English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 76783 Descripciones CVE y
40246 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.59632
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2007:1082
Resumen:Redhat Security Advisory RHSA-2007:1082
Descripción:
The remote host is missing updates announced in
advisory RHSA-2007:1082.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)

A race condition existed when Firefox set the window.location property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-1082.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-5947
Bugtraq: 20080212 FLEA-2008-0001-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/488002/100/0/threaded
Bugtraq: 20080229 rPSA-2008-0093-1 thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/488971/100/0/threaded
http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues
http://bugs.gentoo.org/show_bug.cgi?id=198965
http://bugs.gentoo.org/show_bug.cgi?id=200909
Debian Security Information: DSA-1424 (Google Search)
http://www.debian.org/security/2007/dsa-1424
Debian Security Information: DSA-1425 (Google Search)
http://www.debian.org/security/2007/dsa-1425
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html
http://security.gentoo.org/glsa/glsa-200712-21.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:246
http://www.redhat.com/support/errata/RHSA-2007-1082.html
http://www.redhat.com/support/errata/RHSA-2007-1084.html
http://www.redhat.com/support/errata/RHSA-2007-1083.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
SuSE Security Announcement: SUSE-SA:2007:066 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
http://www.ubuntulinux.org/support/documentation/usn/usn-546-1
http://www.ubuntu.com/usn/usn-546-2
CERT/CC vulnerability note: VU#715737
http://www.kb.cert.org/vuls/id/715737
BugTraq ID: 26385
http://www.securityfocus.com/bid/26385
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9873
http://www.vupen.com/english/advisories/2007/3818
http://www.vupen.com/english/advisories/2007/4002
http://www.vupen.com/english/advisories/2007/4018
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2008/0643
http://www.securitytracker.com/id?1018928
http://secunia.com/advisories/27605
http://secunia.com/advisories/27793
http://secunia.com/advisories/27796
http://secunia.com/advisories/27797
http://secunia.com/advisories/27816
http://secunia.com/advisories/27944
http://secunia.com/advisories/27957
http://secunia.com/advisories/28001
http://secunia.com/advisories/28016
http://secunia.com/advisories/27955
http://secunia.com/advisories/28171
http://secunia.com/advisories/28277
http://secunia.com/advisories/27800
http://secunia.com/advisories/27838
http://secunia.com/advisories/27845
http://secunia.com/advisories/28398
http://secunia.com/advisories/27855
http://secunia.com/advisories/27979
http://secunia.com/advisories/29164
XForce ISS Database: firefox-jar-uri-xss(38356)
http://xforce.iss.net/xforce/xfdb/38356
Common Vulnerability Exposure (CVE) ID: CVE-2007-5959
BugTraq ID: 26593
http://www.securityfocus.com/bid/26593
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11014
http://securitytracker.com/id?1018994
http://secunia.com/advisories/27725
XForce ISS Database: mozilla-multiple-memcorrupt-code-execution(38643)
http://xforce.iss.net/xforce/xfdb/38643
Common Vulnerability Exposure (CVE) ID: CVE-2007-5960
BugTraq ID: 26589
http://www.securityfocus.com/bid/26589
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9794
http://securitytracker.com/id?1018995
XForce ISS Database: mozilla-http-referer-spoofing(38644)
http://xforce.iss.net/xforce/xfdb/38644
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 40246 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.