|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200503-10] Mozilla Firefox: Various vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Mozilla Firefox: Various vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200503-10
(Mozilla Firefox: Various vulnerabilities)
Impact
By setting up malicious websites and convincing users to
follow untrusted links or obey very specific drag-and-drop or download
instructions, attackers may leverage the various spoofing issues to
fake other websites to get access to confidential information, push
users to download malicious files or make them interact with their
browser preferences.
The temporary directory issue allows
local attackers to overwrite arbitrary files with the rights of another
local user.
The overflow issues, while not thought to be
exploitable, may allow a malicious downloaded page to execute arbitrary
code with the rights of the user viewing the page.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0593
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Solution:
All Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0.1"
All Firefox binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0.1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|