Nessus Plugin #17276
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200503-10] Mozilla Firefox: Various vulnerabilities
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2005 Michel Arboi
- Summary:
- Mozilla Firefox: Various vulnerabilities
- Version:
- $Revision: 1.1 $
- Cve_id:
- CAN-2004-1156, CAN-2005-0230, CAN-2005-0231, CAN-2005-0232, CAN-2005-0233, CAN-2005-0255, CAN-2005-0527, CAN-2005-0578, CAN-2005-0584, CAN-2005-0585, CAN-2005-0586, CAN-2005-0588, CAN-2005-0589, CAN-2005-0590, CAN-2005-0591, CAN-2005-0592, CAN-2005-0593
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200503-10
- Description:
- The remote host is affected by the vulnerability described in GLSA-200503-10
(Mozilla Firefox: Various vulnerabilities)
Impact
By setting up malicious websites and convincing users to
follow untrusted links or obey very specific drag-and-drop or download
instructions, attackers may leverage the various spoofing issues to
fake other websites to get access to confidential information, push
users to download malicious files or make them interact with their
browser preferences.
The temporary directory issue allows
local attackers to overwrite arbitrary files with the rights of another
local user.
The overflow issues, while not thought to be
exploitable, may allow a malicious downloaded page to execute arbitrary
code with the rights of the user viewing the page.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0593
http://www.mozilla.org/projects/security/known-vulnerabilities.html
Solution:
All Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0.1"
All Firefox binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0.1"
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.