RHEL 4 : firefox (RHSA-2005:176)

high Nessus Plugin ID 17252

Synopsis

The remote Red Hat host is missing a security update.

Description

Updated firefox packages that fix various bugs are now available.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

A bug was found in the Firefox string handling functions. If a malicious website is able to exhaust a system's memory, it becomes possible to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0255 to this issue.

A bug was found in the way Firefox handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CVE-2004-1156)

A bug was found in the way Firefox allows plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. (CVE-2005-0232 and CVE-2005-0527).

A flaw was found in the way Firefox displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CVE-2005-0233)

A bug was found in the way Firefox handles plug-in temporary files. A malicious local user could create a symlink to a victims directory, causing it to be deleted when the victim exits Firefox.
(CVE-2005-0578)

A bug has been found in one of Firefox's UTF-8 converters. It may be possible for an attacker to supply a specially crafted UTF-8 string to the buggy converter, leading to arbitrary code execution.
(CVE-2005-0592)

A bug was found in the Firefox JavaScript security manager. If a user drags a malicious link to a tab, the JavaScript security manager is bypassed which could result in remote code execution or information disclosure. (CVE-2005-0231)

A bug was found in the way Firefox displays the HTTP authentication prompt. When a user is prompted for authentication, the dialog window is displayed over the active tab, regardless of the tab that caused the pop-up to appear and could trick a user into entering their username and password for a trusted site. (CVE-2005-0584)

A bug was found in the way Firefox displays the save file dialog. It is possible for a malicious webserver to spoof the Content-Disposition header, tricking the user into thinking they are downloading a different filetype. (CVE-2005-0586)

A bug was found in the way Firefox handles users 'down-arrow' through auto completed choices. When an autocomplete choice is selected, the information is copied into the input control, possibly allowing a malicious website to steal information by tricking a user into arrowing through autocompletion choices. (CVE-2005-0589)

Several bugs were found in the way Firefox displays the secure site icon. It is possible that a malicious website could display the secure site icon along with incorrect certificate information.
(CVE-2005-0593)

A bug was found in the way Firefox displays the download dialog window. A malicious site can obfuscate the content displayed in the source field, tricking a user into thinking they are downloading content from a trusted source. (CVE-2005-0585)

A bug was found in the way Firefox handles xsl:include and xsl:import directives. It is possible for a malicious website to import XSLT stylesheets from a domain behind a firewall, leaking information to an attacker. (CVE-2005-0588)

A bug was found in the way Firefox displays the installation confirmation dialog. An attacker could add a long user:pass before the true hostname, tricking a user into thinking they were installing content from a trusted source. (CVE-2005-0590)

A bug was found in the way Firefox displays download and security dialogs. An attacker could cover up part of a dialog window tricking the user into clicking 'Allow' or 'Open', which could potentially lead to arbitrary code execution. (CVE-2005-0591)

Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.1 and is not vulnerable to these issues.

Solution

Update the affected firefox package.

Plugin Details

Severity: High

ID: 17252

File Name: redhat-RHSA-2005-176.nasl

Version: 1.25

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 3/2/2005

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:firefox, cpe:/o:redhat:enterprise_linux:4

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 3/1/2005

Vulnerability Publication Date: 12/31/2004

Reference Information

CVE: CVE-2004-1156, CVE-2005-0231, CVE-2005-0232, CVE-2005-0233, CVE-2005-0255, CVE-2005-0527, CVE-2005-0578, CVE-2005-0584, CVE-2005-0585, CVE-2005-0586, CVE-2005-0588, CVE-2005-0589, CVE-2005-0590, CVE-2005-0591, CVE-2005-0592, CVE-2005-0593

RHSA: 2005:176

Detections

Analytics