MDVSA-2009:236 -- Mandriva firefoxID: oval:org.secpod.oval:def:300538 | Date: (C)2012-01-07 (M)2024-02-19 |
Class: PATCH | Family: unix |
Security issues were identified and fixed in firefox 3.0.x: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors . Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors . Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the pkcs11.addmodule and pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module . Mozilla Firefox before 3.0.14 does not properly manage pointers for the columns of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a dangling pointer vulnerability. Visual truncation vulnerability in Mozilla Firefox before 3.0.14 allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property . Unspecified vulnerability in Mozilla Firefox before 3.0.14 allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter . This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
Platform: |
Mandriva Linux 2009.0 |
Mandriva Linux 2009.1 |