English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.58910
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2007:0400
Resumen:NOSUMMARY
Descripción:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0400.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed
JavaScript code. A web page containing malicious JavaScript code could
cause Firefox to crash or potentially execute arbitrary code as the user
running Firefox. (CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV commands. A
malicious FTP server could use this flaw to perform a rudimentary
port-scan of machines behind a user's firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way Firefox handled
certain form and cookie data. A malicious web site that is able to set
arbitrary form and cookie data could prevent Firefox from
functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the addEventListener
JavaScript method. A malicious web site could use this method to access or
modify sensitive data from another web site. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web content. A
malicious web page could generate content that would overlay user
interface elements such as the hostname and security indicators, tricking
users into thinking they are visiting a different site. (CVE-2007-2871)

Users of Firefox are advised to upgrade to these erratum packages, which
contain Firefox version 1.5.0.12 that corrects these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0400.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-1362
BugTraq ID: 22879
http://www.securityfocus.com/bid/22879
BugTraq ID: 24242
http://www.securityfocus.com/bid/24242
Bugtraq: 20070531 FLEA-2007-0023-1: firefox (Google Search)
http://www.securityfocus.com/archive/1/470172/100/200/threaded
Cert/CC Advisory: TA07-151A
http://www.us-cert.gov/cas/techalerts/TA07-151A.html
Debian Security Information: DSA-1300 (Google Search)
http://www.debian.org/security/2007/dsa-1300
Debian Security Information: DSA-1306 (Google Search)
http://www.debian.org/security/2007/dsa-1306
Debian Security Information: DSA-1308 (Google Search)
http://www.debian.org/security/2007/dsa-1308
http://security.gentoo.org/glsa/glsa-200706-06.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:120
http://www.mandriva.com/security/advisories?name=MDKSA-2007:126
http://www.osvdb.org/35139
http://osvdb.org/35140
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10759
http://www.redhat.com/support/errata/RHSA-2007-0400.html
http://www.redhat.com/support/errata/RHSA-2007-0401.html
http://www.redhat.com/support/errata/RHSA-2007-0402.html
http://www.securitytracker.com/id?1018162
http://www.securitytracker.com/id?1018163
http://secunia.com/advisories/25476
http://secunia.com/advisories/25490
http://secunia.com/advisories/25533
http://secunia.com/advisories/25534
http://secunia.com/advisories/25559
http://secunia.com/advisories/25635
http://secunia.com/advisories/25647
http://secunia.com/advisories/25685
http://secunia.com/advisories/25750
http://secunia.com/advisories/25858
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857
SuSE Security Announcement: SUSE-SA:2007:036 (Google Search)
http://www.novell.com/linux/security/advisories/2007_36_mozilla.html
http://www.ubuntu.com/usn/usn-468-1
http://www.vupen.com/english/advisories/2007/1994
XForce ISS Database: mozilla-doccookie-dos(34613)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34613
Common Vulnerability Exposure (CVE) ID: CVE-2007-1562
BugTraq ID: 23082
http://www.securityfocus.com/bid/23082
Bugtraq: 20070322 FLEA-2007-0001-1: firefox (Google Search)
http://www.securityfocus.com/archive/1/463501/100/0/threaded
http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf
https://bugzilla.mozilla.org/show_bug.cgi?id=370559
http://www.openwall.com/lists/oss-security/2020/12/09/1
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11431
http://www.securitytracker.com/id?1017800
http://www.ubuntu.com/usn/usn-443-1
http://www.vupen.com/english/advisories/2007/1034
XForce ISS Database: firefox-nsftpstate-information-disclosure(33119)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33119
Common Vulnerability Exposure (CVE) ID: CVE-2007-2867
Bugtraq: 20070620 FLEA-2007-0027-1: thunderbird (Google Search)
http://www.securityfocus.com/archive/1/471842/100/0/threaded
CERT/CC vulnerability note: VU#751636
http://www.kb.cert.org/vuls/id/751636
Debian Security Information: DSA-1305 (Google Search)
http://www.debian.org/security/2007/dsa-1305
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDKSA-2007:119
http://www.mandriva.com/security/advisories?name=MDKSA-2007:131
http://osvdb.org/35134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10066
http://www.securitytracker.com/id?1018151
http://www.securitytracker.com/id?1018153
http://secunia.com/advisories/24406
http://secunia.com/advisories/24456
http://secunia.com/advisories/25469
http://secunia.com/advisories/25488
http://secunia.com/advisories/25489
http://secunia.com/advisories/25491
http://secunia.com/advisories/25492
http://secunia.com/advisories/25496
http://secunia.com/advisories/25644
http://secunia.com/advisories/25664
http://secunia.com/advisories/27423
http://secunia.com/advisories/28363
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103136-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201532-1
http://www.ubuntu.com/usn/usn-469-1
http://www.vupen.com/english/advisories/2007/3664
http://www.vupen.com/english/advisories/2008/0082
XForce ISS Database: mozilla-layoutengine-dos(34604)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34604
Common Vulnerability Exposure (CVE) ID: CVE-2007-2868
1018151
1018152
http://www.securitytracker.com/id?1018152
1018153
103125
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103125-1
20070531 FLEA-2007-0023-1: firefox
20070620 FLEA-2007-0027-1: thunderbird
201505
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201505-1
24242
24406
24456
25469
25476
25488
25489
25490
25491
25492
25496
25533
25534
25559
25635
25644
25647
25664
25685
25750
25858
27427
http://secunia.com/advisories/27427
28363
35138
http://osvdb.org/35138
ADV-2007-1994
ADV-2007-3632
http://www.vupen.com/english/advisories/2007/3632
ADV-2008-0082
DSA-1300
DSA-1305
DSA-1306
DSA-1308
FEDORA-2007-308
FEDORA-2007-309
GLSA-200706-06
HPSBUX02153
HPSBUX02156
MDKSA-2007:119
MDKSA-2007:120
MDKSA-2007:131
RHSA-2007:0400
RHSA-2007:0401
RHSA-2007:0402
SSA:2007-066-04
SSA:2007-152-02
SSRT061181
SSRT061236
SUSE-SA:2007:036
TA07-151A
USN-468-1
USN-469-1
VU#609956
http://www.kb.cert.org/vuls/id/609956
http://www.mozilla.org/security/announce/2007/mfsa2007-12.html
https://issues.rpath.com/browse/RPL-1424
mozilla-javascripteng-code-execution(34605)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34605
oval:org.mitre.oval:def:10711
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10711
Common Vulnerability Exposure (CVE) ID: CVE-2007-2869
http://osvdb.org/35135
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11208
http://www.securitytracker.com/id?1018154
XForce ISS Database: firefox-autocomplete-dos(34612)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34612
Common Vulnerability Exposure (CVE) ID: CVE-2007-2870
1018160
http://www.securitytracker.com/id?1018160
1018161
http://www.securitytracker.com/id?1018161
35136
http://osvdb.org/35136
MDKSA-2007:126
http://www.mozilla.org/security/announce/2007/mfsa2007-16.html
mozilla-addeventlistener-xss(34614)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34614
oval:org.mitre.oval:def:9547
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9547
Common Vulnerability Exposure (CVE) ID: CVE-2007-2871
http://osvdb.org/35137
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11433
http://www.securitytracker.com/id?1018155
http://www.securitytracker.com/id?1018156
XForce ISS Database: mozilla-xulpopups-spoofing(34606)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34606
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.