English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.58081
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2007:0079
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0079.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed
JavaScript code. A malicious web page could execute JavaScript code in such
a way that may result in Firefox crashing or executing arbitrary code as
the user running Firefox. (CVE-2007-0775, CVE-2007-0777)

Several cross-site scripting (XSS) flaws were found in the way Firefox
processed certain malformed web pages. A malicious web page could display
misleading information which may result in a user unknowingly divulging
sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995,
CVE-2007-0996)

A flaw was found in the way Firefox cached web pages on the local disk. A
malicious web page may be able to inject arbitrary HTML into a browsing
session if the user reloads a targeted site. (CVE-2007-0778)

A flaw was found in the way Firefox displayed certain web content. A
malicious web page could generate content which could overlay user
interface elements such as the hostname and security indicators, tricking a
user into thinking they are visiting a different site. (CVE-2007-0779)

Two flaws were found in the way Firefox displayed blocked popup windows. If
a user can be convinced to open a blocked popup, it is possible to read
arbitrary local files, or conduct an XSS attack against the user.
(CVE-2007-0780, CVE-2007-0800)

Two buffer overflow flaws were found in the Network Security Services (NSS)
code for processing the SSLv2 protocol. Connecting to a malicious secure
web server could cause the execution of arbitrary code as the user running
Firefox. (CVE-2007-0008, CVE-2007-0009)

A flaw was found in the way Firefox handled the location.hostname value
during certain browser domain checks. This flaw could allow a malicious web
site to set domain cookies for an arbitrary site, or possibly perform an
XSS attack. (CVE-2007-0981)

Users of Firefox are advised to upgrade to these erratum packages, which
contain Firefox version 1.5.0.10 that corrects these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0079.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-6077
BugTraq ID: 21240
http://www.securityfocus.com/bid/21240
BugTraq ID: 22694
http://www.securityfocus.com/bid/22694
Bugtraq: 20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452382/100/0/threaded
Bugtraq: 20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452431/100/0/threaded
Bugtraq: 20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452440/100/0/threaded
Bugtraq: 20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452463/100/0/threaded
Bugtraq: 20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/454982/100/0/threaded
Bugtraq: 20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/455073/100/0/threaded
Bugtraq: 20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/455148/100/0/threaded
Bugtraq: 20070226 rPSA-2007-0040-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/461336/100/0/threaded
Bugtraq: 20070303 rPSA-2007-0040-3 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/461809/100/0/threaded
Debian Security Information: DSA-1336 (Google Search)
http://www.debian.org/security/2007/dsa-1336
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.info-svc.com/news/11-21-2006/
http://www.info-svc.com/news/11-21-2006/rcsr1/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031
RedHat Security Advisories: RHSA-2007:0077
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://securitytracker.com/id?1017271
http://secunia.com/advisories/23046
http://secunia.com/advisories/23108
http://secunia.com/advisories/24205
http://secunia.com/advisories/24238
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24293
http://secunia.com/advisories/24320
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24342
http://secunia.com/advisories/24343
http://secunia.com/advisories/24384
http://secunia.com/advisories/24393
http://secunia.com/advisories/24395
http://secunia.com/advisories/24437
http://secunia.com/advisories/24457
http://secunia.com/advisories/24650
http://secunia.com/advisories/25588
SGI Security Advisory: 20070202-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
SGI Security Advisory: 20070301-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
SuSE Security Announcement: SUSE-SA:2007:019 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
SuSE Security Announcement: SUSE-SA:2007:022 (Google Search)
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2006/4662
http://www.vupen.com/english/advisories/2007/0718
XForce ISS Database: firefox-passwordmgr-information-disclosure(30470)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30470
Common Vulnerability Exposure (CVE) ID: CVE-2007-0008
1017696
http://www.securitytracker.com/id?1017696
102856
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
102945
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
20070202-01-P
20070223 Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482
20070226 rPSA-2007-0040-1 firefox
20070301-01-P
20070303 rPSA-2007-0040-3 firefox thunderbird
22694
24205
24238
24252
http://secunia.com/advisories/24252
24253
http://secunia.com/advisories/24253
24277
http://secunia.com/advisories/24277
24287
24290
24293
24320
24328
24333
24342
24343
24384
24389
http://secunia.com/advisories/24389
24395
24406
http://secunia.com/advisories/24406
24410
http://secunia.com/advisories/24410
24455
http://secunia.com/advisories/24455
24456
http://secunia.com/advisories/24456
24457
24522
http://secunia.com/advisories/24522
24562
http://secunia.com/advisories/24562
24650
24703
http://secunia.com/advisories/24703
25588
25597
http://secunia.com/advisories/25597
32105
http://www.osvdb.org/32105
64758
http://www.securityfocus.com/bid/64758
ADV-2007-0718
ADV-2007-0719
http://www.vupen.com/english/advisories/2007/0719
ADV-2007-1165
http://www.vupen.com/english/advisories/2007/1165
ADV-2007-2141
http://www.vupen.com/english/advisories/2007/2141
DSA-1336
FEDORA-2007-278
http://fedoranews.org/cms/node/2709
FEDORA-2007-279
http://fedoranews.org/cms/node/2711
FEDORA-2007-281
FEDORA-2007-293
FEDORA-2007-308
http://fedoranews.org/cms/node/2747
FEDORA-2007-309
http://fedoranews.org/cms/node/2749
GLSA-200703-18
http://security.gentoo.org/glsa/glsa-200703-18.xml
GLSA-200703-22
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
HPSBUX02153
MDKSA-2007:050
MDKSA-2007:052
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
RHSA-2007:0077
RHSA-2007:0078
RHSA-2007:0079
RHSA-2007:0097
RHSA-2007:0108
SSA:2007-066-03
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
SSA:2007-066-04
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
SSA:2007-066-05
SSRT061181
SUSE-SA:2007:019
SUSE-SA:2007:022
USN-428-1
USN-431-1
http://www.ubuntu.com/usn/usn-431-1
VU#377812
http://www.kb.cert.org/vuls/id/377812
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://bugzilla.mozilla.org/show_bug.cgi?id=364319
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
nss-mastersecret-bo(32666)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32666
oval:org.mitre.oval:def:10502
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502
Common Vulnerability Exposure (CVE) ID: CVE-2007-0009
20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
32106
http://www.osvdb.org/32106
VU#592796
http://www.kb.cert.org/vuls/id/592796
https://bugzilla.mozilla.org/show_bug.cgi?id=364323
nss-clientmasterkey-bo(32663)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32663
oval:org.mitre.oval:def:10174
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174
Common Vulnerability Exposure (CVE) ID: CVE-2007-0775
1017698
http://www.securitytracker.com/id?1017698
24393
24437
32114
http://www.osvdb.org/32114
ADV-2008-0083
http://www.vupen.com/english/advisories/2008/0083
GLSA-200703-04
GLSA-200703-08
VU#761756
http://www.kb.cert.org/vuls/id/761756
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
mozilla-multiple-layout-code-execution(32704)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32704
oval:org.mitre.oval:def:10012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10012
Common Vulnerability Exposure (CVE) ID: CVE-2007-0777
32115
http://www.osvdb.org/32115
VU#269484
http://www.kb.cert.org/vuls/id/269484
mozilla-multiple-javascript-code-execution(32699)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32699
oval:org.mitre.oval:def:11331
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11331
Common Vulnerability Exposure (CVE) ID: CVE-2007-0778
1017699
http://securitytracker.com/id?1017699
32110
http://www.osvdb.org/32110
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
https://bugzilla.mozilla.org/show_bug.cgi?id=347852
mozilla-diskcache-information-disclosure(32671)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32671
oval:org.mitre.oval:def:9151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9151
Common Vulnerability Exposure (CVE) ID: CVE-2007-0779
1017700
http://www.securitytracker.com/id?1017700
32109
http://osvdb.org/32109
http://www.mozilla.org/security/announce/2007/mfsa2007-04.html
https://bugzilla.mozilla.org/show_bug.cgi?id=361298
oval:org.mitre.oval:def:8757
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8757
Common Vulnerability Exposure (CVE) ID: CVE-2007-0780
1017702
http://www.securitytracker.com/id?1017702
32107
http://www.osvdb.org/32107
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
https://bugzilla.mozilla.org/show_bug.cgi?id=354973
mozilla-dataurl-xss(32667)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32667
oval:org.mitre.oval:def:9884
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884
Common Vulnerability Exposure (CVE) ID: CVE-2007-0800
BugTraq ID: 22396
http://www.securityfocus.com/bid/22396
Bugtraq: 20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search)
http://www.securityfocus.com/archive/1/459162/100/0/threaded
Bugtraq: 20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search)
http://www.securityfocus.com/archive/1/459163/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html
http://www.osvdb.org/32108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654
XForce ISS Database: firefox-popup-security-bypass(32194)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32194
Common Vulnerability Exposure (CVE) ID: CVE-2007-0981
BugTraq ID: 22566
http://www.securityfocus.com/bid/22566
Bugtraq: 20070214 Firefox: serious cookie stealing / same-domain bypass vulnerability (Google Search)
http://www.securityfocus.com/archive/1/460126/100/200/threaded
Bugtraq: 20070215 Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability (Google Search)
http://www.securityfocus.com/archive/1/460217/100/0/threaded
CERT/CC vulnerability note: VU#885753
http://www.kb.cert.org/vuls/id/885753
http://lcamtuf.dione.cc/ffhostname.html
http://www.osvdb.org/32104
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730
http://securitytracker.com/id?1017654
http://secunia.com/advisories/24175
http://securityreason.com/securityalert/2262
http://www.vupen.com/english/advisories/2007/0624
XForce ISS Database: firefox-locationhostname-security-bypass(32533)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32533
Common Vulnerability Exposure (CVE) ID: CVE-2007-0995
32111
http://www.osvdb.org/32111
32112
http://osvdb.org/32112
http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
oval:org.mitre.oval:def:10164
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164
Common Vulnerability Exposure (CVE) ID: CVE-2007-0996
20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
http://www.securityfocus.com/archive/1/461076/100/0/threaded
33812
http://osvdb.org/33812
http://www.hardened-php.net/advisory_032007.142.html
oval:org.mitre.oval:def:10086
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.