Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.881846 |
Category: | CentOS Local Security Checks |
Title: | CentOS Update for firefox CESA-2013:1812 centos6 |
Summary: | The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'firefox' package(s) announced via the referenced advisory. Vulnerability Insight: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Firefox rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross-site scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5614) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson Smith, and Atte Kettunen as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.2.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.2.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. Affected Software/OS: firefox on CentOS 6 Solution: Please install the updated packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-5609 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html https://security.gentoo.org/glsa/201504-01 RedHat Security Advisories: RHSA-2013:1812 http://rhn.redhat.com/errata/RHSA-2013-1812.html http://www.securitytracker.com/id/1029470 http://www.securitytracker.com/id/1029476 SuSE Security Announcement: SUSE-SU-2013:1919 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html SuSE Security Announcement: openSUSE-SU-2013:1916 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html SuSE Security Announcement: openSUSE-SU-2013:1917 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html SuSE Security Announcement: openSUSE-SU-2013:1918 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html SuSE Security Announcement: openSUSE-SU-2013:1957 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00119.html SuSE Security Announcement: openSUSE-SU-2013:1958 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00120.html SuSE Security Announcement: openSUSE-SU-2013:1959 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-12/msg00121.html SuSE Security Announcement: openSUSE-SU-2014:0008 (Google Search) http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html http://www.ubuntu.com/usn/USN-2052-1 http://www.ubuntu.com/usn/USN-2053-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-5612 BugTraq ID: 64205 http://www.securityfocus.com/bid/64205 Common Vulnerability Exposure (CVE) ID: CVE-2013-5613 Common Vulnerability Exposure (CVE) ID: CVE-2013-5614 Common Vulnerability Exposure (CVE) ID: CVE-2013-5616 Common Vulnerability Exposure (CVE) ID: CVE-2013-5618 Common Vulnerability Exposure (CVE) ID: CVE-2013-6671 BugTraq ID: 64212 http://www.securityfocus.com/bid/64212 |
Copyright | Copyright (C) 2013 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |