ID de Prueba:	1.3.6.1.4.1.25623.1.0.801130
Categoría:	Buffer overflow
Título:	Mozilla Firefox Multiple Vulnerabilities (Nov 2009) - Windows
Resumen:	Mozilla Firefox browser is prone to multiple vulnerabilities.
Descripción:	Summary: Mozilla Firefox browser is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to following errors: - An array indexing error exists when allocating space for floating point numbers. This can be exploited to trigger a memory corruption when a specially crafted floating point number is processed. - An error in the form history functionality can be exploited to disclose history entries via a specially crafted web page that triggers the automatic filling of form fields. - When parsing regular expressions used in Proxy Auto-configuration. This can be exploited to cause a crash or potentially execute arbitrary code via specially crafted configured PAC files. - When processing GIF, color maps can be exploited to cause a heap based buffer overflow and potentially execute arbitrary code via a specially crafted GIF file. - An error in the 'XPCVariant::VariantDataToJS()' XPCOM utility, which can be exploited to execute arbitrary JavaScript code with chrome privileges. - An error in the implementation of the JavaScript 'document.getSelection()' can be exploited to read text selected on a web page in a different domain. - An error when downloading files can be exploited to display different file names in the download dialog title bar and download dialog body. This can be exploited to obfuscate file names via a right-to-left override character and potentially trick a user into running an executable file. - Multiple unspecified errors in the browser engines can be exploited to cause crash or potentially execute arbitrary code. Vulnerability Impact: Successful exploitation will let attacker to disclose sensitive information, bypass certain security restrictions, manipulate certain data, or compromise a user's system. Affected Software/OS: Firefox version 3.0 before 3.0.15 and 3.5 before 3.5.4 on Windows. Solution: Upgrade to Firefox version 3.0.15 or 3.5.4. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3370 http://www.mandriva.com/security/advisories?name=MDVSA-2009:294 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10836 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6455 http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 http://www.vupen.com/english/advisories/2009/3334 Common Vulnerability Exposure (CVE) ID: CVE-2009-3373 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10684 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6548 Common Vulnerability Exposure (CVE) ID: CVE-2009-3372 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10977 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6347 Common Vulnerability Exposure (CVE) ID: CVE-2009-0689 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html BugTraq ID: 35510 http://www.securityfocus.com/bid/35510 Bugtraq: 20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) (Google Search) http://www.securityfocus.com/archive/1/507977/100/0/threaded Bugtraq: 20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) (Google Search) http://www.securityfocus.com/archive/1/507979/100/0/threaded Bugtraq: 20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) (Google Search) http://www.securityfocus.com/archive/1/508423/100/0/threaded Bugtraq: 20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) (Google Search) http://www.securityfocus.com/archive/1/508417/100/0/threaded http://www.mandriva.com/security/advisories?name=MDVSA-2009:330 http://secunia.com/secunia_research/2009-35/ https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541 http://www.redhat.com/support/errata/RHSA-2009-1601.html http://www.redhat.com/support/errata/RHSA-2010-0153.html http://www.redhat.com/support/errata/RHSA-2010-0154.html RedHat Security Advisories: RHSA-2014:0311 http://rhn.redhat.com/errata/RHSA-2014-0311.html RedHat Security Advisories: RHSA-2014:0312 http://rhn.redhat.com/errata/RHSA-2014-0312.html http://securitytracker.com/id?1022478 http://secunia.com/advisories/37431 http://secunia.com/advisories/37682 http://secunia.com/advisories/37683 http://secunia.com/advisories/38066 http://secunia.com/advisories/38977 http://secunia.com/advisories/39001 http://securityreason.com/achievement_securityalert/63 http://securityreason.com/achievement_securityalert/69 http://securityreason.com/achievement_securityalert/72 http://securityreason.com/achievement_securityalert/73 http://securityreason.com/achievement_securityalert/71 http://securityreason.com/achievement_securityalert/76 http://securityreason.com/achievement_securityalert/75 http://securityreason.com/achievement_securityalert/77 http://securityreason.com/achievement_securityalert/78 http://securityreason.com/achievement_securityalert/81 SuSE Security Announcement: SUSE-SR:2009:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://www.ubuntu.com/usn/USN-915-1 http://www.vupen.com/english/advisories/2009/3297 http://www.vupen.com/english/advisories/2009/3299 http://www.vupen.com/english/advisories/2010/0094 http://www.vupen.com/english/advisories/2010/0648 http://www.vupen.com/english/advisories/2010/0650 Common Vulnerability Exposure (CVE) ID: CVE-2009-3374 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6565 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9789 Common Vulnerability Exposure (CVE) ID: CVE-2009-3375 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10440 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5935 Common Vulnerability Exposure (CVE) ID: CVE-2009-3376 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11218 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6541 Common Vulnerability Exposure (CVE) ID: CVE-2009-3380 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6580 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9463
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.