Pardus: Firefox: Multiple Denial of Service
Posted by Benjamin D. Thomas   
Mozilla Firefox is prone to two remote code-execution vulnerabilities. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the application and possibly the computer.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-48            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-04-01
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Mozilla Firefox is prone to two remote code-execution  vulnerabilities.
Attackers can exploit this issue  to  execute  arbitrary  code  in  the
context of the user  running  the  browser.  Successful  exploits  will
compromise the application and possibly the computer.


Description
===========

An attacker can exploit this issue to execute arbitrary code within the
context of the affected browser. Failed exploit attempt will result in a
denial-of-service condition.



Affected packages:

  Pardus 2008:
    firefox, all before 3.0.8-102-25
    firefox-devel, all before 3.0.8-102-25



Resolution
==========

There are update(s) for firefox, firefox-devel. You can update them via
Package Manager or with a single command from console:

    pisi up firefox firefox-devel

References
==========

  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1044
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1169
  * http://www.mozilla.org/security/announce/2009/mfsa2009-12.html
  * http://www.securityfocus.com/bid/34181
  * http://www.securityfocus.com/bid/34235