Test Kennung:	1.3.6.1.4.1.25623.1.0.56488
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2006:037 (mozilla-firefox)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to mozilla-firefox announced via advisory MDKSA-2006:037. Mozilla and Mozilla Firefox allow remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. (CVE-2005-4134) The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. (CVE-2006-0292) The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. (CVE-2006-0296) Updated packages are patched to address these issues. Affected: 2006.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:037 Risk factor : High CVSS Score: 7.5
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4134 BugTraq ID: 15773 http://www.securityfocus.com/bid/15773 BugTraq ID: 16476 http://www.securityfocus.com/bid/16476 Debian Security Information: DSA-1044 (Google Search) http://www.debian.org/security/2006/dsa-1044 Debian Security Information: DSA-1046 (Google Search) http://www.debian.org/security/2006/dsa-1046 Debian Security Information: DSA-1051 (Google Search) http://www.debian.org/security/2006/dsa-1051 http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html http://www.securityfocus.com/archive/1/425978/100/0/threaded http://www.securityfocus.com/archive/1/425975/100/0/threaded http://marc.info/?l=full-disclosure&m=113405896025702&w=2 http://marc.info/?l=full-disclosure&m=113404911919629&w=2 http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml HPdes Security Advisory: HPSBUX02122 http://www.securityfocus.com/archive/1/438730/100/0/threaded HPdes Security Advisory: SSRT061158 http://www.mandriva.com/security/advisories?name=MDKSA-2006:036 http://www.mandriva.com/security/advisories?name=MDKSA-2006:037 http://www.mozilla.org/security/history-title.html http://www.networksecurity.fi/advisories/netscape-history.html http://www.osvdb.org/21533 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619 http://www.redhat.com/support/errata/RHSA-2006-0199.html http://www.redhat.com/support/errata/RHSA-2006-0200.html SCO Security Bulletin: SCOSA-2006.26 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt http://securitytracker.com/id?1015328 http://secunia.com/advisories/17934 http://secunia.com/advisories/17944 http://secunia.com/advisories/17946 http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/18705 http://secunia.com/advisories/18706 http://secunia.com/advisories/18708 http://secunia.com/advisories/18709 http://secunia.com/advisories/19230 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http://secunia.com/advisories/19852 http://secunia.com/advisories/19862 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 http://secunia.com/advisories/19941 http://secunia.com/advisories/21033 http://secunia.com/advisories/21622 SGI Security Advisory: 20060201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 https://usn.ubuntu.com/271-1/ https://usn.ubuntu.com/275-1/ http://www.vupen.com/english/advisories/2005/2805 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3391 Common Vulnerability Exposure (CVE) ID: CVE-2006-0292 1015570 http://securitytracker.com/id?1015570 102550 16476 18700 18703 http://secunia.com/advisories/18703 18704 18705 18706 18708 18709 19230 19746 19759 19780 http://secunia.com/advisories/19780 19821 http://secunia.com/advisories/19821 19823 http://secunia.com/advisories/19823 19852 19862 19863 19902 19941 19950 http://secunia.com/advisories/19950 20051 http://secunia.com/advisories/20051 20060201-01-U 21033 21622 22065 http://secunia.com/advisories/22065 228526 ADV-2006-0413 ADV-2006-3391 ADV-2006-3749 http://www.vupen.com/english/advisories/2006/3749 DSA-1044 DSA-1046 DSA-1051 FEDORA-2006-075 FEDORA-2006-076 FLSA-2006:180036-2 FLSA:180036-1 GLSA-200604-12 GLSA-200604-18 GLSA-200605-09 http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml HPSBUX02122 HPSBUX02156 http://www.securityfocus.com/archive/1/446657/100/200/threaded MDKSA-2006:036 MDKSA-2006:037 MDKSA-2006:078 http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 RHSA-2006:0199 RHSA-2006:0200 RHSA-2006:0330 http://www.redhat.com/support/errata/RHSA-2006-0330.html SCOSA-2006.26 SSRT061158 SSRT061236 SUSE-SA:2006:022 http://www.novell.com/linux/security/advisories/2006_04_25.html USN-271-1 USN-275-1 USN-276-1 https://usn.ubuntu.com/276-1/ http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.mozilla.org/security/announce/2006/mfsa2006-01.html https://bugzilla.mozilla.org/show_bug.cgi?id=316885 mozilla-javascript-memory-corruption(24430) https://exchange.xforce.ibmcloud.com/vulnerabilities/24430 oval:org.mitre.oval:def:10016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016 oval:org.mitre.oval:def:670 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670 Common Vulnerability Exposure (CVE) ID: CVE-2006-0296 TA06-038A http://www.us-cert.gov/cas/techalerts/TA06-038A.html VU#592425 http://www.kb.cert.org/vuls/id/592425 http://www.mozilla.org/security/announce/2006/mfsa2006-05.html https://bugzilla.mozilla.org/show_bug.cgi?id=319847 mozilla-xuldocument-command-execution(24434) https://exchange.xforce.ibmcloud.com/vulnerabilities/24434 oval:org.mitre.oval:def:11803 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11803 oval:org.mitre.oval:def:1493 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1493
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.