
Mandrake Security Advisory MDVSA-2009:193 (ruby)
Mandrake Security Advisory MDVSA-2009:068-1 (poppler)
Mandrake Security Advisory MDVSA-2009:010 (qemu)

Mandriva Update for firefox MDVSA-2010:000 (firefox)

Take action and discover your vulnerabilities