ID de Prueba:	1.3.6.1.4.1.25623.1.0.131115
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0427)
Resumen:	The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2015-0427 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) announced via the MGASA-2015-0427 advisory. Vulnerability Insight: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4513, CVE-2015-7189, CVE-2015-7194, CVE-2015-7196, CVE-2015-7198, CVE-2015-7197) A same-origin policy bypass flaw was found in the way Firefox handled certain cross-origin resource sharing (CORS) requests. A web page containing malicious content could cause Firefox to disclose sensitive information. (CVE-2015-7193) A same-origin policy bypass flaw was found in the way Firefox handled URLs containing IP addresses with white-space characters. This could lead to cross-site scripting attacks. (CVE-2015-7188) A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library. (CVE-2015-7181, CVE-2015-7182) A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library. (CVE-2015-7183) Note: Applications using NSPR's PL_ARENA_ALLOCATE, PR_ARENA_ALLOCATE, PL_ARENA_GROW, or PR_ARENA_GROW macros need to be rebuilt against the fixed nspr packages to completely resolve the CVE-2015-7183 issue. Affected Software/OS: 'firefox, firefox-l10n, nspr, nss, rootcerts' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4513 BugTraq ID: 77411 http://www.securityfocus.com/bid/77411 Debian Security Information: DSA-3393 (Google Search) http://www.debian.org/security/2015/dsa-3393 Debian Security Information: DSA-3410 (Google Search) http://www.debian.org/security/2015/dsa-3410 https://security.gentoo.org/glsa/201512-10 RedHat Security Advisories: RHSA-2015:1982 http://rhn.redhat.com/errata/RHSA-2015-1982.html RedHat Security Advisories: RHSA-2015:2519 http://rhn.redhat.com/errata/RHSA-2015-2519.html http://www.securitytracker.com/id/1034069 SuSE Security Announcement: SUSE-SU-2015:1926 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html SuSE Security Announcement: SUSE-SU-2015:1978 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html SuSE Security Announcement: SUSE-SU-2015:1981 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html SuSE Security Announcement: SUSE-SU-2015:2081 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html SuSE Security Announcement: openSUSE-SU-2015:1942 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html SuSE Security Announcement: openSUSE-SU-2015:2229 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html SuSE Security Announcement: openSUSE-SU-2015:2245 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html http://www.ubuntu.com/usn/USN-2785-1 http://www.ubuntu.com/usn/USN-2819-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-7181 BugTraq ID: 77416 http://www.securityfocus.com/bid/77416 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Debian Security Information: DSA-3688 (Google Search) http://www.debian.org/security/2016/dsa-3688 https://security.gentoo.org/glsa/201605-06 http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html RedHat Security Advisories: RHSA-2015:1980 http://rhn.redhat.com/errata/RHSA-2015-1980.html RedHat Security Advisories: RHSA-2015:1981 http://rhn.redhat.com/errata/RHSA-2015-1981.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753 http://www.ubuntu.com/usn/USN-2791-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-7182 Common Vulnerability Exposure (CVE) ID: CVE-2015-7183 BugTraq ID: 77415 http://www.securityfocus.com/bid/77415 Debian Security Information: DSA-3406 (Google Search) http://www.debian.org/security/2015/dsa-3406 http://www.ubuntu.com/usn/USN-2790-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-7188 Common Vulnerability Exposure (CVE) ID: CVE-2015-7189 Common Vulnerability Exposure (CVE) ID: CVE-2015-7193 Common Vulnerability Exposure (CVE) ID: CVE-2015-7194 Common Vulnerability Exposure (CVE) ID: CVE-2015-7196 Common Vulnerability Exposure (CVE) ID: CVE-2015-7197 Common Vulnerability Exposure (CVE) ID: CVE-2015-7198
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.