Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.881082
Category:CentOS Local Security Checks
Title:CentOS Update for firefox CESA-2012:0515 centos6
Summary:The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'firefox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

A flaw was found in Sanitiser for OpenType (OTS), used by Firefox to help
prevent potential exploits in malformed OpenType fonts. A web page
containing malicious content could cause Firefox to crash or, under certain
conditions, possibly execute arbitrary code with the privileges of the user
running Firefox. (CVE-2011-3062)

A web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)

A web page containing a malicious Scalable Vector Graphics (SVG) image file
could cause Firefox to crash or, potentially, execute arbitrary code with
the privileges of the user running Firefox. (CVE-2012-0470)

A flaw was found in the way Firefox used its embedded Cairo library to
render certain fonts. A web page containing malicious content could cause
Firefox to crash or, under certain conditions, possibly execute arbitrary
code with the privileges of the user running Firefox. (CVE-2012-0472)

A flaw was found in the way Firefox rendered certain images using WebGL. A
web page containing malicious content could cause Firefox to crash or,
under certain conditions, possibly execute arbitrary code with the
privileges of the user running Firefox. (CVE-2012-0478)

A cross-site scripting (XSS) flaw was found in the way Firefox handled
certain multibyte character sets. A web page containing malicious content
could cause Firefox to run JavaScript code with the permissions of a
different website. (CVE-2012-0471)

A flaw was found in the way Firefox rendered certain graphics using WebGL.
A web page containing malicious content could cause Firefox to crash.
(CVE-2012-0473)

A flaw in Firefox allowed the address bar to display a different website
than the one the user was visiting. An attacker could use this flaw to
conceal a malicious URL, possibly tricking a user into believing they are
viewing a trusted site, or allowing scripts to be loaded from the
attacker's site, possibly leading to cross-site scripting (XSS) attacks.
(CVE-2012-0474)

A flaw was found in the way Firefox decoded the ISO-2022-KR and ISO-2022-CN
character sets. A web page containing malicious content could cause Firefox
to run JavaScript code with the permissions of a different website.
(CVE-2012-0477)

A flaw was found in the way Firefox handled RSS and Atom feeds. Invalid
RSS or Atom content loaded ov ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
firefox on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3062
http://www.mandriva.com/security/advisories?name=MDVSA-2012:066
http://www.mandriva.com/security/advisories?name=MDVSA-2012:081
http://osvdb.org/80740
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15488
http://www.securitytracker.com/id?1026877
http://secunia.com/advisories/48618
http://secunia.com/advisories/48691
http://secunia.com/advisories/48763
http://secunia.com/advisories/48972
http://secunia.com/advisories/49047
http://secunia.com/advisories/49055
XForce ISS Database: chrome-sanitizer-code-exec(74412)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74412
Common Vulnerability Exposure (CVE) ID: CVE-2012-0467
BugTraq ID: 53223
http://www.securityfocus.com/bid/53223
Debian Security Information: DSA-2457 (Google Search)
http://www.debian.org/security/2012/dsa-2457
Debian Security Information: DSA-2458 (Google Search)
http://www.debian.org/security/2012/dsa-2458
Debian Security Information: DSA-2464 (Google Search)
http://www.debian.org/security/2012/dsa-2464
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17074
http://secunia.com/advisories/48920
http://secunia.com/advisories/48922
Common Vulnerability Exposure (CVE) ID: CVE-2012-0468
BugTraq ID: 53221
http://www.securityfocus.com/bid/53221
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16771
Common Vulnerability Exposure (CVE) ID: CVE-2012-0469
BugTraq ID: 53220
http://www.securityfocus.com/bid/53220
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16734
Common Vulnerability Exposure (CVE) ID: CVE-2012-0470
BugTraq ID: 53225
http://www.securityfocus.com/bid/53225
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16989
Common Vulnerability Exposure (CVE) ID: CVE-2012-0471
BugTraq ID: 53219
http://www.securityfocus.com/bid/53219
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16961
Common Vulnerability Exposure (CVE) ID: CVE-2012-0472
BugTraq ID: 53218
http://www.securityfocus.com/bid/53218
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17067
Common Vulnerability Exposure (CVE) ID: CVE-2012-0473
BugTraq ID: 53231
http://www.securityfocus.com/bid/53231
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16113
Common Vulnerability Exposure (CVE) ID: CVE-2012-0474
BugTraq ID: 53228
http://www.securityfocus.com/bid/53228
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16107
Common Vulnerability Exposure (CVE) ID: CVE-2012-0477
BugTraq ID: 53229
http://www.securityfocus.com/bid/53229
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16889
XForce ISS Database: firefox-iso2022kr-xss(75154)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75154
Common Vulnerability Exposure (CVE) ID: CVE-2012-0478
BugTraq ID: 53227
http://www.securityfocus.com/bid/53227
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16893
XForce ISS Database: firefox-teximage2d-dos(75155)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75155
Common Vulnerability Exposure (CVE) ID: CVE-2012-0479
BugTraq ID: 53224
http://www.securityfocus.com/bid/53224
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17011
XForce ISS Database: firefox-rss-spoofing(75156)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75156
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.