ID de Prueba:	1.3.6.1.4.1.25623.1.0.69161
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2010:0861
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2010:0861. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180) A flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim had loaded with Firefox. (CVE-2010-3178) A flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a . character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Firefox, if that user ran Firefox from within an attacker-controlled directory. (CVE-2010-3182) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.11 and 3.6.12. You can find links to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.12, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0861.html http://www.redhat.com/security/updates/classification/#critical http://www.mozilla.com/en-US/firefox/3.6.11/releasenotes/ http://www.mozilla.com/en-US/firefox/3.6.12/releasenotes/ http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11 http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.12 Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3175 BugTraq ID: 44245 http://www.securityfocus.com/bid/44245 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mandriva.com/security/advisories?name=MDVSA-2010:211 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11943 http://www.redhat.com/support/errata/RHSA-2010-0782.html http://www.redhat.com/support/errata/RHSA-2010-0861.html http://www.redhat.com/support/errata/RHSA-2010-0896.html http://secunia.com/advisories/42867 http://www.ubuntu.com/usn/USN-997-1 http://www.ubuntu.com/usn/USN-998-1 http://www.vupen.com/english/advisories/2011/0061 Common Vulnerability Exposure (CVE) ID: CVE-2010-3176 BugTraq ID: 44243 http://www.securityfocus.com/bid/44243 Debian Security Information: DSA-2124 (Google Search) http://www.debian.org/security/2010/dsa-2124 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12132 http://www.redhat.com/support/errata/RHSA-2010-0780.html http://www.redhat.com/support/errata/RHSA-2010-0781.html Common Vulnerability Exposure (CVE) ID: CVE-2010-3177 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12202 Common Vulnerability Exposure (CVE) ID: CVE-2010-3178 BugTraq ID: 44252 http://www.securityfocus.com/bid/44252 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12120 Common Vulnerability Exposure (CVE) ID: CVE-2010-3179 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11675 Common Vulnerability Exposure (CVE) ID: CVE-2010-3180 BugTraq ID: 44248 http://www.securityfocus.com/bid/44248 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12158 Common Vulnerability Exposure (CVE) ID: CVE-2010-3182 BugTraq ID: 44251 http://www.securityfocus.com/bid/44251 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13844 Common Vulnerability Exposure (CVE) ID: CVE-2010-3183 BugTraq ID: 44249 http://www.securityfocus.com/bid/44249 http://www.zerodayinitiative.com/advisories/ZDI-10-219/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11891 Common Vulnerability Exposure (CVE) ID: CVE-2010-3765 BugTraq ID: 44425 http://www.securityfocus.com/bid/44425 http://www.exploit-db.com/exploits/15341 http://www.exploit-db.com/exploits/15342 http://www.exploit-db.com/exploits/15352 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:213 http://www.mandriva.com/security/advisories?name=MDVSA-2010:219 http://isc.sans.edu/diary.html?storyid=9817 http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter http://www.norman.com/about_norman/press_center/news_archive/2010/129223/ http://www.norman.com/security_center/virus_description_archive/129146/ https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12108 http://www.redhat.com/support/errata/RHSA-2010-0808.html http://www.redhat.com/support/errata/RHSA-2010-0809.html http://www.redhat.com/support/errata/RHSA-2010-0810.html RedHat Security Advisories: RHSA-2010:0812 https://rhn.redhat.com/errata/RHSA-2010-0812.html http://www.securitytracker.com/id?1024645 http://www.securitytracker.com/id?1024650 http://www.securitytracker.com/id?1024651 http://secunia.com/advisories/41761 http://secunia.com/advisories/41965 http://secunia.com/advisories/41966 http://secunia.com/advisories/41969 http://secunia.com/advisories/41975 http://secunia.com/advisories/42003 http://secunia.com/advisories/42008 http://secunia.com/advisories/42043 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706 http://www.ubuntu.com/usn/usn-1011-1 http://www.ubuntu.com/usn/USN-1011-2 http://www.ubuntu.com/usn/USN-1011-3 http://www.vupen.com/english/advisories/2010/2837 http://www.vupen.com/english/advisories/2010/2857 http://www.vupen.com/english/advisories/2010/2864 http://www.vupen.com/english/advisories/2010/2871
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.