Mandriva Update For Firefox MDVSA-2010:000 (firefox) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Security issues were identified and fixed in firefox 3.5.x: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array (CVE-2010-0220). Additionally, some packages which require so, have been rebuilt and are being provided as updates.

Affected

firefox on Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64

Severity

Classification

CVE CVE-2010-0220
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:074 (libneon0.27)
Mandrake Security Advisory MDVSA-2009:112 (ipsec-tools)
Mandrake Security Advisory MDVSA-2009:080 (glib2.0)
Mandrake Security Advisory MDVSA-2009:110 (squirrelmail)
Mandrake Security Advisory MDVSA-2009:032 (kernel)

Mandriva Update for firefox MDVSA-2010:000 (firefox)

Take action and discover your vulnerabilities