ID de Prueba:	1.3.6.1.4.1.25623.1.0.57367
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0675
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0675. Mozilla Firefox is an open source Web browser. Two flaws were found in the way Firefox processed certain regular expressions. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4565, CVE-2006-4566) A number of flaws were found in Firefox. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4571) A flaw was found in the handling of Javascript timed events. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4253) Daniel Bleichenbacher recently described an implementation error in RSA signature verification. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. (CVE-2006-4340) A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim's DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a victim to previously accept an unverifiable certificate. (CVE-2006-4567) Firefox did not properly prevent a frame in one domain from injecting content into a sub-frame that belongs to another domain, which facilitates website spoofing and other attacks (CVE-2006-4568) Firefox did not load manually opened, blocked popups in the right domain context, which could lead to cross-site scripting attacks. In order to exploit this issue an attacker would need to find a site which would frame their malicious page and convince the user to manually open a blocked popup. (CVE-2006-4569) Users of Firefox are advised to upgrade to this update, which contains Firefox version 1.5.0.7 that corrects these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0675.html http://www.redhat.com/security/updates/classification/#critical Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4340 Bugtraq: 20060915 rPSA-2006-0169-1 firefox thunderbird (Google Search) http://www.securityfocus.com/archive/1/446140/100/0/threaded Cert/CC Advisory: TA06-312A http://www.us-cert.gov/cas/techalerts/TA06-312A.html Debian Security Information: DSA-1191 (Google Search) http://www.us.debian.org/security/2006/dsa-1191 Debian Security Information: DSA-1192 (Google Search) http://www.debian.org/security/2006/dsa-1192 Debian Security Information: DSA-1210 (Google Search) http://www.debian.org/security/2006/dsa-1210 http://security.gentoo.org/glsa/glsa-200609-19.xml http://security.gentoo.org/glsa/glsa-200610-01.xml http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml HPdes Security Advisory: HPSBUX02153 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 HPdes Security Advisory: SSRT061181 http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 http://www.mandriva.com/security/advisories?name=MDKSA-2006:169 http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ http://www.mozilla.org/security/announce/2006/mfsa2006-66.html http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007 http://www.redhat.com/support/errata/RHSA-2006-0675.html http://www.redhat.com/support/errata/RHSA-2006-0676.html http://www.redhat.com/support/errata/RHSA-2006-0677.html http://securitytracker.com/id?1016858 http://securitytracker.com/id?1016859 http://securitytracker.com/id?1016860 http://secunia.com/advisories/21903 http://secunia.com/advisories/21906 http://secunia.com/advisories/21915 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21940 http://secunia.com/advisories/21949 http://secunia.com/advisories/21950 http://secunia.com/advisories/22001 http://secunia.com/advisories/22025 http://secunia.com/advisories/22036 http://secunia.com/advisories/22044 http://secunia.com/advisories/22055 http://secunia.com/advisories/22056 http://secunia.com/advisories/22066 http://secunia.com/advisories/22074 http://secunia.com/advisories/22088 http://secunia.com/advisories/22195 http://secunia.com/advisories/22210 http://secunia.com/advisories/22226 http://secunia.com/advisories/22247 http://secunia.com/advisories/22274 http://secunia.com/advisories/22299 http://secunia.com/advisories/22342 http://secunia.com/advisories/22422 http://secunia.com/advisories/22446 http://secunia.com/advisories/22849 http://secunia.com/advisories/22992 http://secunia.com/advisories/23883 http://secunia.com/advisories/24711 SGI Security Advisory: 20060901-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1 SuSE Security Announcement: SUSE-SA:2006:054 (Google Search) http://www.novell.com/linux/security/advisories/2006_54_mozilla.html SuSE Security Announcement: SUSE-SA:2006:055 (Google Search) http://www.novell.com/linux/security/advisories/2006_55_ssl.html http://www.ubuntu.com/usn/usn-350-1 http://www.ubuntu.com/usn/usn-351-1 http://www.ubuntu.com/usn/usn-352-1 http://www.ubuntu.com/usn/usn-354-1 http://www.ubuntu.com/usn/usn-361-1 http://www.vupen.com/english/advisories/2006/3617 http://www.vupen.com/english/advisories/2006/3622 http://www.vupen.com/english/advisories/2006/3748 http://www.vupen.com/english/advisories/2006/3899 http://www.vupen.com/english/advisories/2007/0293 http://www.vupen.com/english/advisories/2007/1198 http://www.vupen.com/english/advisories/2008/0083 XForce ISS Database: mozilla-nss-security-bypass(30098) https://exchange.xforce.ibmcloud.com/vulnerabilities/30098 Common Vulnerability Exposure (CVE) ID: CVE-2006-4253 BugTraq ID: 19488 http://www.securityfocus.com/bid/19488 BugTraq ID: 19534 http://www.securityfocus.com/bid/19534 Bugtraq: 20060812 Concurrency-related vulnerabilities in browsers - expect problems (Google Search) http://www.securityfocus.com/archive/1/443020/100/100/threaded Bugtraq: 20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems (Google Search) http://www.securityfocus.com/archive/1/443306/100/100/threaded Bugtraq: 20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems (Google Search) http://www.securityfocus.com/archive/1/443528/100/0/threaded Bugtraq: 20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems (Google Search) http://www.securityfocus.com/archive/1/443500/100/100/threaded http://www.securityfocus.com/archive/1/447840/100/200/threaded http://www.securityfocus.com/archive/1/447837/100/200/threaded Bugtraq: 20061017 Flaw in Firefox 2.0 RC2 (Google Search) http://www.securityfocus.com/archive/1/448956/100/100/threaded Bugtraq: 20061019 Re: Flaw in Firefox 2.0 RC2 (Google Search) http://www.securityfocus.com/archive/1/448984/100/100/threaded http://www.securityfocus.com/archive/1/449245/100/100/threaded Bugtraq: 20061023 Flaw in Firefox 2.0 Final (Google Search) http://www.securityfocus.com/archive/1/449487/100/0/threaded Bugtraq: 20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/449726/100/0/threaded http://security.gentoo.org/glsa/glsa-200610-04.xml http://lcamtuf.coredump.cx/ffoxdie.html http://lcamtuf.coredump.cx/ffoxdie3.html http://www.pianetapc.it/view.php?id=770 http://www.securiteam.com/securitynews/5VP0M0AJFW.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9528 http://securitytracker.com/id?1016846 http://securitytracker.com/id?1016847 http://securitytracker.com/id?1016848 http://secunia.com/advisories/21513 http://secunia.com/advisories/22391 Common Vulnerability Exposure (CVE) ID: CVE-2006-4565 BugTraq ID: 20042 http://www.securityfocus.com/bid/20042 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11421 XForce ISS Database: mozilla-javascript-expression-bo(28955) https://exchange.xforce.ibmcloud.com/vulnerabilities/28955 Common Vulnerability Exposure (CVE) ID: CVE-2006-4566 CERT/CC vulnerability note: VU#141528 http://www.kb.cert.org/vuls/id/141528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9637 XForce ISS Database: mozilla-backslash-dos(28958) https://exchange.xforce.ibmcloud.com/vulnerabilities/28958 Common Vulnerability Exposure (CVE) ID: CVE-2006-4567 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10488 http://securitytracker.com/id?1016850 http://securitytracker.com/id?1016851 XForce ISS Database: mozilla-auto-update-gain-access(28950) https://exchange.xforce.ibmcloud.com/vulnerabilities/28950 Common Vulnerability Exposure (CVE) ID: CVE-2006-4568 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9843 http://securitytracker.com/id?1016855 http://securitytracker.com/id?1016856 XForce ISS Database: mozilla-documentopen-frame-spoofing(28961) https://exchange.xforce.ibmcloud.com/vulnerabilities/28961 Common Vulnerability Exposure (CVE) ID: CVE-2006-4569 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10650 http://securitytracker.com/id?1016849 XForce ISS Database: firefox-popup-blocker-xss(28957) https://exchange.xforce.ibmcloud.com/vulnerabilities/28957 Common Vulnerability Exposure (CVE) ID: CVE-2006-4571 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11728
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.