 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.52681 |
| Kategorie: | FreeBSD Local Security Checks |
| Titel: | FreeBSD Ports: firefox |
| Zusammenfassung: | The remote host is missing an update to the system; as announced in the referenced advisory. |
| Beschreibung: | Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: firefox linux-firefox mozilla linux-mozilla linux-mozilla-devel netscape7 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 CVE-2005-1476 Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477. CVE-2005-1477 The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-1476 BugTraq ID: 13544 http://www.securityfocus.com/bid/13544 BugTraq ID: 15495 http://www.securityfocus.com/bid/15495 CERT/CC vulnerability note: VU#534710 http://www.kb.cert.org/vuls/id/534710 http://marc.info/?l=full-disclosure&m=111553138007647&w=2 http://marc.info/?l=full-disclosure&m=111556301530553&w=2 http://greyhatsecurity.org/firefox.htm http://greyhatsecurity.org/vulntests/ffrc.htm https://bugzilla.mozilla.org/show_bug.cgi?id=292691 https://bugzilla.mozilla.org/show_bug.cgi?id=293302 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10045 http://www.redhat.com/support/errata/RHSA-2005-434.html http://www.redhat.com/support/errata/RHSA-2005-435.html SCO Security Bulletin: SCOSA-2005.49 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://securitytracker.com/id?1013913 http://secunia.com/advisories/15292 http://www.vupen.com/english/advisories/2005/0493 XForce ISS Database: mozilla-javascript-code-execution(20443) https://exchange.xforce.ibmcloud.com/vulnerabilities/20443 Common Vulnerability Exposure (CVE) ID: CVE-2005-1477 CERT/CC vulnerability note: VU#648758 http://www.kb.cert.org/vuls/id/648758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100001 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9231 |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |