Description: | Summary: The remote host is missing an update for the 'firefox' package(s) announced via the referenced advisory.
Vulnerability Insight: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
A flaw was found in Sanitiser for OpenType (OTS), used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3062)
A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469)
A web page containing a malicious Scalable Vector Graphics (SVG) image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0470)
A flaw was found in the way Firefox used its embedded Cairo library to render certain fonts. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0472)
A flaw was found in the way Firefox rendered certain images using WebGL. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0478)
A cross-site scripting (XSS) flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2012-0471)
A flaw was found in the way Firefox rendered certain graphics using WebGL. A web page containing malicious content could cause Firefox to crash. (CVE-2012-0473)
A flaw in Firefox allowed the address bar to display a different website than the one the user was visiting. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site, or allowing scripts to be loaded from the attacker's site, possibly leading to cross-site scripting (XSS) attacks. (CVE-2012-0474)
A flaw was found in the way Firefox decoded the ISO-2022-KR and ISO-2022-CN character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2012-0477)
A flaw was found in the way Firefox handled RSS and Atom feeds. Invalid RSS or Atom content loaded ov ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS: firefox on CentOS 6
Solution: Please install the updated packages.
CVSS Score: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
|