FreeBSD Local Security Checks : FreeBSD Ports: firefox

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56644

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: firefox

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

firefox
linux-firefox

CVE-2006-1993
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via certain Javascript that is not properly handled by the
contentWindow.focus method in an iframe, which causes a reference to a
deleted controller context object. NOTE: this was originally claimed
to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but
the vendor disputes this claim.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-1993
BugTraq ID: 17671
http://www.securityfocus.com/bid/17671
Bugtraq: 20060424 Firefox Remote Code Execution and DoS 1.5.0.2 (Google Search)
http://www.securityfocus.com/archive/1/431878/100/0/threaded
CERT/CC vulnerability note: VU#866300
http://www.kb.cert.org/vuls/id/866300
Debian Security Information: DSA-1053 (Google Search)
http://www.debian.org/security/2006/dsa-1053
Debian Security Information: DSA-1055 (Google Search)
http://www.debian.org/security/2006/dsa-1055
http://www.gentoo.org/security/en/glsa/glsa-200605-06.xml
HPdes Security Advisory: HPSBTU02118
http://www.securityfocus.com/archive/1/434524/100/0/threaded
HPdes Security Advisory: HPSBUX02153
http://www.securityfocus.com/archive/1/446658/100/200/threaded
HPdes Security Advisory: SSRT061145
HPdes Security Advisory: SSRT061181
http://www.securident.com/vuln/ff.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1790
http://securitytracker.com/id?1015981
http://secunia.com/advisories/19802
http://secunia.com/advisories/20015
http://secunia.com/advisories/20019
http://secunia.com/advisories/20070
http://secunia.com/advisories/20214
http://secunia.com/advisories/22066
http://securityreason.com/securityalert/780
http://www.vupen.com/english/advisories/2006/1614
http://www.vupen.com/english/advisories/2006/1922
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2008/0083
XForce ISS Database: firefox-iframe-contentwindowfocus-bo(25994)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25994

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56644
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: firefox
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: firefox linux-firefox CVE-2006-1993 Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-1993 BugTraq ID: 17671 http://www.securityfocus.com/bid/17671 Bugtraq: 20060424 Firefox Remote Code Execution and DoS 1.5.0.2 (Google Search) http://www.securityfocus.com/archive/1/431878/100/0/threaded CERT/CC vulnerability note: VU#866300 http://www.kb.cert.org/vuls/id/866300 Debian Security Information: DSA-1053 (Google Search) http://www.debian.org/security/2006/dsa-1053 Debian Security Information: DSA-1055 (Google Search) http://www.debian.org/security/2006/dsa-1055 http://www.gentoo.org/security/en/glsa/glsa-200605-06.xml HPdes Security Advisory: HPSBTU02118 http://www.securityfocus.com/archive/1/434524/100/0/threaded HPdes Security Advisory: HPSBUX02153 http://www.securityfocus.com/archive/1/446658/100/200/threaded HPdes Security Advisory: SSRT061145 HPdes Security Advisory: SSRT061181 http://www.securident.com/vuln/ff.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1790 http://securitytracker.com/id?1015981 http://secunia.com/advisories/19802 http://secunia.com/advisories/20015 http://secunia.com/advisories/20019 http://secunia.com/advisories/20070 http://secunia.com/advisories/20214 http://secunia.com/advisories/22066 http://securityreason.com/securityalert/780 http://www.vupen.com/english/advisories/2006/1614 http://www.vupen.com/english/advisories/2006/1922 http://www.vupen.com/english/advisories/2006/3748 http://www.vupen.com/english/advisories/2008/0083 XForce ISS Database: firefox-iframe-contentwindowfocus-bo(25994) https://exchange.xforce.ibmcloud.com/vulnerabilities/25994
Copyright	Copyright (C) 2008 E-Soft Inc.