Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Gentoo Local Security Checks --> Category: infos

[GLSA-200701-02] Mozilla Firefox: Multiple vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
Mozilla Firefox: Multiple vulnerabilities

Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200701-02
(Mozilla Firefox: Multiple vulnerabilities)


An anonymous researcher found evidence of memory corruption in the way
Mozilla Firefox handles certain types of SVG comment DOM nodes.
Additionally, Frederik Reiss discovered a heap-based buffer overflow in
the conversion of a CSS cursor. Other issues with memory corruption
were also fixed. Mozilla Firefox also contains less severe
vulnerabilities involving JavaScript and Java.

Impact

A possible hacker could entice a user to view a specially crafted web page
that will trigger one of the vulnerabilities, possibly leading to the
execution of arbitrary code. It is also possible for a possible hacker to
perform cross-site scripting attacks, leading to the exposure of
sensitive information, like user credentials.

Workaround

There are no known workarounds for all the issues at this time.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6501
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6502
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6503
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6506
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6507


Solution:
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.9"
All Mozilla Firefox binary release users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.9"


Threat Level: Medium


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

 Vulnerability Scanning Solutions, LLC.