The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-0449 advisory.

    firefox:

    [3.0.10-1.0.1.el5]
    - Update firstrun and homepage URLs
    - Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html       and removed the corresponding  Red Hat ones
    - Added patch oracle-firefox-branding.patch

    [3.0.10-1]
    - Update to 3.0.10

    xulrunner:

    [1.9.0.10-1.0.1.el5]
    - Added xulrunner-oracle-default-prefs.js and removed the corresponding       RedHat one

    [1.9.0.10-1]
    - Update to 1.9.0.10

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-201301-01 (Mozilla Products: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Firefox,       Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner. Please review the       CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to view a specially crafted web       page or email, possibly resulting in execution of arbitrary code or a       Denial of Service condition. Furthermore, a remote attacker may be able       to perform Man-in-the-Middle attacks, obtain sensitive information,       bypass restrictions and protection mechanisms, force file downloads,       conduct XML injection attacks, conduct XSS attacks, bypass the Same       Origin Policy, spoof URL&rsquo;s for phishing attacks, trigger a vertical       scroll, spoof the location bar, spoof an SSL indicator, modify the       browser&rsquo;s font, conduct clickjacking attacks, or have other unspecified       impact.
    A local attacker could gain escalated privileges, obtain sensitive       information, or replace an arbitrary downloaded file.
  Workaround :

    There is no known workaround at this time.

Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.

A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1313)

For technical details regarding this flaw, refer to the Mozilla security advisory for Firefox 3.0.10. You can find a link to the Mozilla advisories in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.10, which corrects this issue. After installing the update, Firefox must be restarted for the change to take effect.

Firefox version upgrade to 3.0.10 to fix a crash in nsTextFrame::ClearTextRun(). (CVE-2009-1313)

Firefox version upgrade to 3.0.10 to fix a crash in nsTextFrame::ClearTextRun() (CVE-2009-1313).

Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.10.
(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312, CVE-2009-1313)

This update provides the latest Mozilla Firefox 3.x to correct these issues.

Additionally, some packages which require so, have been rebuilt and are being provided as updates.

Update :

The recent Mozilla Firefox update missed the Firefox language packs for Mandriva Linux 2009. This update provides them, fixing the issue.

It was discovered that the upstream security fixes in USN-764-1 introduced a regression which could cause the browser to crash. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New mozilla-firefox packages are available for Slackware 12.2 and
-current to fix security issues. The updated packages may also be used with Slackware 11.0 or newer.

The version of Firefox installed on the remote host is earlier than 3.0.10.  Such versions have multiple vulnerabilities :

  - An error in function '@nsTextFrame::ClearTextRun()' could     corrupt the memory. Successful exploitation of this issue     may allow arbitrary code execution on the remote system.     Note this reportedly only affects 3.0.9. (MFSA 2009-23)

  - The browser processes a 3xx HTTP CONNECT response before     a successful SSL handshake, which could allow a man-in-     the-middle attacker to execute arbitrary web script in the     context of a HTTPS server. (CVE-2009-2061)

The remote Redhat Enterprise Linux 4 / 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2009:0449 advisory.

  - Firefox crash in nsTextFrame::ClearTextRun() (CVE-2009-1313)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Update to Firefox 3.0.10 fixing one security issue:
http://www.mozilla.org/security/known- vulnerabilities/firefox30.html#firefox3.0.10 Depending packages rebuilt against new Firefox are also included in this update.
Additional bugs fixed in other packages: - totem: Fix YouTube plugin following website changes

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The installed version of Firefox is 3.0.9. This version is potentially affected by a memory corruption vulnerability. Specifically : 

 - An error in function '@nsTextFrame: : ClearTextRun()' could corrupt the memory. Successful exploitation of this issue may allow arbitrary code execution on the remote system. (MFSA 2009-23)

The installed version of Firefox is 3.0.9. This version is potentially affected by a memory corruption vulnerability. Specifically : 

  - An error in function '@nsTextFrame: : ClearTextRun()' could corrupt the memory. Successful exploitation of this issue may allow arbitrary code execution on the remote system. (MFSA 2009-23)

ID	Name	Product	Family	Severity
67850	Oracle Linux 5 : firefox (ELSA-2009-0449)	Nessus	Oracle Linux Local Security Checks	high
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
43745	CentOS 4 / 5 : firefox (CESA-2009:0449)	Nessus	CentOS Local Security Checks	high
41355	SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 859)	Nessus	SuSE Local Security Checks	high
40173	openSUSE Security Update : MozillaFirefox (MozillaFirefox-860)	Nessus	SuSE Local Security Checks	high
39890	openSUSE Security Update : MozillaFirefox (MozillaFirefox-860)	Nessus	SuSE Local Security Checks	high
38853	Mandriva Linux Security Advisory : firefox (MDVSA-2009:111-1)	Nessus	Mandriva Local Security Checks	high
38205	Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-765-1)	Nessus	Ubuntu Local Security Checks	high
38201	Slackware 12.2 / current : mozilla-firefox (SSA:2009-118-01)	Nessus	Slackware Local Security Checks	high
38200	Firefox < 3.0.10 Multiple Vulnerabilities	Nessus	Windows	high
38193	RHEL 4 / 5 : firefox (RHSA-2009:0449)	Nessus	Red Hat Local Security Checks	high
38189	Fedora 10 : Miro-2.0.3-4.fc10 / blam-1.8.5-10.fc10 / devhelp-0.22-8.fc10 / epiphany-2.24.3-6.fc10 / etc (2009-4083)	Nessus	Fedora Local Security Checks	high
38188	Fedora 9 : Miro-2.0.3-4.fc9 / blam-1.8.5-9.fc9.1 / chmsee-1.0.1-12.fc9 / devhelp-0.19.1-12.fc9 / etc (2009-4078)	Nessus	Fedora Local Security Checks	high
5008	Mozilla Firefox 3.0.9 Memory Corruption	Nessus Network Monitor	Web Clients	medium
800744	Firefox 3.0.9 Memory Corruption	Log Correlation Engine	Web Clients	high

Detections

Analytics

CVE-2009-1313

high

Tenable Plugins

high

critical

high

high

high

high

high

high

high

high

high

high

high

medium

high