Executive Summary

Summary
Title firefox security update
Informations
Name RHSA-2009:1530 First vendor Publication 2009-10-27
Vendor RedHat Last vendor Modification 2009-10-27
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR).

A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370)

A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274)

A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3372)

A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3373)

A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563)

A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375)

A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382)

For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.15. You can find a link to the Mozilla advisories in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.15, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use 530151 - CVE-2009-3370 Firefox form history vulnerable to stealing 530155 - CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing 530156 - CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser 530157 - CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS() 530162 - CVE-2009-1563 Firefox heap buffer overflow in string to number conversion 530167 - CVE-2009-3375 Firefox cross-origin data theft through document.getSelection() 530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override 530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption 530569 - CVE-2009-3382 Firefox crashes with evidence of memory corruption

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-1530.html

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-264 Permissions, Privileges, and Access Controls
25 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10440
 
Oval ID: oval:org.mitre.oval:def:10440
Title: content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
Description: content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3375
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10684
 
Oval ID: oval:org.mitre.oval:def:10684
Title: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
Description: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3373
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10836
 
Oval ID: oval:org.mitre.oval:def:10836
Title: Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
Description: Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3370
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10977
 
Oval ID: oval:org.mitre.oval:def:10977
Title: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
Description: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3372
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11218
 
Oval ID: oval:org.mitre.oval:def:11218
Title: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
Description: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3376
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11219
 
Oval ID: oval:org.mitre.oval:def:11219
Title: layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
Description: layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3382
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13156
 
Oval ID: oval:org.mitre.oval:def:13156
Title: DSA-1922-1 xulrunner -- several
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3380 Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler and Boris Zbarsky reported crashes in layout engine, which might allow the execution of arbitrary code. CVE-2009-3382 Carsten Book reported a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3376 Jesse Ruderman and Sid Stamm discovered spoofing vulnerability in the file download dialog. CVE-2009-3375 Gregory Fleischer discovered a bypass of the same-origin policy using the document.getSelection function. CVE-2009-3374 "moz_bug_r_a4" discovered a privilege escalation to Chrome status in the XPCOM utility XPCVariant::VariantDataToJS. CVE-2009-3373 "regenrecht" discovered a buffer overflow in the GIF parser, which might lead to the execution of arbitrary code. CVE-2009-3372 Marco C. discovered that a programming error in the proxy auto configuration code might lead to denial of service or the execution of arbitrary code. CVE-2009-3274 Jeremy Brown discovered that the filename of a downloaded file which is opened by the user is predictable, which might lead to tricking the user into a malicious file if the attacker has local access to the system. CVE-2009-3370 Paul Stone discovered that history information from web forms could be stolen. For the stable distribution, these problems have been fixed in version 1.9.0.15-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.1.4-1. We recommend that you upgrade your xulrunner packages.
Family: unix Class: patch
Reference(s): DSA-1922-1
CVE-2009-3274
CVE-2009-3370
CVE-2009-3372
CVE-2009-3373
CVE-2009-3374
CVE-2009-3375
CVE-2009-3376
CVE-2009-3380
CVE-2009-3382
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5581
 
Oval ID: oval:org.mitre.oval:def:5581
Title: Mozilla Firefox 3.0.x before 3.0.15 cause a denial of service in layout/base/nsCSSFrameConstructor.cpp
Description: layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3382
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5935
 
Oval ID: oval:org.mitre.oval:def:5935
Title: Remote bypass vulnerability in content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 via the document.getSelection function
Description: content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3375
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6347
 
Oval ID: oval:org.mitre.oval:def:6347
Title: Arbitrary code execution in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 ia a crafted regular expression in a Proxy Auto-configuration (PAC) file.
Description: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3372
Version: 17
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6455
 
Oval ID: oval:org.mitre.oval:def:6455
Title: Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events
Description: Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3370
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6541
 
Oval ID: oval:org.mitre.oval:def:6541
Title: Spoofed file extensions via a crafted filename containing Unicode character in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0
Description: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3376
Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6548
 
Oval ID: oval:org.mitre.oval:def:6548
Title: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 via unspecified vectors.
Description: Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3373
Version: 17
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6565
 
Oval ID: oval:org.mitre.oval:def:6565
Title: Vulnerability in the XPCVariant::VariantDataToJS function in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4
Description: The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3374
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6580
 
Oval ID: oval:org.mitre.oval:def:6580
Title: Multiple vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 to cause a denial of service
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3380
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7945
 
Oval ID: oval:org.mitre.oval:def:7945
Title: DSA-1922 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler and Boris Zbarsky reported crashes in layout engine, which might allow the execution of arbitrary code. Carsten Book reported a crash in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman and Sid Stamm discovered spoofing vulnerability in the file download dialog. Gregory Fleischer discovered a bypass of the same-origin policy using the document.getSelection() function. "moz_bug_r_a4" discovered a privilege escalation to Chrome status in the XPCOM utility XPCVariant::VariantDataToJS. "regenrecht" discovered a buffer overflow in the GIF parser, which might lead to the execution of arbitrary code. Marco C. discovered that a programming error in the proxy auto configuration code might lead to denial of service or the execution of arbitrary code. Jeremy Brown discovered that the filename of a downloaded file which is opened by the user is predictable, which might lead to tricking the user into a malicious file if the attacker has local access to the system. Paul Stone discovered that history information from web forms could be stolen.
Family: unix Class: patch
Reference(s): DSA-1922
CVE-2009-3274
CVE-2009-3370
CVE-2009-3372
CVE-2009-3373
CVE-2009-3374
CVE-2009-3375
CVE-2009-3376
CVE-2009-3380
CVE-2009-3382
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8888
 
Oval ID: oval:org.mitre.oval:def:8888
Title: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Description: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1563
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9463
 
Oval ID: oval:org.mitre.oval:def:9463
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3380
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9641
 
Oval ID: oval:org.mitre.oval:def:9641
Title: Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information.
Description: Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3274
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9789
 
Oval ID: oval:org.mitre.oval:def:9789
Title: The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
Description: The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."
Family: unix Class: vulnerability
Reference(s): CVE-2009-3374
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 44
Application 44

ExploitDB Exploits

id Description
2013-08-19 Mozilla Firefox 3.5.4 - Local Color Map Exploit
2009-11-19 Opera 10.01 Remote Array Overrun
2009-11-19 K-Meleon 1.5.3 Remote Array Overrun
2009-11-19 SeaMonkey 1.1.8 Remote Array Overrun
2009-11-19 KDE KDELibs 4.3.3 Remote Array Overrun

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386
File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:1531 centos4 i386
File : nvt/gb_CESA-2009_1531_seamonkey_centos4_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:1531 centos3 i386
File : nvt/gb_CESA-2009_1531_seamonkey_centos3_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:1530 centos4 i386
File : nvt/gb_CESA-2009_1530_firefox_centos4_i386.nasl
2010-04-29 Name : Fedora Update for seamonkey FEDORA-2010-7100
File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl
2010-03-30 Name : FreeBSD Ports: seamonkey, linux-seamonkey
File : nvt/freebsd_seamonkey.nasl
2010-03-22 Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1
File : nvt/gb_ubuntu_USN_915_1.nasl
2010-03-22 Name : RedHat Update for thunderbird RHSA-2010:0154-02
File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl
2010-03-22 Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386
File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:290-1 (firefox)
File : nvt/mdksa_2009_290_1.nasl
2009-11-23 Name : Ubuntu USN-853-1 (xulrunner-1.9.1)
File : nvt/ubuntu_853_1.nasl
2009-11-11 Name : SLES10: Security update for Mozilla Firefox
File : nvt/sles10_MozillaFirefox7.nasl
2009-11-11 Name : SLES10: Security update for Mozilla XULRunner
File : nvt/sles10_mozilla-xulrunn0.nasl
2009-11-11 Name : SLES11: Security update for Mozilla Firefox
File : nvt/sles11_MozillaFirefox7.nasl
2009-11-11 Name : SLES11: Security update for Mozilla XULRunner
File : nvt/sles11_mozilla-xulrunn1.nasl
2009-11-11 Name : SuSE Security Advisory SUSE-SA:2009:052 (MozillaFirefox)
File : nvt/suse_sa_2009_052.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1531 (seamonkey)
File : nvt/ovcesa2009_1531.nasl
2009-11-11 Name : CentOS Security Advisory CESA-2009:1530 (firefox)
File : nvt/ovcesa2009_1530.nasl
2009-11-11 Name : Mandriva Security Advisory MDVSA-2009:290 (firefox)
File : nvt/mdksa_2009_290.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1531
File : nvt/RHSA_2009_1531.nasl
2009-11-11 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox42.nasl
2009-11-11 Name : Fedora Core 10 FEDORA-2009-10981 (blam)
File : nvt/fcore_2009_10981.nasl
2009-11-11 Name : Fedora Core 11 FEDORA-2009-10878 (chmsee)
File : nvt/fcore_2009_10878.nasl
2009-11-11 Name : Debian Security Advisory DSA 1931-1 (nspr)
File : nvt/deb_1931_1.nasl
2009-11-11 Name : Debian Security Advisory DSA 1922-1 (xulrunner)
File : nvt/deb_1922_1.nasl
2009-11-11 Name : RedHat Security Advisory RHSA-2009:1530
File : nvt/RHSA_2009_1530.nasl
2009-11-04 Name : Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Win)
File : nvt/gb_seamonkey_mult_vuln_nov09_win.nasl
2009-11-04 Name : Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Linux)
File : nvt/gb_seamonkey_mult_vuln_nov09_lin.nasl
2009-11-02 Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Win)
File : nvt/gb_firefox_mult_vuln_nov09_win.nasl
2009-11-02 Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Linux)
File : nvt/gb_firefox_mult_vuln_nov09_lin.nasl
2009-11-02 Name : Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Win)
File : nvt/gb_firefox_dos_vuln_nov09_win.nasl
2009-11-02 Name : Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Linux)
File : nvt/gb_firefox_dos_vuln_nov09_lin.nasl
2009-09-23 Name : Insecure Saving Of Downloadable File In Mozilla Firefox (Linux)
File : nvt/secpod_firefox_insecure_saving_download_file.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
61091 Mozilla Multiple Products libc dtoa Implementation Floating Point Parsing Mem...

59394 Mozilla Multiple Browsers Proxy Auto-configuration (PAC) File Regular Express...

59393 Mozilla Multiple Browsers GIF Color Map Parser Overflow

59392 Mozilla Firefox XPCOM XPCVariant::VariantDataToJS Utility Chrome Privileged J...

59391 Mozilla Firefox Key Event Javascript Methods Form History Remote Disclosure

59390 Mozilla Firefox document.getSelection Function Cross-origin Data Disclosure

59389 Mozilla Multiple Browsers Filename Right-to-left (RTL) Override Character Dow...

59384 Mozilla Firefox Browser Engine nsCachedStyleData::GetStyleDisplay Function Me...

59381 Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3...

57844 Mozilla Firefox on Linux Temporary File Download Manipulation Weakness

Snort® IPS/IDS

Date Description
2017-12-21 Mozilla Firefox browser engine memory corruption attempt
RuleID : 44978 - Revision : 2 - Type : BROWSER-FIREFOX
2014-03-06 Mozilla Firefox browser engine memory corruption attempt
RuleID : 29579 - Revision : 2 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox browser engine memory corruption attempt
RuleID : 16347 - Revision : 5 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0001_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1531.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1530.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091027_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091027_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6609.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-nspr-6631.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6617.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-294.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12616.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-04-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO
2010-03-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO
2010-03-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2010-03-22 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20024.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1922.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1931.nasl - Type : ACT_GATHER_INFO
2010-01-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0001.nasl - Type : ACT_GATHER_INFO
2009-12-04 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-290.nasl - Type : ACT_GATHER_INFO
2009-11-12 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-853-2.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-nspr-6630.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-nspr-091103.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO
2009-11-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-091102.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-091103.nasl - Type : ACT_GATHER_INFO
2009-11-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-10981.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-091030.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6616.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-091030.nasl - Type : ACT_GATHER_INFO
2009-11-04 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6606.nasl - Type : ACT_GATHER_INFO
2009-11-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-853-1.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_20.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-10878.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_354.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3015.nasl - Type : ACT_GATHER_INFO
2009-10-29 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c87aa2d2c3c411deab08000f20797ede.nasl - Type : ACT_GATHER_INFO
2009-10-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO
2009-10-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:52:59
  • Multiple Updates