Solution
Please Install the Updated Packages.
Insight
A vulnerability was discovered and corrected in xulrunner:
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, when JavaScript is enabled, allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in October 2010 by the Belmoo malware (CVE-2010-3765).
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149& products_id=490
The updated packages have been patched to correct this issue.
Affected
xulrunner on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64
Severity
Classification
-
CVE CVE-2010-3765 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities