English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 61204 CVE Beschreibungen
und 32582 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.54020
Kategorie:SuSE Local Security Checks
Titel:SuSE Security Advisory SUSE-SA:2005:028 (Mozilla. Mozilla Firefox)
Zusammenfassung:SuSE Security Advisory SUSE-SA:2005:028 (Mozilla. Mozilla Firefox)
Beschreibung:
The remote host is missing updates announced in
advisory SUSE-SA:2005:028.

Several problems have been fixed with the security update releases
of the Mozilla Firefox 1.0.3 web browser and the Mozilla Suite 1.7.7.

This security update contains those security fixes. The Firefox
packages have been directly upgraded to the version 1.0.3, for
the Mozilla Suite packages the fixes up to version 1.7.7 have been
back ported.

Updates are currently provided for:

Mozilla Firefox: SUSE Linux 9.0 up to 9.3, Novell Linux Desktop 9
Mozilla Suite: SUSE Linux 9.2 and 9.3

Fixes of the Mozilla Suite for older products (SUSE Linux 8.2 - 9.1,
SUSE Linux Enterprise Server 8 and 9, SUSE Linux Desktop 1.0) are
being worked on.

Following security issues have been fixed:
- MFSA 2005-33,CVE-2005-0989:
A flaw in the Javascript regular expression handling of Mozilla
based browser can lead to disclosure of browser memory, potentially
exposing private data from web pages viewed or passwords or
similar data sent to other web pages. This flaw could also crash
the browser.

- MFSA 2005-34,CVE-2005-0752:
With manual Plugin install it was possible for the Plugin to
execute javascript code with the installing users privileges.

- MFSA 2005-35,CVE-2005-1153:
Showing blocked javascript: pop up uses wrong privilege context,
this could be used for a privilege escalation (installing malicious
plugins).

- MFSA 2005-36,CVE-2005-1154:
Cross-site scripting through global scope pollution, this could
lead to an attacker being able to run code in foreign websites
context, potentially sniffing information or performing actions
in that context.

- MFSA 2005-37,CVE-2005-1155,firelinking:
Code execution through javascript: favicons, which could be used
for a privilege escalation.

- MFSA 2005-38,CVE-2005-1157,CVE-2005-1156,firesearching:
Search Plugin cross-site scripting.

- MFSA 2005-39,CVE-2005-1158:
Arbitrary code execution from Firefox sidebar panel II.

- MFSA 2005-40,CVE-2005-1159:
Missing Install object instance checks.

- MFSA 2005-41,CVE-2005-1160:
Privilege escalation via DOM property overrides.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2005:028

Risk factor : High
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-0989
http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml
HPdes Security Advisory: HPSBUX01133
HPdes Security Advisory: SSRT5940
http://www.redhat.com/support/errata/RHSA-2005-383.html
http://www.redhat.com/support/errata/RHSA-2005-386.html
http://www.redhat.com/support/errata/RHSA-2005-384.html
http://www.redhat.com/support/errata/RHSA-2005-601.html
SCO Security Bulletin: SCOSA-2005.49
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
SuSE Security Announcement: SUSE-SA:2006:022 (Google Search)
http://www.novell.com/linux/security/advisories/2006_04_25.html
SuSE Security Announcement: SUSE-SA:2006:004 (Google Search)
BugTraq ID: 15495
http://www.securityfocus.com/bid/15495
BugTraq ID: 12988
http://www.securityfocus.com/bid/12988
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100025
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11706
http://securitytracker.com/id?1013635
http://securitytracker.com/id?1013643
http://secunia.com/advisories/14820
http://secunia.com/advisories/14821
http://secunia.com/advisories/19823
Common Vulnerability Exposure (CVE) ID: CVE-2005-0752
BugTraq ID: 13228
http://www.securityfocus.com/bid/13228
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100024
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10279
http://secunia.com/advisories/14938
Common Vulnerability Exposure (CVE) ID: CVE-2005-1153
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100023
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9584
http://secunia.com/advisories/14992
Common Vulnerability Exposure (CVE) ID: CVE-2005-1154
BugTraq ID: 13230
http://www.securityfocus.com/bid/13230
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100022
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10339
Common Vulnerability Exposure (CVE) ID: CVE-2005-1155
http://www.mikx.de/firelinking/
CERT/CC vulnerability note: VU#973309
http://www.kb.cert.org/vuls/id/973309
BugTraq ID: 13216
http://www.securityfocus.com/bid/13216
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100021
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10655
Common Vulnerability Exposure (CVE) ID: CVE-2005-1156
http://www.mikx.de/firesearching/
BugTraq ID: 13211
http://www.securityfocus.com/bid/13211
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100020
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11230
http://securitytracker.com/id?1013745
http://secunia.com/advisories/14996
XForce ISS Database: mozilla-plugin-xss(20125)
http://xforce.iss.net/xforce/xfdb/20125
Common Vulnerability Exposure (CVE) ID: CVE-2005-1157
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9961
Common Vulnerability Exposure (CVE) ID: CVE-2005-1158
BugTraq ID: 13231
http://www.securityfocus.com/bid/13231
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100019
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11734
Common Vulnerability Exposure (CVE) ID: CVE-2005-1159
BugTraq ID: 13232
http://www.securityfocus.com/bid/13232
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100018
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10629
http://securitytracker.com/id?1013742
http://securitytracker.com/id?1013743
XForce ISS Database: mozilla-installtrigger-command-execution(20123)
http://xforce.iss.net/xforce/xfdb/20123
Common Vulnerability Exposure (CVE) ID: CVE-2005-1160
BugTraq ID: 13233
http://www.securityfocus.com/bid/13233
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100017
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11291
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 32582 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.