Test Kennung:	1.3.6.1.4.1.25623.1.0.69067
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2011:041 (firefox)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to firefox announced via advisory MDVSA-2011:041. Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. (CVE-2011-0059) Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. (CVE-2011-0061) The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. (CVE-2010-1585) Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run. (CVE-2011-0058) Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection. (CVE-2011-0057) Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an atom map issue. (CVE-2011-0056) Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an upvarMap issue. (CVE-2011-0054) Use-after-free vulnerability in the JSON.stringify method in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors. (CVE-2011-0055) Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. (CVE-2011-0051) Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-0062) Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 Additionally, some packages which require so, have been rebuilt and are being provided as updates. Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:041 http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.14 Risk factor : Critical CVSS Score: 10.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0059 BugTraq ID: 46652 http://www.securityfocus.com/bid/46652 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14473 http://www.redhat.com/support/errata/RHSA-2011-0313.html Common Vulnerability Exposure (CVE) ID: CVE-2011-0061 BugTraq ID: 46651 http://www.securityfocus.com/bid/46651 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14486 Common Vulnerability Exposure (CVE) ID: CVE-2010-1585 Bugtraq: 20100421 Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox & Exploiting Cross Context Scripting vulnerabilities in Firefox (Google Search) http://www.securityfocus.com/archive/1/510883/100/0/threaded http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/ http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12532 Common Vulnerability Exposure (CVE) ID: CVE-2011-0058 BugTraq ID: 46660 http://www.securityfocus.com/bid/46660 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14254 Common Vulnerability Exposure (CVE) ID: CVE-2011-0057 BugTraq ID: 46663 http://www.securityfocus.com/bid/46663 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14200 Common Vulnerability Exposure (CVE) ID: CVE-2011-0056 BugTraq ID: 46650 http://www.securityfocus.com/bid/46650 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14013 Common Vulnerability Exposure (CVE) ID: CVE-2011-0054 BugTraq ID: 46648 http://www.securityfocus.com/bid/46648 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14018 Common Vulnerability Exposure (CVE) ID: CVE-2011-0055 BugTraq ID: 46661 http://www.securityfocus.com/bid/46661 Bugtraq: 20110302 ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/516802 http://www.zerodayinitiative.com/advisories/ZDI-11-103/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14476 Common Vulnerability Exposure (CVE) ID: CVE-2011-0051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211 http://www.redhat.com/support/errata/RHSA-2011-0312.html Common Vulnerability Exposure (CVE) ID: CVE-2011-0062 BugTraq ID: 46647 http://www.securityfocus.com/bid/46647 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14409
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.