English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.51370
Categoría:Conectiva Local Security Checks
Título:Conectiva Security Advisory CLA-2004:877
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory CLA-2004:877.

Mozilla[1] is an open-source web browser designed for standards
compliance, performance and portability.

This announcement updates mozilla packages for Conectiva Linux 9 and
10 to mozilla version 1.7.3. This updates fixes lots of
vulnerabilities, which the most recent and important is listed
bellow:

CVE-2004-0597: multiple buffer overflows in libpng
CVE-2004-0598: denial of service via a certain PNG image
CVE-2004-0599: multiple integer overflows in libpng
CVE-2004-0718: content in unrelated windows could be modified
CVE-2004-0722: integer overflow in the SOAPParameter object
constructor
CVE-2004-0757: heap-based buffer overflow in the SendUidl of POP3
code
CVE-2004-0758: denial-of-service with malicious SSL certificates
CVE-2004-0759: read files via JavaScript
CVE-2004-0760: MIME code handles %00 incorrectly
CVE-2004-0761: spoofing of security lock icon
CVE-2004-0763: spoofing of SSL certificates by using redirects and
JavaScript
CVE-2004-0764: hijacking the user interface via the chrome flag and
XML User Interface Language (XUL) files
CVE-2004-0765: spoofing SSL certificates due to incorrecting
comparsion of hostnames
CVE-2004-0902: Several heap based buffer overflows in Mozilla
Browsers.
CVE-2004-0903: Stack-based buffer overflow in the writeGroup function
in vcard handling.
CVE-2004-0904: Buffer overflow in BMP images decoding.
CVE-2004-0905: Crossdomain scripting and possible code execution by
javascript drag and drop.
CVE-2004-0906: XPI Installer sets insecure permissions, allowing
local users to overwrite files of the user.
CVE-2004-0908: Allow untrusted javascript code to read and write to
the clipboard.
CVE-2004-0909: Allow remote attackers to trick the user into
performing dangerous operations by modifying security relevant dialog
boxes.

For further information on the vulnerabilities, please, refer to
mozilla's security page, located at
http://www.mozilla.org/projects/security/known-vulnerabilities.html


Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://www.mozilla.org/
http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:877
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0597
http://lists.apple.com/mhonarc/security-announce/msg00056.html
BugTraq ID: 10857
http://www.securityfocus.com/bid/10857
BugTraq ID: 15495
http://www.securityfocus.com/bid/15495
Bugtraq: 20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png) (Google Search)
http://marc.info/?l=bugtraq&m=109163866717909&w=2
Bugtraq: 20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit (Google Search)
http://marc.info/?l=bugtraq&m=110796779903455&w=2
Cert/CC Advisory: TA04-217A
http://www.us-cert.gov/cas/techalerts/TA04-217A.html
Cert/CC Advisory: TA05-039A
http://www.us-cert.gov/cas/techalerts/TA05-039A.html
CERT/CC vulnerability note: VU#388984
http://www.kb.cert.org/vuls/id/388984
CERT/CC vulnerability note: VU#817368
http://www.kb.cert.org/vuls/id/817368
Conectiva Linux advisory: CLA-2004:856
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856
Debian Security Information: DSA-536 (Google Search)
http://www.debian.org/security/2004/dsa-536
https://bugzilla.fedora.us/show_bug.cgi?id=1943
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml
http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml
HPdes Security Advisory: SSRT4778
http://marc.info/?l=bugtraq&m=109181639602978&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2004:079
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
http://www.mandriva.com/security/advisories?name=MDKSA-2006:213
http://scary.beasts.org/security/CESA-2004-001.txt
http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10
Microsoft Security Bulletin: MS05-009
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709
http://www.redhat.com/support/errata/RHSA-2004-402.html
http://www.redhat.com/support/errata/RHSA-2004-421.html
http://www.redhat.com/support/errata/RHSA-2004-429.html
SCO Security Bulletin: SCOSA-2004.16
http://marc.info/?l=bugtraq&m=109761239318458&w=2
SCO Security Bulletin: SCOSA-2005.49
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://secunia.com/advisories/22957
http://secunia.com/advisories/22958
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1
SuSE Security Announcement: SUSE-SA:2004:023 (Google Search)
http://www.novell.com/linux/security/advisories/2004_23_libpng.html
http://www.trustix.net/errata/2004/0040/
XForce ISS Database: libpng-pnghandle-bo(16894)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16894
Common Vulnerability Exposure (CVE) ID: CVE-2004-0598
CERT/CC vulnerability note: VU#236656
http://www.kb.cert.org/vuls/id/236656
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10203
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2572
XForce ISS Database: libpng-pnghandleiccp-dos(16895)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16895
Common Vulnerability Exposure (CVE) ID: CVE-2004-0599
CERT/CC vulnerability note: VU#160448
http://www.kb.cert.org/vuls/id/160448
CERT/CC vulnerability note: VU#286464
http://www.kb.cert.org/vuls/id/286464
CERT/CC vulnerability note: VU#477512
http://www.kb.cert.org/vuls/id/477512
Debian Security Information: DSA-570 (Google Search)
http://www.debian.org/security/2004/dsa-570
Debian Security Information: DSA-571 (Google Search)
http://www.debian.org/security/2004/dsa-571
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10938
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1479
XForce ISS Database: lilbpng-integer-bo(16896)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16896
Common Vulnerability Exposure (CVE) ID: CVE-2004-0718
Debian Security Information: DSA-777 (Google Search)
http://www.debian.org/security/2005/dsa-777
Debian Security Information: DSA-810 (Google Search)
http://www.debian.org/security/2005/dsa-810
http://www.mandriva.com/security/advisories?name=MDKSA-2004:082
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997
http://secunia.com/advisories/11978
SuSE Security Announcement: SUSE-SA:2004:036 (Google Search)
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
XForce ISS Database: http-frame-spoof(1598)
https://exchange.xforce.ibmcloud.com/vulnerabilities/1598
Common Vulnerability Exposure (CVE) ID: CVE-2004-0722
http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4629
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9378
XForce ISS Database: mozilla-netscape-soapparameter-bo(16862)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16862
Common Vulnerability Exposure (CVE) ID: CVE-2004-0757
CERT/CC vulnerability note: VU#561022
http://www.kb.cert.org/vuls/id/561022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250
http://secunia.com/advisories/10856
XForce ISS Database: mozilla-senduidl-pop3-bo(16869)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16869
Common Vulnerability Exposure (CVE) ID: CVE-2004-0758
CERT/CC vulnerability note: VU#784278
http://www.kb.cert.org/vuls/id/784278
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134
XForce ISS Database: mozilla-certificate-dos(16706)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16706
Common Vulnerability Exposure (CVE) ID: CVE-2004-0759
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11153
XForce ISS Database: mozilla-warning-file-upload(16870)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16870
Common Vulnerability Exposure (CVE) ID: CVE-2004-0760
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1227
XForce ISS Database: mozilla-modify-mime-type(16691)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16691
Common Vulnerability Exposure (CVE) ID: CVE-2004-0761
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3603
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9240
XForce ISS Database: mozilla-redirect-ssl-spoof(16871)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16871
Common Vulnerability Exposure (CVE) ID: CVE-2004-0763
Bugtraq: 20040726 Mozilla Firefox Certificate Spoofing (Google Search)
http://marc.info/?l=bugtraq&m=109087067730938&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/024372.html
http://www.cipher.org.uk/index.php?p=advisories/Certificate_Spoofing_Mozilla_FireFox_25-07-2004.advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3989
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9436
http://secunia.com/advisories/12160/
XForce ISS Database: mozilla-ssl-certificate-spoofing(16796)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16796
Common Vulnerability Exposure (CVE) ID: CVE-2004-0764
BugTraq ID: 10832
http://www.securityfocus.com/bid/10832
CERT/CC vulnerability note: VU#262350
http://www.kb.cert.org/vuls/id/262350
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2418
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9419
http://secunia.com/advisories/12188
XForce ISS Database: mozilla-user-interface-spoofing(16837)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16837
Common Vulnerability Exposure (CVE) ID: CVE-2004-0765
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11162
XForce ISS Database: mozilla-certtesthostname-certificate-spoof(16868)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16868
Common Vulnerability Exposure (CVE) ID: CVE-2004-0902
Cert/CC Advisory: TA04-261A
http://www.us-cert.gov/cas/techalerts/TA04-261A.html
CERT/CC vulnerability note: VU#125776
CERT/CC vulnerability note: VU#327560
CERT/CC vulnerability note: VU#808216
http://security.gentoo.org/glsa/glsa-200409-26.xml
HPdes Security Advisory: SSRT4826
http://marc.info/?l=bugtraq&m=109698896104418&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11201
XForce ISS Database: mozilla-netscape-nonascii-bo(17378)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17378
XForce ISS Database: mozilla-nspop3protocol-bo(17379)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17379
Common Vulnerability Exposure (CVE) ID: CVE-2004-0903
BugTraq ID: 11174
http://www.securityfocus.com/bid/11174
CERT/CC vulnerability note: VU#414240
http://www.kb.cert.org/vuls/id/414240
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10873
XForce ISS Database: mozilla-netscape-nsvcardobj-bo(17380)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17380
Common Vulnerability Exposure (CVE) ID: CVE-2004-0904
BugTraq ID: 11171
http://www.securityfocus.com/bid/11171
CERT/CC vulnerability note: VU#847200
http://www.kb.cert.org/vuls/id/847200
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10952
XForce ISS Database: mozilla-netscape-bmp-bo(17381)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17381
Common Vulnerability Exposure (CVE) ID: CVE-2004-0905
BugTraq ID: 11177
http://www.securityfocus.com/bid/11177
CERT/CC vulnerability note: VU#651928
http://www.kb.cert.org/vuls/id/651928
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378
XForce ISS Database: mozilla-netscape-sameorigin-bypass(17374)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17374
Common Vulnerability Exposure (CVE) ID: CVE-2004-0906
BugTraq ID: 11192
http://www.securityfocus.com/bid/11192
CERT/CC vulnerability note: VU#653160
http://www.kb.cert.org/vuls/id/653160
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11668
http://www.redhat.com/support/errata/RHSA-2005-323.html
http://secunia.com/advisories/12526/
XForce ISS Database: mozilla-insecure-file-permissions(17375)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17375
Common Vulnerability Exposure (CVE) ID: CVE-2004-0908
BugTraq ID: 11179
http://www.securityfocus.com/bid/11179
CERT/CC vulnerability note: VU#460528
http://www.kb.cert.org/vuls/id/460528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9745
http://secunia.com/advisories/12526
XForce ISS Database: mozilla-shortcut-clipboard-access(17376)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17376
Common Vulnerability Exposure (CVE) ID: CVE-2004-0909
CERT/CC vulnerability note: VU#113192
http://www.kb.cert.org/vuls/id/113192
XForce ISS Database: mozilla-enableprivilege-modify-dialog(17377)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17377
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.