Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:107 (mozilla)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50591

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2004:107 (mozilla)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to mozilla
announced via advisory MDKSA-2004:107.

A number of vulnerabilities were fixed in mozilla 1.7.3, the following
of which have been backported to mozilla packages for Mandrakelinux
10.0:

- Send page heap overrun
- javascript clipboard access
- buffer overflow when displaying VCard
- BMP integer overflow
- javascript: link dragging
- Malicious POP3 server III

The details of all of these vulnerabilities are available from the
Mozilla website.

Affected versions: 10.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0902
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0903
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0904
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0908
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0902
Cert/CC Advisory: TA04-261A
http://www.us-cert.gov/cas/techalerts/TA04-261A.html
CERT/CC vulnerability note: VU#125776
CERT/CC vulnerability note: VU#327560
CERT/CC vulnerability note: VU#808216
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://security.gentoo.org/glsa/glsa-200409-26.xml
HPdes Security Advisory: SSRT4826
http://marc.info/?l=bugtraq&m=109698896104418&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201
SuSE Security Announcement: SUSE-SA:2004:036 (Google Search)
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
XForce ISS Database: mozilla-netscape-nonascii-bo(17378)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17378
XForce ISS Database: mozilla-nspop3protocol-bo(17379)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17379
Common Vulnerability Exposure (CVE) ID: CVE-2004-0903
BugTraq ID: 11174
http://www.securityfocus.com/bid/11174
CERT/CC vulnerability note: VU#414240
http://www.kb.cert.org/vuls/id/414240
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873
XForce ISS Database: mozilla-netscape-nsvcardobj-bo(17380)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
Common Vulnerability Exposure (CVE) ID: CVE-2004-0904
BugTraq ID: 11171
http://www.securityfocus.com/bid/11171
CERT/CC vulnerability note: VU#847200
http://www.kb.cert.org/vuls/id/847200
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952
XForce ISS Database: mozilla-netscape-bmp-bo(17381)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17381
Common Vulnerability Exposure (CVE) ID: CVE-2004-0905
BugTraq ID: 11177
http://www.securityfocus.com/bid/11177
CERT/CC vulnerability note: VU#651928
http://www.kb.cert.org/vuls/id/651928
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378
XForce ISS Database: mozilla-netscape-sameorigin-bypass(17374)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17374
Common Vulnerability Exposure (CVE) ID: CVE-2004-0908
BugTraq ID: 11179
http://www.securityfocus.com/bid/11179
CERT/CC vulnerability note: VU#460528
http://www.kb.cert.org/vuls/id/460528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745
http://secunia.com/advisories/12526
XForce ISS Database: mozilla-shortcut-clipboard-access(17376)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17376

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50591
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:107 (mozilla)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to mozilla announced via advisory MDKSA-2004:107. A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrakelinux 10.0: - Send page heap overrun - javascript clipboard access - buffer overflow when displaying VCard - BMP integer overflow - javascript: link dragging - Malicious POP3 server III The details of all of these vulnerabilities are available from the Mozilla website. Affected versions: 10.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0902 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0903 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0904 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0905 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0908 http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0902 Cert/CC Advisory: TA04-261A http://www.us-cert.gov/cas/techalerts/TA04-261A.html CERT/CC vulnerability note: VU#125776 CERT/CC vulnerability note: VU#327560 CERT/CC vulnerability note: VU#808216 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://security.gentoo.org/glsa/glsa-200409-26.xml HPdes Security Advisory: SSRT4826 http://marc.info/?l=bugtraq&m=109698896104418&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201 SuSE Security Announcement: SUSE-SA:2004:036 (Google Search) http://www.novell.com/linux/security/advisories/2004_36_mozilla.html XForce ISS Database: mozilla-netscape-nonascii-bo(17378) https://exchange.xforce.ibmcloud.com/vulnerabilities/17378 XForce ISS Database: mozilla-nspop3protocol-bo(17379) https://exchange.xforce.ibmcloud.com/vulnerabilities/17379 Common Vulnerability Exposure (CVE) ID: CVE-2004-0903 BugTraq ID: 11174 http://www.securityfocus.com/bid/11174 CERT/CC vulnerability note: VU#414240 http://www.kb.cert.org/vuls/id/414240 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873 XForce ISS Database: mozilla-netscape-nsvcardobj-bo(17380) https://exchange.xforce.ibmcloud.com/vulnerabilities/17380 Common Vulnerability Exposure (CVE) ID: CVE-2004-0904 BugTraq ID: 11171 http://www.securityfocus.com/bid/11171 CERT/CC vulnerability note: VU#847200 http://www.kb.cert.org/vuls/id/847200 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952 XForce ISS Database: mozilla-netscape-bmp-bo(17381) https://exchange.xforce.ibmcloud.com/vulnerabilities/17381 Common Vulnerability Exposure (CVE) ID: CVE-2004-0905 BugTraq ID: 11177 http://www.securityfocus.com/bid/11177 CERT/CC vulnerability note: VU#651928 http://www.kb.cert.org/vuls/id/651928 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378 XForce ISS Database: mozilla-netscape-sameorigin-bypass(17374) https://exchange.xforce.ibmcloud.com/vulnerabilities/17374 Common Vulnerability Exposure (CVE) ID: CVE-2004-0908 BugTraq ID: 11179 http://www.securityfocus.com/bid/11179 CERT/CC vulnerability note: VU#460528 http://www.kb.cert.org/vuls/id/460528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745 http://secunia.com/advisories/12526 XForce ISS Database: mozilla-shortcut-clipboard-access(17376) https://exchange.xforce.ibmcloud.com/vulnerabilities/17376
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com