English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.831444
Kategorie:Mandrake Local Security Checks
Titel:Mandriva Update for mozilla MDVSA-2011:127 (mozilla)
Zusammenfassung:The remote host is missing an update for the 'mozilla'; package(s) announced via the referenced advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'mozilla'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Security issues were identified and fixed in mozilla firefox and
thunderbird:

Mozilla developers and community members identified and fixed several
memory safety bugs in the browser engine used in Firefox 3.6 and
other Mozilla-based products. Some of these bugs showed evidence of
memory corruption under certain circumstances, and we presume that
with enough effort at least some of these could be exploited to run
arbitrary code (CVE-2011-2982).

Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that a SVG text manipulation routine contained a dangling
pointer vulnerability (CVE-2011-0084).

Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in
event management code that would permit JavaScript to be run in the
wrong context, including that of a different website or potentially
in a chrome-privileged context (CVE-2011-2981).

Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that appendChild did not correctly account for DOM objects
it operated upon and could be exploited to dereference an invalid
pointer (CVE-2011-2378).

Mozilla security researcher moz_bug_r_a4 reported that web content
could receive chrome privileges if it registered for drop events and a
browser tab element was dropped into the content area (CVE-2011-2984).

Security researcher Mitja Kolsek of Acros Security reported that
ThinkPadSensor::Startup could potentially be exploited to load a
malicious DLL into the running process (CVE-2011-2980).

Security researcher shutdown reported that data from other domains
could be read when RegExp.input was set (CVE-2011-2983).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

Affected Software/OS:
mozilla on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-2982
Debian Security Information: DSA-2295 (Google Search)
http://www.debian.org/security/2011/dsa-2295
Debian Security Information: DSA-2296 (Google Search)
http://www.debian.org/security/2011/dsa-2296
Debian Security Information: DSA-2297 (Google Search)
http://www.debian.org/security/2011/dsa-2297
http://www.mandriva.com/security/advisories?name=MDVSA-2011:127
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14294
http://www.redhat.com/support/errata/RHSA-2011-1164.html
http://www.redhat.com/support/errata/RHSA-2011-1165.html
http://www.redhat.com/support/errata/RHSA-2011-1166.html
http://www.redhat.com/support/errata/RHSA-2011-1167.html
http://www.securitytracker.com/id?1025940
SuSE Security Announcement: SUSE-SA:2011:037 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html
SuSE Security Announcement: SUSE-SU-2011:0967 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-0084
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14502
Common Vulnerability Exposure (CVE) ID: CVE-2011-2981
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14512
Common Vulnerability Exposure (CVE) ID: CVE-2011-2378
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14163
Common Vulnerability Exposure (CVE) ID: CVE-2011-2984
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14358
Common Vulnerability Exposure (CVE) ID: CVE-2011-2980
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14436
Common Vulnerability Exposure (CVE) ID: CVE-2011-2983
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14272
CopyrightCopyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.