 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.51179 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2004:486 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2004:486. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Jesse Ruderman discovered a cross-domain scripting bug in Mozilla. If a user is tricked into dragging a javascript link into another frame or page, it becomes possible for an attacker to steal or modify sensitive information from that site. Additionally, if a user is tricked into dragging two links in sequence to another window (not frame), it is possible for the attacker to execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0905 to this issue. Gael Delalleau discovered an integer overflow which affects the BMP handling code inside Mozilla. An attacker could create a carefully crafted BMP file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0904 to this issue. Georgi Guninski discovered a stack-based buffer overflow in the vCard display routines. An attacker could create a carefully crafted vCard file in such a way that it would cause Mozilla to crash or execute arbitrary code when viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0903 to this issue. Wladimir Palant discovered a flaw in the way javascript interacts with the clipboard. It is possible that an attacker could use malicious javascript code to steal sensitive data which has been copied into the clipboard. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0908 to this issue. Georgi Guninski discovered a heap based buffer overflow in the Send Page feature. It is possible that an attacker could construct a link in such a way that a user attempting to forward it could result in a crash or arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0902 to this issue. Users of Mozilla should update to these updated packages, which contain backported patches and are not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-486.html http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 http://secunia.com/advisories/12526/ Risk factor : Critical CVSS Score: 10.0 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0902 Cert/CC Advisory: TA04-261A http://www.us-cert.gov/cas/techalerts/TA04-261A.html CERT/CC vulnerability note: VU#125776 CERT/CC vulnerability note: VU#327560 CERT/CC vulnerability note: VU#808216 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://security.gentoo.org/glsa/glsa-200409-26.xml HPdes Security Advisory: SSRT4826 http://marc.info/?l=bugtraq&m=109698896104418&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201 SuSE Security Announcement: SUSE-SA:2004:036 (Google Search) http://www.novell.com/linux/security/advisories/2004_36_mozilla.html XForce ISS Database: mozilla-netscape-nonascii-bo(17378) https://exchange.xforce.ibmcloud.com/vulnerabilities/17378 XForce ISS Database: mozilla-nspop3protocol-bo(17379) https://exchange.xforce.ibmcloud.com/vulnerabilities/17379 Common Vulnerability Exposure (CVE) ID: CVE-2004-0903 BugTraq ID: 11174 http://www.securityfocus.com/bid/11174 CERT/CC vulnerability note: VU#414240 http://www.kb.cert.org/vuls/id/414240 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873 XForce ISS Database: mozilla-netscape-nsvcardobj-bo(17380) https://exchange.xforce.ibmcloud.com/vulnerabilities/17380 Common Vulnerability Exposure (CVE) ID: CVE-2004-0904 BugTraq ID: 11171 http://www.securityfocus.com/bid/11171 CERT/CC vulnerability note: VU#847200 http://www.kb.cert.org/vuls/id/847200 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952 XForce ISS Database: mozilla-netscape-bmp-bo(17381) https://exchange.xforce.ibmcloud.com/vulnerabilities/17381 Common Vulnerability Exposure (CVE) ID: CVE-2004-0905 BugTraq ID: 11177 http://www.securityfocus.com/bid/11177 CERT/CC vulnerability note: VU#651928 http://www.kb.cert.org/vuls/id/651928 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378 XForce ISS Database: mozilla-netscape-sameorigin-bypass(17374) https://exchange.xforce.ibmcloud.com/vulnerabilities/17374 Common Vulnerability Exposure (CVE) ID: CVE-2004-0908 BugTraq ID: 11179 http://www.securityfocus.com/bid/11179 CERT/CC vulnerability note: VU#460528 http://www.kb.cert.org/vuls/id/460528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745 http://secunia.com/advisories/12526 XForce ISS Database: mozilla-shortcut-clipboard-access(17376) https://exchange.xforce.ibmcloud.com/vulnerabilities/17376 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |