FreeBSD Local Security Checks : FreeBSD Ports: firefox

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52379

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: firefox

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

firefox
linux-mozilla
linux-mozilla-devel
mozilla
mozilla-gtk1

CVE-2004-0758
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even
when their DN is the same as that of the built-in CA root certificate,
which allows remote attackers to cause a denial of service to SSL
pages because the malicious certificate is treated as invalid.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0758
BugTraq ID: 15495
http://www.securityfocus.com/bid/15495
CERT/CC vulnerability note: VU#784278
http://www.kb.cert.org/vuls/id/784278
http://marc.info/?l=bugtraq&m=109900315219363&w=2
http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134
http://www.redhat.com/support/errata/RHSA-2004-421.html
SCO Security Bulletin: SCOSA-2005.49
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
SuSE Security Announcement: SUSE-SA:2004:036 (Google Search)
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
XForce ISS Database: mozilla-certificate-dos(16706)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16706

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52379
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: firefox
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: firefox linux-mozilla linux-mozilla-devel mozilla mozilla-gtk1 CVE-2004-0758 Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0758 BugTraq ID: 15495 http://www.securityfocus.com/bid/15495 CERT/CC vulnerability note: VU#784278 http://www.kb.cert.org/vuls/id/784278 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10304 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3134 http://www.redhat.com/support/errata/RHSA-2004-421.html SCO Security Bulletin: SCOSA-2005.49 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt SuSE Security Announcement: SUSE-SA:2004:036 (Google Search) http://www.novell.com/linux/security/advisories/2004_36_mozilla.html XForce ISS Database: mozilla-certificate-dos(16706) https://exchange.xforce.ibmcloud.com/vulnerabilities/16706
Copyright	Copyright (C) 2008 E-Soft Inc.