| VID |
14202 |
| Severity |
40 |
| Port |
22 |
| Protocol |
TCP |
| Class |
LSC |
| Detailed Description |
The remote system does not apply RHSA-2015-0988 which is Firefox security update. The system which does not apply the update is affected by the following vulnerabilities :
- Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2708, CVE-2015-0797, CVE-2015-2710, CVE-2015-2713)
- A heap-based buffer overflow flaw was found in the way Firefox processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Firefox, could cause it to crash or execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2716)
Note: This check solely relied on the Firefox RPM version of the remote system to assess this vulnerability, so this might be a false positive.
* References:
https://rhn.redhat.com/errata/RHSA-2015-0988.html
https://www.redhat.com/security/data/cve/CVE-2015-0797.html
https://www.redhat.com/security/data/cve/CVE-2015-2708.html
https://www.redhat.com/security/data/cve/CVE-2015-2710.html
https://www.redhat.com/security/data/cve/CVE-2015-2713.html
https://www.redhat.com/security/data/cve/CVE-2015-2716.html
* Platforms Affected:
Red Hat Enterprise Linux Server (v. 5)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server (v. 7) |
| Recommendation |
Update the affected packages.
Launch the graphical update tool through
Applications -> System Tools -> Software Update
For a command line interface, use the following command to update the operating system:
# yum update
To install firefox package, use the following command:
# yum install firefox |
| Related URL |
CVE-2015-0797,CVE-2015-2708,CVE-2015-2710,CVE-2015-2713,CVE-2015-2716 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
