English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 76783 Descripciones CVE y
40246 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.58470
Categoría:Debian Local Security Checks
Título:Debian Security Advisory DSA 1338-1 (iceweasel)
Resumen:Debian Security Advisory DSA 1338-1 (iceweasel)
Descripción:The remote host is missing an update to iceweasel
announced via advisory DSA 1338-1.

Several remote vulnerabilities have been discovered in the Iceweasel web
browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-3089

Ronen Zilberman and Michal Zalewski discovered that a timing race
allows the injection of content into about:blank frames.

CVE-2007-3656

Michal Zalewski discovered that same-origin policies for wyciwyg://
documents are insufficiently enforced.

CVE-2007-3734

Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,
Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul
Nickerson,and Vladimir Sukhoy discovered crashes in the layout engine,
which might allow the execution of arbitrary code.

CVE-2007-3735

Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the
javascript engine, which might allow the execution of arbitrary code.

CVE-2007-3736

moz_bug_r_a4 discovered that the addEventListener() and setTimeout()
functions allow cross-site scripting.

CVE-2007-3737

moz_bug_r_a4 discovered that a programming error in event handling
allows privilege escalation.

CVE-2007-3738

shutdown and moz_bug_r_a4 discovered that the XPCNativeWrapper allows
the execution of arbitrary code.

The Mozilla products in the oldstable distribution (sarge) are no longer
supported with with security updates. You're strongly encouraged to upgrade to
stable as soon as possible.

For the stable distribution (etch) these problems have been fixed in version
2.0.0.5-0etch1. Builds for alpha and mips are not yet available, they will
be provided later.

For the unstable distribution (sid) these problems have been fixed in version
2.0.0.5-1.

We recommend that you upgrade your iceweasel packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201338-1
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-3089
Bugtraq: 20070604 Assorted browser vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/archive/1/470446/100/0/threaded
Bugtraq: 20070720 rPSA-2007-0148-1 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/474226/100/0/threaded
Bugtraq: 20070724 FLEA-2007-0033-1: firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/474542/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html
http://lcamtuf.coredump.cx/ifsnatch/
https://bugzilla.mozilla.org/show_bug.cgi?id=381300
https://bugzilla.mozilla.org/show_bug.cgi?id=382686
Debian Security Information: DSA-1337 (Google Search)
http://www.debian.org/security/2007/dsa-1337
Debian Security Information: DSA-1338 (Google Search)
http://www.debian.org/security/2007/dsa-1338
Debian Security Information: DSA-1339 (Google Search)
http://www.debian.org/security/2007/dsa-1339
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://www.redhat.com/support/errata/RHSA-2007-0722.html
http://www.redhat.com/support/errata/RHSA-2007-0723.html
http://www.redhat.com/support/errata/RHSA-2007-0724.html
SGI Security Advisory: 20070701-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
SuSE Security Announcement: SUSE-SA:2007:049 (Google Search)
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
http://www.ubuntu.com/usn/usn-490-1
Cert/CC Advisory: TA07-199A
http://www.us-cert.gov/cas/techalerts/TA07-199A.html
CERT/CC vulnerability note: VU#143297
http://www.kb.cert.org/vuls/id/143297
BugTraq ID: 24286
http://www.securityfocus.com/bid/24286
http://osvdb.org/38024
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11122
http://www.vupen.com/english/advisories/2007/2564
http://www.vupen.com/english/advisories/2007/4256
http://www.securitytracker.com/id?1018412
http://secunia.com/advisories/26095
http://secunia.com/advisories/26103
http://secunia.com/advisories/26106
http://secunia.com/advisories/26107
http://secunia.com/advisories/25589
http://secunia.com/advisories/26179
http://secunia.com/advisories/26149
http://secunia.com/advisories/26151
http://secunia.com/advisories/26072
http://secunia.com/advisories/26211
http://secunia.com/advisories/26216
http://secunia.com/advisories/26204
http://secunia.com/advisories/26205
http://secunia.com/advisories/26159
http://secunia.com/advisories/26271
http://secunia.com/advisories/26258
http://secunia.com/advisories/26460
http://secunia.com/advisories/28135
http://securityreason.com/securityalert/2781
XForce ISS Database: firefox-iframe-security-bypass(34701)
http://xforce.iss.net/xforce/xfdb/34701
Common Vulnerability Exposure (CVE) ID: CVE-2007-3656
Bugtraq: 20070709 Firefox wyciwyg:// cache zone bypass (Google Search)
http://www.securityfocus.com/archive/1/archive/1/473191/100/0/threaded
http://lcamtuf.coredump.cx/ffcache/
BugTraq ID: 24831
http://www.securityfocus.com/bid/24831
http://osvdb.org/38028
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9105
http://www.securitytracker.com/id?1018411
http://secunia.com/advisories/25990
http://securityreason.com/securityalert/2872
XForce ISS Database: mozilla-wyciwyg-security-bypass(35298)
http://xforce.iss.net/xforce/xfdb/35298
Common Vulnerability Exposure (CVE) ID: CVE-2007-3734
Debian Security Information: DSA-1391 (Google Search)
http://www.debian.org/security/2007/dsa-1391
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
http://www.ubuntu.com/usn/usn-503-1
BugTraq ID: 24946
http://www.securityfocus.com/bid/24946
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10108
http://www.vupen.com/english/advisories/2007/2565
http://www.vupen.com/english/advisories/2008/0082
http://www.securitytracker.com/id?1018408
http://secunia.com/advisories/26096
http://secunia.com/advisories/26176
http://secunia.com/advisories/26572
http://secunia.com/advisories/27326
http://secunia.com/advisories/28363
XForce ISS Database: mozilla-browser-engine-code-execution(35458)
http://xforce.iss.net/xforce/xfdb/35458
Common Vulnerability Exposure (CVE) ID: CVE-2007-3735
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11066
XForce ISS Database: mozilla-javascript-eng-code-execution(35459)
http://xforce.iss.net/xforce/xfdb/35459
Common Vulnerability Exposure (CVE) ID: CVE-2007-3736
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11749
http://www.securitytracker.com/id?1018410
XForce ISS Database: mozilla-addeventlistener-settimeout-xss(35462)
http://xforce.iss.net/xforce/xfdb/35462
Common Vulnerability Exposure (CVE) ID: CVE-2007-3737
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10009
http://www.securitytracker.com/id?1018409
XForce ISS Database: firefox-eventhandler-code-execution(35461)
http://xforce.iss.net/xforce/xfdb/35461
Common Vulnerability Exposure (CVE) ID: CVE-2007-3738
SuSE Security Announcement: SUSE-SA:2007:057 (Google Search)
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9875
http://www.securitytracker.com/id?1018414
XForce ISS Database: firefox-xpcnativewrapper-code-execution(35460)
http://xforce.iss.net/xforce/xfdb/35460
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 40246 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.