English | Deutsch | Español | Português
 Benutzerkennung:
 Passwort:
Registrieren
 About:   Dediziert  | Erweitert  | Standard  | Wiederkehrend  | Risikolos  | Desktop  | Basis  | Einmalig  | Sicherheits Siegel  | FAQ
  Preis/Funktionszusammenfassung  | Bestellen  | Neue Anfälligkeiten  | Vertraulichkeit  | Anfälligkeiten Suche
 Anfälligkeitssuche        Suche in 75803 CVE Beschreibungen
und 40037 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.64254
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 1820-1 (xulrunner)
Zusammenfassung:Debian Security Advisory DSA 1820-1 (xulrunner)
Beschreibung:The remote host is missing an update to xulrunner
announced via advisory DSA 1820-1.

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications, such as the Iceweasel web
browser. The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2009-1392

Several issues in the browser engine have been discovered, which can
result in the execution of arbitrary code. (MFSA 2009-24)

CVE-2009-1832

It is possible to execute arbitrary code via vectors involving double
frame construction. (MFSA 2009-24)

CVE-2009-1833

Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript
engine, which could lead to the execution of arbitrary code.
(MFSA 2009-24)

CVE-2009-1834

Pavel Cvrcek discovered a potential issue leading to a spoofing attack
on the location bar related to certain invalid unicode characters.
(MFSA 2009-25)

CVE-2009-1835

Gregory Fleischer discovered that it is possible to read arbitrary
cookies via a crafted HTML document. (MFSA 2009-26)

CVE-2009-1836

Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential
man-in-the-middle attack, when using a proxy due to insufficient checks
on a certain proxy response. (MFSA 2009-27)

CVE-2009-1837

Jakob Balle and Carsten Eiram reported a race condition in the
NPObjWrapper_NewResolve function that can be used to execute arbitrary
code. (MFSA 2009-28)

CVE-2009-1838

moz_bug_r_a4 discovered that it is possible to execute arbitrary
JavaScript with chrome privileges due to an error in the
garbage-collection implementation. (MFSA 2009-29)

CVE-2009-1839

Adam Barth and Collin Jackson reported a potential privilege escalation
when loading a file::resource via the location bar. (MFSA 2009-30)

CVE-2009-1840

Wladimir Palant discovered that it is possible to bypass access
restrictions due to a lack of content policy check, when loading a
script file into a XUL document. (MFSA 2009-31)

CVE-2009-1841

moz_bug_r_a4 reported that it is possible for scripts from page content
to run with elevated privileges and thus potentially executing arbitrary
code with the object's chrome privileges. (MFSA 2009-32)



For the stable distribution (lenny), these problems have been fixed in
version 1.9.0.11-0lenny1.

As indicated in the Etch release notes, security support for the
Mozilla products in the oldstable distribution needed to be stopped
before the end of the regular Etch security maintenance life cycle.
You are strongly encouraged to upgrade to stable or switch to a still
supported browser.

For the testing distribution (squeeze), these problems will be fixed
soon.

For the unstable distribution (sid), these problems have been fixed in
version 1.9.0.11-1.

We recommend that you upgrade your xulrunner packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201820-1
Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-1392
Debian Security Information: DSA-1820 (Google Search)
http://www.debian.org/security/2009/dsa-1820
Debian Security Information: DSA-1830 (Google Search)
http://www.debian.org/security/2009/dsa-1830
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
RedHat Security Advisories: RHSA-2009:1095
https://rhn.redhat.com/errata/RHSA-2009-1095.html
RedHat Security Advisories: RHSA-2009:1096
http://rhn.redhat.com/errata/RHSA-2009-1096.html
http://www.redhat.com/support/errata/RHSA-2009-1125.html
http://www.redhat.com/support/errata/RHSA-2009-1126.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1
http://www.ubuntu.com/usn/usn-782-1
BugTraq ID: 35326
http://www.securityfocus.com/bid/35326
BugTraq ID: 35370
http://www.securityfocus.com/bid/35370
http://osvdb.org/55144
http://osvdb.org/55145
http://osvdb.org/55146
http://osvdb.org/55147
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9501
http://securitytracker.com/id?1022376
http://www.securitytracker.com/id?1022397
http://secunia.com/advisories/35331
http://secunia.com/advisories/35428
http://secunia.com/advisories/35431
http://secunia.com/advisories/35439
http://secunia.com/advisories/35440
http://secunia.com/advisories/35468
http://secunia.com/advisories/35536
http://secunia.com/advisories/35415
http://secunia.com/advisories/35561
http://secunia.com/advisories/35602
http://www.vupen.com/english/advisories/2009/1572
http://www.vupen.com/english/advisories/2009/2152
Common Vulnerability Exposure (CVE) ID: CVE-2009-1832
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
BugTraq ID: 35371
http://www.securityfocus.com/bid/35371
http://osvdb.org/55148
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10237
http://secunia.com/advisories/35882
Common Vulnerability Exposure (CVE) ID: CVE-2009-1833
BugTraq ID: 35372
http://www.securityfocus.com/bid/35372
http://osvdb.org/55152
http://osvdb.org/55153
http://osvdb.org/55154
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11487
Common Vulnerability Exposure (CVE) ID: CVE-2009-1834
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
BugTraq ID: 35388
http://www.securityfocus.com/bid/35388
http://osvdb.org/55162
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10436
Common Vulnerability Exposure (CVE) ID: CVE-2009-1835
BugTraq ID: 35391
http://www.securityfocus.com/bid/35391
http://osvdb.org/55161
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9803
Common Vulnerability Exposure (CVE) ID: CVE-2009-1836
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
BugTraq ID: 35380
http://www.securityfocus.com/bid/35380
http://osvdb.org/55160
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11764
http://www.securitytracker.com/id?1022396
Common Vulnerability Exposure (CVE) ID: CVE-2009-1837
Bugtraq: 20090612 Secunia Research: Mozilla Firefox Java Applet Loading Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504260/100/0/threaded
http://secunia.com/secunia_research/2009-19/
BugTraq ID: 35360
http://www.securityfocus.com/bid/35360
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10628
http://www.securitytracker.com/id?1022386
http://secunia.com/advisories/34241
Common Vulnerability Exposure (CVE) ID: CVE-2009-1838
BugTraq ID: 35383
http://www.securityfocus.com/bid/35383
http://osvdb.org/55157
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11080
Common Vulnerability Exposure (CVE) ID: CVE-2009-1839
BugTraq ID: 35386
http://www.securityfocus.com/bid/35386
http://osvdb.org/55163
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9256
Common Vulnerability Exposure (CVE) ID: CVE-2009-1840
http://osvdb.org/55158
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9448
http://www.securitytracker.com/id?1022379
XForce ISS Database: firefox-xul-security-bypass(51076)
http://xforce.iss.net/xforce/xfdb/51076
Common Vulnerability Exposure (CVE) ID: CVE-2009-1841
BugTraq ID: 35373
http://www.securityfocus.com/bid/35373
http://osvdb.org/55159
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9815
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 40037 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:
Benutzerkennung:
Passwort:
Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.
Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.
   Datenschutz
Anmeldung für registrierte Benutzer
 
Benutzerkennung:   
Passwort:  

 Benutzerkennung oder Passwort vergessen?
Email/Benutzerkennung:




Startseite | Über uns | Kontakt | Partnerprogramme | Developer APIs | Datenschutz | Mailinglisten | Missbrauch
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois

© 1998-2014 E-Soft Inc. Alle Rechte vorbehalten.