|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200605-06] Mozilla Firefox: Potential remote code execution Vulnerability Scan
Vulnerability Scan Summary
Mozilla Firefox: Potential remote code execution
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200605-06
(Mozilla Firefox: Potential remote code execution)
Martijn Wargers and Nick Mott discovered a vulnerability when
rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is
not affected.
Impact
If JavaScript is enabled, by tricking a user into visiting a
malicious web page which would send a specially crafted HTML script
that contains references to deleted objects with the "designMode"
property enabled, a possible hacker can crash the web browser and in theory
manage to execute arbitrary code with the rights of the user running
the browser.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1993
Solution:
All Mozilla Firefox 1.5 users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.3"
All Mozilla Firefox 1.5 binary users should upgrade to the
latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.3"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
