Mozilla Firefox is prone to two remote code-execution vulnerabilities. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the application and possibly the computer.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-48 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2009-04-01
Severity: 3
Type: Remote
------------------------------------------------------------------------
Summary
=======
Mozilla Firefox is prone to two remote code-execution vulnerabilities.
Attackers can exploit this issue to execute arbitrary code in the
context of the user running the browser. Successful exploits will
compromise the application and possibly the computer.
Description
===========
An attacker can exploit this issue to execute arbitrary code within the
context of the affected browser. Failed exploit attempt will result in a
denial-of-service condition.
Affected packages:
Pardus 2008:
firefox, all before 3.0.8-102-25
firefox-devel, all before 3.0.8-102-25
Resolution
==========
There are update(s) for firefox, firefox-devel. You can update them via
Package Manager or with a single command from console:
pisi up firefox firefox-devel
References
==========
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169
* http://www.mozilla.org/security/announce/2009/mfsa2009-12.html
* http://www.securityfocus.com/bid/34181
* http://www.securityfocus.com/bid/34235