[FEDORA-2008-1435] Fedora 7: chmsee, epiphany-extensions, firefox, devhelp, gtkmozembedmm & 9 more

Severity High

Affected Packages 14

CVEs 14

Mozilla Firefox is an open source Web browser. Several flaws were found in
the way Firefox processed certain malformed web content. A webpage containing
malicious content could cause Firefox to crash, or potentially execute arbitrary
code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415,
CVE-2008-0419) Several flaws were found in the way Firefox displayed
malformed web content. A webpage containing specially-crafted content could
trick a user into surrendering sensitive information. (CVE-2008-0591,
CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a
user saves login information for a malicious website, it could be possible to
corrupt the password database, preventing the user from properly accessing saved
password data. (CVE-2008-0417) A flaw was found in the way Firefox handles
certain chrome URLs. If a user has certain extensions installed, it could allow
a malicious website to steal sensitive session data. Note: this flaw does not
affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in
the way Firefox saves certain text files. If a website offers a file of type
"plain/text", rather than "text/plain", Firefox will not show future
"text/plain" content to the user in the browser, forcing them to save those
files locally to view the content. (CVE-2008-0592) Users of firefox are
advised to upgrade to these updated packages, which contain updated packages to
resolve these issues.

Package	Affected Version
pkg:rpm/fedora/yelp?distro=fedora-7	< 2.18.1.9.fc7
pkg:rpm/fedora/ruby-gnome2?distro=fedora-7	< 0.16.0.21.fc7
pkg:rpm/fedora/openvrml?distro=fedora-7	< 0.16.7.3.fc7
pkg:rpm/fedora/Miro?distro=fedora-7	< 1.1.3.fc7
pkg:rpm/fedora/liferea?distro=fedora-7	< 1.4.9.2.fc7
pkg:rpm/fedora/kazehakase?distro=fedora-7	< 0.5.2.1.fc7.2
pkg:rpm/fedora/gtkmozembedmm?distro=fedora-7	< 1.4.2.cvs20060817.15.fc7
pkg:rpm/fedora/gnome-python2-extras?distro=fedora-7	< 2.14.3.8.fc7
pkg:rpm/fedora/galeon?distro=fedora-7	< 2.0.3.15.fc7
pkg:rpm/fedora/firefox?distro=fedora-7	< 2.0.0.12.1.fc7
pkg:rpm/fedora/epiphany?distro=fedora-7	< 2.18.3.6.fc7
pkg:rpm/fedora/epiphany-extensions?distro=fedora-7	< 2.18.3.7
pkg:rpm/fedora/devhelp?distro=fedora-7	< 0.13.13.fc7
pkg:rpm/fedora/chmsee?distro=fedora-7	< 1.0.0.1.28.fc7

ID

FEDORA-2008-1435

Severity

high

Severity from

CVE-2008-0412

URL

https://bodhi.fedoraproject.org/updates/FEDORA-2008-1435

Published

2008-02-13T04:51:06
(16 years ago)

Modified

2008-02-13T04:51:06
(16 years ago)

Rights

Other Advisories

Source	# ID	Name	URL
Bugzilla	431732	Bug #431732 - CVE-2008-0412 Mozilla layout engine crashes	https://bugzilla.redhat.com/show_bug.cgi?id=431732
Bugzilla	431739	Bug #431739 - CVE-2008-0415 Mozilla arbitrary code execution	https://bugzilla.redhat.com/show_bug.cgi?id=431739
Bugzilla	431752	Bug #431752 - CVE-2008-0592 Mozilla text file mishandling	https://bugzilla.redhat.com/show_bug.cgi?id=431752
Bugzilla	431756	Bug #431756 - CVE-2008-0593 Mozilla URL token stealing flaw	https://bugzilla.redhat.com/show_bug.cgi?id=431756
Bugzilla	431749	Bug #431749 - CVE-2008-0419 Mozilla arbitrary code execution	https://bugzilla.redhat.com/show_bug.cgi?id=431749
Bugzilla	432040	Bug #432040 - CVE-2008-0414 mozilla: multiple file input focus stealing vulnerabilities	https://bugzilla.redhat.com/show_bug.cgi?id=432040
Bugzilla	431748	Bug #431748 - CVE-2008-0418 Mozilla chrome: directory traversal	https://bugzilla.redhat.com/show_bug.cgi?id=431748
Bugzilla	431751	Bug #431751 - CVE-2008-0591 Mozilla information disclosure flaw	https://bugzilla.redhat.com/show_bug.cgi?id=431751
Bugzilla	431733	Bug #431733 - CVE-2008-0413 Mozilla javascript engine crashes	https://bugzilla.redhat.com/show_bug.cgi?id=431733
Bugzilla	431742	Bug #431742 - CVE-2008-0417 Mozilla arbitrary code execution	https://bugzilla.redhat.com/show_bug.cgi?id=431742
Bugzilla	432036	Bug #432036 - CVE-2008-0594 mozilla: web forgery warning may not be displayed	https://bugzilla.redhat.com/show_bug.cgi?id=432036

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/fedora/yelp?distro=fedora-7	fedora	yelp	< 2.18.1.9.fc7	fedora-7
Affected	pkg:rpm/fedora/ruby-gnome2?distro=fedora-7	fedora	ruby-gnome2	< 0.16.0.21.fc7	fedora-7
Affected	pkg:rpm/fedora/openvrml?distro=fedora-7	fedora	openvrml	< 0.16.7.3.fc7	fedora-7
Affected	pkg:rpm/fedora/Miro?distro=fedora-7	fedora	Miro	< 1.1.3.fc7	fedora-7
Affected	pkg:rpm/fedora/liferea?distro=fedora-7	fedora	liferea	< 1.4.9.2.fc7	fedora-7
Affected	pkg:rpm/fedora/kazehakase?distro=fedora-7	fedora	kazehakase	< 0.5.2.1.fc7.2	fedora-7
Affected	pkg:rpm/fedora/gtkmozembedmm?distro=fedora-7	fedora	gtkmozembedmm	< 1.4.2.cvs20060817.15.fc7	fedora-7
Affected	pkg:rpm/fedora/gnome-python2-extras?distro=fedora-7	fedora	gnome-python2-extras	< 2.14.3.8.fc7	fedora-7
Affected	pkg:rpm/fedora/galeon?distro=fedora-7	fedora	galeon	< 2.0.3.15.fc7	fedora-7
Affected	pkg:rpm/fedora/firefox?distro=fedora-7	fedora	firefox	< 2.0.0.12.1.fc7	fedora-7
Affected	pkg:rpm/fedora/epiphany?distro=fedora-7	fedora	epiphany	< 2.18.3.6.fc7	fedora-7
Affected	pkg:rpm/fedora/epiphany-extensions?distro=fedora-7	fedora	epiphany-extensions	< 2.18.3.7	fedora-7
Affected	pkg:rpm/fedora/devhelp?distro=fedora-7	fedora	devhelp	< 0.13.13.fc7	fedora-7
Affected	pkg:rpm/fedora/chmsee?distro=fedora-7	fedora	chmsee	< 1.0.0.1.28.fc7	fedora-7

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date