Rapid7 Vulnerability & Exploit Database

RHSA-2008:1036: firefox security update

Back to Search

RHSA-2008:1036: firefox security update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
12/17/2008
Created
07/25/2018
Added
02/22/2009
Modified
07/04/2017

Description

Mozilla Firefox is an open source Web browser.Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code as the user running Firefox.(CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512,CVE-2008-5513)Several flaws were found in the way malformed content was processed. Awebsite containing specially-crafted content could potentially trick aFirefox user into surrendering sensitive information. (CVE-2008-5506,CVE-2008-5507)A flaw was found in the way Firefox stored attributes in XML User InterfaceLanguage (XUL) elements. A web site could use this flaw to track usersacross browser sessions, even if users did not allow the site to storecookies in the victim's browser. (CVE-2008-5505)A flaw was found in the way malformed URLs were processed by Firefox.This flaw could prevent various URL sanitization mechanisms from properlyparsing a malicious URL. (CVE-2008-5508)A flaw was found in Firefox's CSS parser. A malicious web page could injectNULL characters into a CSS input string, possibly bypassing anapplication's script sanitization routines. (CVE-2008-5510)For technical details regarding these flaws, please see the Mozillasecurity advisories for Firefox 3.0.5. You can find a link to the Mozillaadvisories in the References section.Note: after the errata packages are installed, Firefox must be restartedfor the update to take effect.All firefox users should upgrade to these updated packages, which containbackported patches that correct these issues.

Solution(s)

  • redhat-upgrade-firefox
  • redhat-upgrade-nspr
  • redhat-upgrade-nspr-devel
  • redhat-upgrade-nss
  • redhat-upgrade-nss-devel
  • redhat-upgrade-nss-pkcs11-devel
  • redhat-upgrade-nss-tools
  • redhat-upgrade-xulrunner
  • redhat-upgrade-xulrunner-devel
  • redhat-upgrade-xulrunner-devel-unstable

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;