English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 76783 Descripciones CVE y
40246 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.55407
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2005:785
Resumen:Redhat Security Advisory RHSA-2005:785
Descripción:
The remote host is missing updates announced in
advisory RHSA-2005:785.

Mozilla Firefox is an open source Web browser.

A bug was found in the way Firefox processes XBM image files. If a user
views a specially crafted XBM file, it becomes possible to execute
arbitrary code as the user running Firefox. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-2701 to
this issue.

A bug was found in the way Firefox processes certain Unicode
sequences. It may be possible to execute arbitrary code as the user running
Firefox if the user views a specially crafted Unicode sequence. (CVE-2005-2702)

A bug was found in the way Firefox makes XMLHttp requests. It is possible
that a malicious web page could leverage this flaw to exploit other proxy
or server flaws from the victim's machine. It is also possible that this
flaw could be leveraged to send XMLHttp requests to hosts other than the
originator
the default behavior of the browser is to disallow this.
(CVE-2005-2703)

A bug was found in the way Firefox implemented its XBL interface. It may be
possible for a malicious web page to create an XBL binding in such a way
that would allow arbitrary JavaScript execution with chrome permissions.
Please note that in Firefox 1.0.6 this issue is not directly exploitable
and will need to leverage other unknown exploits. (CVE-2005-2704)

An integer overflow bug was found in Firefox's JavaScript engine. Under
favorable conditions, it may be possible for a malicious web page to
execute arbitrary code as the user running Firefox. (CVE-2005-2705)

A bug was found in the way Firefox displays about: pages. It is possible
for a malicious web page to open an about: page, such as about:mozilla, in
such a way that it becomes possible to execute JavaScript with chrome
privileges. (CVE-2005-2706)

A bug was found in the way Firefox opens new windows. It is possible for a
malicious web site to construct a new window without any user interface
components, such as the address bar and the status bar. This window could
then be used to mislead the user for malicious purposes. (CVE-2005-2707)

A bug was found in the way Firefox processes URLs passed to it on the
command line. If a user passes a malformed URL to Firefox, such as clicking
on a link in an instant messaging program, it is possible to execute
arbitrary commands as the user running Firefox. (CVE-2005-2968)

Users of Firefox are advised to upgrade to this updated package that
contains Firefox version 1.0.7 and is not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-785.html

Risk factor : High
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-2701
Debian Security Information: DSA-868 (Google Search)
http://www.debian.org/security/2005/dsa-868
Debian Security Information: DSA-838 (Google Search)
http://www.debian.org/security/2005/dsa-838
Debian Security Information: DSA-866 (Google Search)
http://www.debian.org/security/2005/dsa-866
http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:169
http://www.mandriva.com/security/advisories?name=MDKSA-2005:170
http://www.mandriva.com/security/advisories?name=MDKSA-2005:174
http://www.redhat.com/support/errata/RHSA-2005-785.html
http://www.redhat.com/support/errata/RHSA-2005-789.html
SCO Security Bulletin: SCOSA-2005.49
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
SuSE Security Announcement: SUSE-SA:2005:058 (Google Search)
http://www.novell.com/linux/security/advisories/2005_58_mozilla.html
http://www.ubuntu.com/usn/usn-200-1
BugTraq ID: 14916
http://www.securityfocus.com/bid/14916
BugTraq ID: 15495
http://www.securityfocus.com/bid/15495
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9323
http://www.vupen.com/english/advisories/2005/1824
http://www.osvdb.org/19643
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1480
http://securitytracker.com/id?1014954
http://secunia.com/advisories/16911
http://secunia.com/advisories/16917
http://secunia.com/advisories/17149
http://secunia.com/advisories/17284
http://secunia.com/advisories/17026
http://secunia.com/advisories/17263
http://secunia.com/advisories/16977
http://secunia.com/advisories/17014
XForce ISS Database: mozilla-xbm-bo(22373)
http://xforce.iss.net/xforce/xfdb/22373
Common Vulnerability Exposure (CVE) ID: CVE-2005-2702
http://www.redhat.com/support/errata/RHSA-2005-791.html
BugTraq ID: 14918
http://www.securityfocus.com/bid/14918
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11609
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1150
http://secunia.com/advisories/17042
http://secunia.com/advisories/17090
XForce ISS Database: mozilla-zerowidthnonjoiner-stack-corruption(22375)
http://xforce.iss.net/xforce/xfdb/22375
Common Vulnerability Exposure (CVE) ID: CVE-2005-2703
BugTraq ID: 14923
http://www.securityfocus.com/bid/14923
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10767
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1089
XForce ISS Database: mozilla-xmlhttprequest-spoofing(22376)
http://xforce.iss.net/xforce/xfdb/22376
Common Vulnerability Exposure (CVE) ID: CVE-2005-2704
BugTraq ID: 14921
http://www.securityfocus.com/bid/14921
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9784
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1272
XForce ISS Database: mozilla-thunderbird-xml-object-spoof(22824)
http://xforce.iss.net/xforce/xfdb/22824
Common Vulnerability Exposure (CVE) ID: CVE-2005-2705
https://bugzilla.mozilla.org/show_bug.cgi?id=303213
BugTraq ID: 14917
http://www.securityfocus.com/bid/14917
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10367
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1307
XForce ISS Database: mozilla-javascript-bo(22377)
http://xforce.iss.net/xforce/xfdb/22377
Common Vulnerability Exposure (CVE) ID: CVE-2005-2706
SuSE Security Announcement: SUSE-SA:2006:022 (Google Search)
http://www.novell.com/linux/security/advisories/2006_04_25.html
SuSE Security Announcement: SUSE-SA:2006:004 (Google Search)
BugTraq ID: 14920
http://www.securityfocus.com/bid/14920
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11317
http://www.osvdb.org/19648
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1443
http://secunia.com/advisories/19823
XForce ISS Database: mozilla-about-execute-code(22378)
http://xforce.iss.net/xforce/xfdb/22378
Common Vulnerability Exposure (CVE) ID: CVE-2005-2707
BugTraq ID: 14919
http://www.securityfocus.com/bid/14919
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11130
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1197
XForce ISS Database: mozilla-chrome-window-spoofing(22380)
http://xforce.iss.net/xforce/xfdb/22380
Common Vulnerability Exposure (CVE) ID: CVE-2005-2968
http://www.ubuntu.com/usn/usn-186-1
http://www.ubuntu.com/usn/usn-186-2
CERT/CC vulnerability note: VU#914681
http://www.kb.cert.org/vuls/id/914681
BugTraq ID: 14888
http://www.securityfocus.com/bid/14888
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11105
http://www.vupen.com/english/advisories/2005/1794
http://secunia.com/advisories/16869
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 40246 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.