English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.67910
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2010:0681
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0681.

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2010-3169, CVE-2010-2762)

Several use-after-free and dangling pointer flaws were found in Firefox. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167,
CVE-2010-3168)

Multiple buffer overflow flaws were found in Firefox. A web page containing
malicious content could cause Firefox to crash or, potentially, execute
arbitrary code with the privileges of the user running Firefox.
(CVE-2010-2765, CVE-2010-3166)

Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page
containing malicious content could cause Firefox to run JavaScript code
with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769)

A flaw was found in the Firefox XMLHttpRequest object. A remote site could
use this flaw to gather information about servers on an internal private
network. (CVE-2010-2764)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.9. You can find a link to the Mozilla advisories
in the References section of this erratum.

Note: After installing this update, Firefox will fail to connect (with
HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key
exchange if the server's ephemeral key is too small. Connecting to such
servers is a security risk as an ephemeral key that is too small makes the
SSL connection vulnerable to attack. Refer to the Solution section for
further information.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.9, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0681.html
http://www.redhat.com/security/updates/classification/#critical
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.9

Risk factor : Critical

CVSS Score:
9.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2760
Debian Security Information: DSA-2106 (Google Search)
http://www.debian.org/security/2010/dsa-2106
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:173
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11799
http://secunia.com/advisories/42867
SuSE Security Announcement: SUSE-SA:2010:049 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
http://www.vupen.com/english/advisories/2010/2323
http://www.vupen.com/english/advisories/2011/0061
XForce ISS Database: mozilla-nstreeselection-code-execution(61660)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61660
Common Vulnerability Exposure (CVE) ID: CVE-2010-2762
BugTraq ID: 43092
http://www.securityfocus.com/bid/43092
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492
XForce ISS Database: firefox-sjow-code-exec(61656)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61656
Common Vulnerability Exposure (CVE) ID: CVE-2010-2764
BugTraq ID: 43104
http://www.securityfocus.com/bid/43104
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11684
XForce ISS Database: firefox-xmlhttprequest-info-disclosure(61662)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61662
Common Vulnerability Exposure (CVE) ID: CVE-2010-2765
BugTraq ID: 43095
http://www.securityfocus.com/bid/43095
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11519
Common Vulnerability Exposure (CVE) ID: CVE-2010-2766
BugTraq ID: 43100
http://www.securityfocus.com/bid/43100
http://www.zerodayinitiative.com/advisories/ZDI-10-176/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11778
Common Vulnerability Exposure (CVE) ID: CVE-2010-2767
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11969
XForce ISS Database: mozilla-pointer-code-execution(61658)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61658
Common Vulnerability Exposure (CVE) ID: CVE-2010-2768
BugTraq ID: 43101
http://www.securityfocus.com/bid/43101
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11735
Common Vulnerability Exposure (CVE) ID: CVE-2010-2769
BugTraq ID: 43106
http://www.securityfocus.com/bid/43106
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12192
Common Vulnerability Exposure (CVE) ID: CVE-2010-3166
BugTraq ID: 43102
http://www.securityfocus.com/bid/43102
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12186
Common Vulnerability Exposure (CVE) ID: CVE-2010-3167
BugTraq ID: 43097
http://www.securityfocus.com/bid/43097
http://www.zerodayinitiative.com/advisories/ZDI-10-171/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12136
XForce ISS Database: mozilla-nstreecontentview-code-execution(61661)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61661
Common Vulnerability Exposure (CVE) ID: CVE-2010-3168
BugTraq ID: 43108
http://www.securityfocus.com/bid/43108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12001
XForce ISS Database: firefox-xultree-objects-code-exec(61653)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61653
Common Vulnerability Exposure (CVE) ID: CVE-2010-3169
BugTraq ID: 43118
http://www.securityfocus.com/bid/43118
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12145
XForce ISS Database: mozilla-safety-code-execution(61657)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61657
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.