Fedora 10 : Miro-2.0.3-2.fc10 / blam-1.8.5-8.fc10 / devhelp-0.22-6.fc10 / epiphany-2.24.3-4.fc10 / etc (2009-3100)

high Nessus Plugin ID 37824

Synopsis

The remote Fedora host is missing one or more security updates.

Description

A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?6e27367e

http://www.nessus.org/u?3c2e4e00

http://www.nessus.org/u?ead787e6

http://www.nessus.org/u?82fb14d4

http://www.nessus.org/u?c0a8ab71

http://www.nessus.org/u?b8b93ce0

http://www.nessus.org/u?527bdd4d

http://www.nessus.org/u?317c4055

http://www.nessus.org/u?39045ac3

http://www.nessus.org/u?042bfeb9

http://www.nessus.org/u?1b6b5508

http://www.nessus.org/u?ac5c0a7c

http://www.nessus.org/u?5be312ab

http://www.nessus.org/u?c03fa684

http://www.nessus.org/u?49be5a5b

http://www.nessus.org/u?d73b1b01

http://www.nessus.org/u?ef8d768d

http://www.nessus.org/u?388377f6

http://www.nessus.org/u?288b32e8

Plugin Details

Severity: High

ID: 37824

File Name: fedora_2009-3100.nasl

Version: 1.19

Type: local

Agent: unix

Published: 4/23/2009

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:miro, p-cpe:/a:fedoraproject:fedora:blam, p-cpe:/a:fedoraproject:fedora:devhelp, p-cpe:/a:fedoraproject:fedora:epiphany, p-cpe:/a:fedoraproject:fedora:epiphany-extensions, p-cpe:/a:fedoraproject:fedora:evolution-rss, p-cpe:/a:fedoraproject:fedora:firefox, p-cpe:/a:fedoraproject:fedora:galeon, p-cpe:/a:fedoraproject:fedora:gecko-sharp2, p-cpe:/a:fedoraproject:fedora:gnome-python2-extras, p-cpe:/a:fedoraproject:fedora:gnome-web-photo, p-cpe:/a:fedoraproject:fedora:google-gadgets, p-cpe:/a:fedoraproject:fedora:kazehakase, p-cpe:/a:fedoraproject:fedora:mozvoikko, p-cpe:/a:fedoraproject:fedora:mugshot, p-cpe:/a:fedoraproject:fedora:pcmanx-gtk2, p-cpe:/a:fedoraproject:fedora:ruby-gnome2, p-cpe:/a:fedoraproject:fedora:xulrunner, p-cpe:/a:fedoraproject:fedora:yelp, cpe:/o:fedoraproject:fedora:10

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/28/2009

Reference Information

CVE: CVE-2009-1044, CVE-2009-1169

BID: 34181, 34235

CWE: 399

FEDORA: 2009-3100