[Pardus-security] [PLSA 2010-39] Firefox: Multiple Vulnerabilities
Eren Turkay
eren at pardus.org.tr
Tue Mar 9 09:07:47 EET 2010
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-39 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-03-09
Severity: 3
Type: Local
------------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities have been fixed in Firefox, which can be
exploited by malicious people to conduct cross-site scripting attacks or
compromise a user's system.
Description
===========
MFSA 2010-05 XSS hazard using SVG document and binary Content-Type
MFSA 2010-04 XSS due to window.dialogArguments being readable
cross-domain
MFSA 2010-03 Use-after-free crash in HTML parser
MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability
MFSA 2010-01 Crashes with evidence of memory corruption (rv:1.9.1.8/
1.9.0.18)
Affected packages:
Pardus 2009:
xulrunner, all before 1.9.1.8-27-21
firefox, all before 3.5.8-122-23
Resolution
==========
There are update(s) for xulrunner, firefox. You can update them via
Package Manager or with a single command from console:
pisi up xulrunner firefox
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12316
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html
------------------------------------------------------------------------
More information about the Pardus-security
mailing list