English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 61204 CVE Beschreibungen
und 32582 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.61934
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 1671-1 (iceweasel)
Zusammenfassung:Debian Security Advisory DSA 1671-1 (iceweasel)
Beschreibung:The remote host is missing an update to iceweasel
announced via advisory DSA 1671-1.

Several remote vulnerabilities have been discovered in the Iceweasel
webbrowser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2008-0017

Justin Schuh discovered that a buffer overflow in the http-index-format
parser could lead to arbitrary code execution.

CVE-2008-4582

Liu Die Yu discovered an information leak through local shortcut
files.

CVE-2008-5012

Georgi Guninski, Michal Zalewski and Chris Evan discovered that
the canvas element could be used to bypass same-origin
restrictions.

CVE-2008-5013

It was discovered that insufficient checks in the Flash plugin glue
code could lead to arbitrary code execution.

CVE-2008-5014

Jesse Ruderman discovered that a programming error in the
window.__proto__.__proto__ object could lead to arbitrary code
execution.

CVE-2008-5017

It was discovered that crashes in the layout engine could lead to
arbitrary code execution.

CVE-2008-5018

It was discovered that crashes in the Javascript engine could lead to
arbitrary code execution.

CVE-2008-5021

It was discovered that a crash in the nsFrameManager might lead to
the execution of arbitrary code.

CVE-2008-5022

moz_bug_r_a4 discovered that the same-origin check in
nsXMLHttpRequest::NotifyEventListeners() could be bypassed.

CVE-2008-5023

Collin Jackson discovered that the -moz-binding property bypasses
security checks on codebase principals.

CVE-2008-5024

Chris Evans discovered that quote characters were improperly
escaped in the default namespace of E4X documents.

For the stable distribution (etch), these problems have been fixed in
version 2.0.0.18-0etch1.

For the upcoming stable distribution (lenny) and the unstable distribution
(sid), these problems have been fixed in version 3.0.4-1 of iceweasel
and version 1.9.0.4-1 of xulrunner. Packages for arm and mips will be
provided soon.

We recommend that you upgrade your iceweasel package.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201671-1
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-0017
ISS Security Advisory: 20081113 Mozilla Unchecked Allocation Remote Code Execution
http://www.iss.net/threats/311.html
https://bugzilla.mozilla.org/show_bug.cgi?id=443299
Debian Security Information: DSA-1669 (Google Search)
http://www.debian.org/security/2008/dsa-1669
Debian Security Information: DSA-1671 (Google Search)
http://www.debian.org/security/2008/dsa-1671
Debian Security Information: DSA-1697 (Google Search)
http://www.debian.org/security/2009/dsa-1697
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230
http://www.redhat.com/support/errata/RHSA-2008-0977.html
http://www.redhat.com/support/errata/RHSA-2008-0978.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
SuSE Security Announcement: SUSE-SA:2008:055 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
http://ubuntu.com/usn/usn-667-1
Cert/CC Advisory: TA08-319A
http://www.us-cert.gov/cas/techalerts/TA08-319A.html
BugTraq ID: 32281
http://www.securityfocus.com/bid/32281
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11005
http://www.securitytracker.com/id?1021185
http://secunia.com/advisories/34501
http://secunia.com/advisories/32684
http://secunia.com/advisories/32713
http://secunia.com/advisories/32778
http://secunia.com/advisories/32853
http://www.vupen.com/english/advisories/2008/3146
http://secunia.com/advisories/32721
http://secunia.com/advisories/32845
http://secunia.com/advisories/32693
http://secunia.com/advisories/32694
http://secunia.com/advisories/32695
http://secunia.com/advisories/32714
http://secunia.com/advisories/33433
http://www.vupen.com/english/advisories/2009/0977
Common Vulnerability Exposure (CVE) ID: CVE-2008-4582
Bugtraq: 20081007 Firefox Privacy Broken If Used to Open Web Page File (Google Search)
http://www.securityfocus.com/archive/1/archive/1/497091/100/0/threaded
http://liudieyu0.blog124.fc2.com/blog-entry-6.html
https://bugzilla.mozilla.org/show_bug.cgi?id=455311
Debian Security Information: DSA-1696 (Google Search)
http://www.debian.org/security/2009/dsa-1696
BugTraq ID: 31747
http://www.securityfocus.com/bid/31747
BugTraq ID: 31611
http://www.securityfocus.com/bid/31611
http://www.securitytracker.com/id?1021190
http://www.vupen.com/english/advisories/2008/2818
http://securitytracker.com/alerts/2008/Nov/1021190.html
http://securitytracker.com/alerts/2008/Nov/1021212.html
http://secunia.com/advisories/32192
http://secunia.com/advisories/33434
http://securityreason.com/securityalert/4416
XForce ISS Database: firefox-internet-shortcut-info-disclosure(45740)
http://xforce.iss.net/xforce/xfdb/45740
Common Vulnerability Exposure (CVE) ID: CVE-2008-5012
Bugtraq: 20081118 Firefox cross-domain image theft (CESA-2008-009) (Google Search)
http://www.securityfocus.com/archive/1/498468
https://bugzilla.mozilla.org/show_bug.cgi?id=355126
https://bugzilla.mozilla.org/show_bug.cgi?id=451619
http://scary.beasts.org/security/CESA-2008-009.html
http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235
http://www.redhat.com/support/errata/RHSA-2008-0976.html
BugTraq ID: 32351
http://www.securityfocus.com/bid/32351
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10750
http://www.securitytracker.com/id?1021187
http://secunia.com/advisories/32798
http://secunia.com/advisories/32715
Common Vulnerability Exposure (CVE) ID: CVE-2008-5013
https://bugzilla.mozilla.org/show_bug.cgi?id=433610
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9660
http://www.securitytracker.com/id?1021181
Common Vulnerability Exposure (CVE) ID: CVE-2008-5014
https://bugzilla.mozilla.org/show_bug.cgi?id=436741
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9157
http://www.securitytracker.com/id?1021182
http://secunia.com/advisories/32011
Common Vulnerability Exposure (CVE) ID: CVE-2008-5017
https://bugzilla.mozilla.org/show_bug.cgi?id=455987
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11436
http://www.securitytracker.com/id?1021183
Common Vulnerability Exposure (CVE) ID: CVE-2008-5018
https://bugzilla.mozilla.org/show_bug.cgi?id=452786
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9872
Common Vulnerability Exposure (CVE) ID: CVE-2008-5021
https://bugzilla.mozilla.org/show_bug.cgi?id=460002
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9642
http://www.securitytracker.com/id?1021186
Common Vulnerability Exposure (CVE) ID: CVE-2008-5022
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11186
http://www.securitytracker.com/id?1021188
Common Vulnerability Exposure (CVE) ID: CVE-2008-5023
https://bugzilla.mozilla.org/show_bug.cgi?id=424733
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9908
http://www.securitytracker.com/id?1021189
Common Vulnerability Exposure (CVE) ID: CVE-2008-5024
https://bugzilla.mozilla.org/show_bug.cgi?id=453915
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9063
http://www.securitytracker.com/id?1021192
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 32582 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.