Executive Summary
Summary | |
---|---|
Title | firefox security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:0449 | First vendor Publication | 2009-04-27 |
Vendor | RedHat | Last vendor Modification | 2009-04-27 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) For technical details regarding this flaw, refer to the Mozilla security advisory for Firefox 3.0.10. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.10, which corrects this issue. After installing the update, Firefox must be restarted for the change to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 497447 - CVE-2009-1313 Firefox crash in nsTextFrame::ClearTextRun() |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-0449.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10446 | |||
Oval ID: | oval:org.mitre.oval:def:10446 | ||
Title: | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||
Description: | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1313 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22781 | |||
Oval ID: | oval:org.mitre.oval:def:22781 | ||
Title: | ELSA-2009:0449: firefox security update (Critical) | ||
Description: | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0449-01 CVE-2009-1313 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28736 | |||
Oval ID: | oval:org.mitre.oval:def:28736 | ||
Title: | RHSA-2009:0449 -- firefox security update (Critical) | ||
Description: | Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0449 CESA-2009:0449-CentOS 5 CVE-2009-1313 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0449 centos4 i386 File : nvt/gb_CESA-2009_0449_firefox_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0449 centos5 i386 File : nvt/gb_CESA-2009_0449_firefox_centos5_i386.nasl |
2009-10-11 | Name : SLES11: Security update for Mozilla Firefox File : nvt/sles11_MozillaFirefox2.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:111 (firefox) File : nvt/mdksa_2009_111.nasl |
2009-06-05 | Name : Ubuntu USN-761-2 (php5) File : nvt/ubuntu_761_2.nasl |
2009-06-05 | Name : Ubuntu USN-765-1 (xulrunner-1.9) File : nvt/ubuntu_765_1.nasl |
2009-06-05 | Name : Ubuntu USN-766-1 (acpid) File : nvt/ubuntu_766_1.nasl |
2009-06-05 | Name : Ubuntu USN-767-1 (freetype) File : nvt/ubuntu_767_1.nasl |
2009-05-20 | Name : Mandrake Security Advisory MDVSA-2009:111-1 (firefox) File : nvt/mdksa_2009_111_1.nasl |
2009-05-07 | Name : Mozilla Firefox DoS Vulnerability May-09 (Linux) File : nvt/gb_firefox_dos_vuln_may09_lin.nasl |
2009-05-07 | Name : Mozilla Firefox DoS Vulnerability May-09 (Win) File : nvt/gb_firefox_dos_vuln_may09_win.nasl |
2009-05-05 | Name : RedHat Security Advisory RHSA-2009:0449 File : nvt/RHSA_2009_0449.nasl |
2009-05-05 | Name : Fedora Core 9 FEDORA-2009-4078 (xulrunner) File : nvt/fcore_2009_4078.nasl |
2009-05-05 | Name : Fedora Core 10 FEDORA-2009-4083 (epiphany) File : nvt/fcore_2009_4083.nasl |
2009-05-05 | Name : CentOS Security Advisory CESA-2009:0449 (firefox) File : nvt/ovcesa2009_0449.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-118-01 mozilla-firefox File : nvt/esoft_slk_ssa_2009_118_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54174 | Mozilla Firefox layout/generic/nsTextFrameThebes.cpp nsTextFrame::ClearTextRu... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla Firefox ClearTextRun exploit attempt RuleID : 17719 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox ClearTextRun exploit attempt RuleID : 16284 - Revision : 8 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0449.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0449.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-111.nasl - Type : ACT_GATHER_INFO |
2009-04-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-118-01.nasl - Type : ACT_GATHER_INFO |
2009-04-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-765-1.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-4078.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-4083.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3010.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0449.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:28 |
|