ID de Prueba:	1.3.6.1.4.1.25623.1.0.56235
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0199
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0199. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Igor Bukanov discovered a bug in the way Mozilla's Javascript interpreter dereferences objects. If a user visits a malicious web page, Mozilla could crash or execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Mozilla to execute arbitrary javascript when a user runs Mozilla. (CVE-2006-0296) A denial of service bug was found in the way Mozilla saves history information. If a user visits a web page with a very long title, it is possible Mozilla will crash or take a very long time the next time it is run. (CVE-2005-4134) Note that the Red Hat Enterprise Linux 3 packages also fix a bug when using XSLT to transform documents. Passing DOM Nodes as parameters to functions expecting an xsl:param could cause Mozilla to throw an exception. Users of Mozilla are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0199.html Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4134 BugTraq ID: 15773 http://www.securityfocus.com/bid/15773 BugTraq ID: 16476 http://www.securityfocus.com/bid/16476 Debian Security Information: DSA-1044 (Google Search) http://www.debian.org/security/2006/dsa-1044 Debian Security Information: DSA-1046 (Google Search) http://www.debian.org/security/2006/dsa-1046 Debian Security Information: DSA-1051 (Google Search) http://www.debian.org/security/2006/dsa-1051 http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html http://www.securityfocus.com/archive/1/425978/100/0/threaded http://www.securityfocus.com/archive/1/425975/100/0/threaded http://marc.info/?l=full-disclosure&m=113405896025702&w=2 http://marc.info/?l=full-disclosure&m=113404911919629&w=2 http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml HPdes Security Advisory: HPSBUX02122 http://www.securityfocus.com/archive/1/438730/100/0/threaded HPdes Security Advisory: SSRT061158 http://www.mandriva.com/security/advisories?name=MDKSA-2006:036 http://www.mandriva.com/security/advisories?name=MDKSA-2006:037 http://www.mozilla.org/security/history-title.html http://www.networksecurity.fi/advisories/netscape-history.html http://www.osvdb.org/21533 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619 http://www.redhat.com/support/errata/RHSA-2006-0199.html http://www.redhat.com/support/errata/RHSA-2006-0200.html SCO Security Bulletin: SCOSA-2006.26 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt http://securitytracker.com/id?1015328 http://secunia.com/advisories/17934 http://secunia.com/advisories/17944 http://secunia.com/advisories/17946 http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/18705 http://secunia.com/advisories/18706 http://secunia.com/advisories/18708 http://secunia.com/advisories/18709 http://secunia.com/advisories/19230 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http://secunia.com/advisories/19852 http://secunia.com/advisories/19862 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 http://secunia.com/advisories/19941 http://secunia.com/advisories/21033 http://secunia.com/advisories/21622 SGI Security Advisory: 20060201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 https://usn.ubuntu.com/271-1/ https://usn.ubuntu.com/275-1/ http://www.vupen.com/english/advisories/2005/2805 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3391 Common Vulnerability Exposure (CVE) ID: CVE-2006-0292 1015570 http://securitytracker.com/id?1015570 102550 16476 18700 18703 http://secunia.com/advisories/18703 18704 18705 18706 18708 18709 19230 19746 19759 19780 http://secunia.com/advisories/19780 19821 http://secunia.com/advisories/19821 19823 http://secunia.com/advisories/19823 19852 19862 19863 19902 19941 19950 http://secunia.com/advisories/19950 20051 http://secunia.com/advisories/20051 20060201-01-U 21033 21622 22065 http://secunia.com/advisories/22065 228526 ADV-2006-0413 ADV-2006-3391 ADV-2006-3749 http://www.vupen.com/english/advisories/2006/3749 DSA-1044 DSA-1046 DSA-1051 FEDORA-2006-075 FEDORA-2006-076 FLSA-2006:180036-2 FLSA:180036-1 GLSA-200604-12 GLSA-200604-18 GLSA-200605-09 http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml HPSBUX02122 HPSBUX02156 http://www.securityfocus.com/archive/1/446657/100/200/threaded MDKSA-2006:036 MDKSA-2006:037 MDKSA-2006:078 http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 RHSA-2006:0199 RHSA-2006:0200 RHSA-2006:0330 http://www.redhat.com/support/errata/RHSA-2006-0330.html SCOSA-2006.26 SSRT061158 SSRT061236 SUSE-SA:2006:022 http://www.novell.com/linux/security/advisories/2006_04_25.html USN-271-1 USN-275-1 USN-276-1 https://usn.ubuntu.com/276-1/ http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.mozilla.org/security/announce/2006/mfsa2006-01.html https://bugzilla.mozilla.org/show_bug.cgi?id=316885 mozilla-javascript-memory-corruption(24430) https://exchange.xforce.ibmcloud.com/vulnerabilities/24430 oval:org.mitre.oval:def:10016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016 oval:org.mitre.oval:def:670 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670 Common Vulnerability Exposure (CVE) ID: CVE-2006-0296 TA06-038A http://www.us-cert.gov/cas/techalerts/TA06-038A.html VU#592425 http://www.kb.cert.org/vuls/id/592425 http://www.mozilla.org/security/announce/2006/mfsa2006-05.html https://bugzilla.mozilla.org/show_bug.cgi?id=319847 mozilla-xuldocument-command-execution(24434) https://exchange.xforce.ibmcloud.com/vulnerabilities/24434 oval:org.mitre.oval:def:11803 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11803 oval:org.mitre.oval:def:1493 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1493
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.