Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:435

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52764

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:435

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:435.

Several bugs were found in the way Mozilla executes javascript code.
Javascript executed from a web page should run with a restricted access
level, preventing dangerous actions. It is possible that a malicious web
page could execute javascript code with elevated privileges, allowing
access to protected data and functions. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476,
CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues.

Users of Mozilla are advised to upgrade to this updated package, which
contains Mozilla version 1.7.8 to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-435.html
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.8

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-1476
BugTraq ID: 13544
http://www.securityfocus.com/bid/13544
BugTraq ID: 15495
http://www.securityfocus.com/bid/15495
CERT/CC vulnerability note: VU#534710
http://www.kb.cert.org/vuls/id/534710
http://marc.info/?l=full-disclosure&m=111553138007647&w=2
http://marc.info/?l=full-disclosure&m=111556301530553&w=2
http://greyhatsecurity.org/firefox.htm
http://greyhatsecurity.org/vulntests/ffrc.htm
https://bugzilla.mozilla.org/show_bug.cgi?id=292691
https://bugzilla.mozilla.org/show_bug.cgi?id=293302
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10045
http://www.redhat.com/support/errata/RHSA-2005-434.html
http://www.redhat.com/support/errata/RHSA-2005-435.html
SCO Security Bulletin: SCOSA-2005.49
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://securitytracker.com/id?1013913
http://secunia.com/advisories/15292
http://www.vupen.com/english/advisories/2005/0493
XForce ISS Database: mozilla-javascript-code-execution(20443)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20443
Common Vulnerability Exposure (CVE) ID: CVE-2005-1477
CERT/CC vulnerability note: VU#648758
http://www.kb.cert.org/vuls/id/648758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9231
Common Vulnerability Exposure (CVE) ID: CVE-2005-1531
1013962
http://securitytracker.com/id?1013962
1013963
http://securitytracker.com/id?1013963
13641
http://www.securityfocus.com/bid/13641
15495
ADV-2005-0530
http://www.vupen.com/english/advisories/2005/0530
RHSA-2005:434
RHSA-2005:435
SCOSA-2005.49
http://www.mozilla.org/security/announce/mfsa2005-43.html
oval:org.mitre.oval:def:100015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015
oval:org.mitre.oval:def:10351
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351
Common Vulnerability Exposure (CVE) ID: CVE-2005-1532
1013964
http://securitytracker.com/id?1013964
1013965
http://securitytracker.com/id?1013965
13645
http://www.securityfocus.com/bid/13645
19823
http://secunia.com/advisories/19823
RHSA-2005:601
http://www.redhat.com/support/errata/RHSA-2005-601.html
SUSE-SA:2006:022
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.mozilla.org/security/announce/mfsa2005-44.html
oval:org.mitre.oval:def:100014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014
oval:org.mitre.oval:def:10791
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52764
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:435
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:435. Several bugs were found in the way Mozilla executes javascript code. Javascript executed from a web page should run with a restricted access level, preventing dangerous actions. It is possible that a malicious web page could execute javascript code with elevated privileges, allowing access to protected data and functions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476, CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues. Users of Mozilla are advised to upgrade to this updated package, which contains Mozilla version 1.7.8 to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-435.html http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.8 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1476 BugTraq ID: 13544 http://www.securityfocus.com/bid/13544 BugTraq ID: 15495 http://www.securityfocus.com/bid/15495 CERT/CC vulnerability note: VU#534710 http://www.kb.cert.org/vuls/id/534710 http://marc.info/?l=full-disclosure&m=111553138007647&w=2 http://marc.info/?l=full-disclosure&m=111556301530553&w=2 http://greyhatsecurity.org/firefox.htm http://greyhatsecurity.org/vulntests/ffrc.htm https://bugzilla.mozilla.org/show_bug.cgi?id=292691 https://bugzilla.mozilla.org/show_bug.cgi?id=293302 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10045 http://www.redhat.com/support/errata/RHSA-2005-434.html http://www.redhat.com/support/errata/RHSA-2005-435.html SCO Security Bulletin: SCOSA-2005.49 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://securitytracker.com/id?1013913 http://secunia.com/advisories/15292 http://www.vupen.com/english/advisories/2005/0493 XForce ISS Database: mozilla-javascript-code-execution(20443) https://exchange.xforce.ibmcloud.com/vulnerabilities/20443 Common Vulnerability Exposure (CVE) ID: CVE-2005-1477 CERT/CC vulnerability note: VU#648758 http://www.kb.cert.org/vuls/id/648758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100001 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9231 Common Vulnerability Exposure (CVE) ID: CVE-2005-1531 1013962 http://securitytracker.com/id?1013962 1013963 http://securitytracker.com/id?1013963 13641 http://www.securityfocus.com/bid/13641 15495 ADV-2005-0530 http://www.vupen.com/english/advisories/2005/0530 RHSA-2005:434 RHSA-2005:435 SCOSA-2005.49 http://www.mozilla.org/security/announce/mfsa2005-43.html oval:org.mitre.oval:def:100015 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015 oval:org.mitre.oval:def:10351 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351 Common Vulnerability Exposure (CVE) ID: CVE-2005-1532 1013964 http://securitytracker.com/id?1013964 1013965 http://securitytracker.com/id?1013965 13645 http://www.securityfocus.com/bid/13645 19823 http://secunia.com/advisories/19823 RHSA-2005:601 http://www.redhat.com/support/errata/RHSA-2005-601.html SUSE-SA:2006:022 http://www.novell.com/linux/security/advisories/2006_04_25.html http://www.mozilla.org/security/announce/mfsa2005-44.html oval:org.mitre.oval:def:100014 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014 oval:org.mitre.oval:def:10791 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com