Rapid7 Vulnerability & Exploit Database

RHSA-2008:0569: firefox security update

Back to Search

RHSA-2008:0569: firefox security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
07/07/2008
Created
07/25/2018
Added
07/16/2008
Modified
07/04/2017

Description

Mozilla Firefox is an open source Web browser.Multiple flaws were found in the processing of malformed JavaScriptcontent. A web page containing such malicious content could cause Firefoxto crash or, potentially, execute arbitrary code as the user runningFirefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code as the user running Firefox.(CVE-2008-2798, CVE-2008-2799, CVE-2008-2811)Several flaws were found in the way malformed web content was displayed. Aweb page containing specially-crafted content could potentially trick aFirefox user into surrendering sensitive information. (CVE-2008-2800)Two local file disclosure flaws were found in Firefox. A web pagecontaining malicious content could cause Firefox to reveal the contents ofa local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810)A flaw was found in the way a malformed .properties file was processed byFirefox. A malicious extension could read uninitialized memory, possiblyleaking sensitive data to the extension. (CVE-2008-2807)A flaw was found in the way Firefox escaped a listing of local file names.If a user could be tricked into listing a local directory containingmalicious file names, arbitrary JavaScript could be run with thepermissions of the user running Firefox. (CVE-2008-2808)A flaw was found in the way Firefox displayed information about self-signedcertificates. It was possible for a self-signed certificate to containmultiple alternate name entries, which were not all displayed to the user,allowing them to mistakenly extend trust to an unknown site.(CVE-2008-2809)All Mozilla Firefox users should upgrade to these updated packages, whichcontain backported patches that correct these issues.

Solution(s)

  • redhat-upgrade-devhelp
  • redhat-upgrade-devhelp-devel
  • redhat-upgrade-firefox
  • redhat-upgrade-xulrunner
  • redhat-upgrade-xulrunner-devel
  • redhat-upgrade-xulrunner-devel-unstable
  • redhat-upgrade-yelp

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;