English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.831421
Categoría:Mandrake Local Security Checks
Título:Mandriva Update for mozilla MDVSA-2011:111 (mozilla)
Resumen:The remote host is missing an update for the 'mozilla'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'mozilla'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Security issues were identified and fixed in mozilla firefox and
thunderbird:

Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative two instances of code which modifies SVG element lists
failed to account for changes made to the list by user-supplied
callbacks before accessing list elements. If a user-supplied callback
deleted such an object, the element-modifying code could wind up
accessing deleted memory and potentially executing attacker-controlled
memory. regenrecht also reported via TippingPoint's Zero Day Initiative
that a XUL document could force the nsXULCommandDispatcher to remove
all command updaters from the queue, including the one currently
in use. This could result in the execution of deleted memory which
an attacker could use to run arbitrary code on a victim's computer
(CVE-2011-0083, CVE-2011-0085, CVE-2011-2363).

Mozilla security researcher David Chan reported that cookies set for
example.com. (note the trailing dot) and example.com were treated as
interchangeable. This is a violation of same-origin conventions and
could potentially lead to leakage of cookie data to the wrong party
(CVE-2011-2362).

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2011-2364,
CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376).

Security researchers Chris Rohlf and Yan Ivnitskiy of Matasano Security
reported that when a JavaScript Array object had its length set to an
extremely large value, the iteration of array elements that occurs
when its reduceRight method was subsequently called could result in
the execution of attacker controlled memory due to an invalid index
value being used to access element properties (CVE-2011-2371).

Security researcher Martin Barbella reported that under certain
conditions, viewing a XUL document while JavaScript was disabled
caused deleted memory to be accessed. This flaw could potentially
be used by an attacker to crash a victim's browser and run arbitrary
code on their computer (CVE-2011-2373).

Security researcher Jordi Chancel reported a crash on
multipart/x- ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
mozilla on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0083
Debian Security Information: DSA-2268 (Google Search)
http://www.debian.org/security/2011/dsa-2268
Debian Security Information: DSA-2269 (Google Search)
http://www.debian.org/security/2011/dsa-2269
Debian Security Information: DSA-2273 (Google Search)
http://www.debian.org/security/2011/dsa-2273
http://www.mandriva.com/security/advisories?name=MDVSA-2011:111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13543
http://www.redhat.com/support/errata/RHSA-2011-0885.html
http://www.redhat.com/support/errata/RHSA-2011-0886.html
http://www.redhat.com/support/errata/RHSA-2011-0887.html
http://www.redhat.com/support/errata/RHSA-2011-0888.html
http://secunia.com/advisories/45002
SuSE Security Announcement: SUSE-SA:2011:028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html
http://www.ubuntu.com/usn/USN-1149-1
Common Vulnerability Exposure (CVE) ID: CVE-2011-0085
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14432
Common Vulnerability Exposure (CVE) ID: CVE-2011-2363
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14046
Common Vulnerability Exposure (CVE) ID: CVE-2011-2362
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13693
Common Vulnerability Exposure (CVE) ID: CVE-2011-2364
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13318
Common Vulnerability Exposure (CVE) ID: CVE-2011-2365
BugTraq ID: 48368
http://www.securityfocus.com/bid/48368
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14184
Common Vulnerability Exposure (CVE) ID: CVE-2011-2374
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14123
XForce ISS Database: thunderbird-memory-ce(68128)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68128
Common Vulnerability Exposure (CVE) ID: CVE-2011-2375
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14071
Common Vulnerability Exposure (CVE) ID: CVE-2011-2376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14396
Common Vulnerability Exposure (CVE) ID: CVE-2011-2371
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13987
http://securityreason.com/securityalert/8472
Common Vulnerability Exposure (CVE) ID: CVE-2011-2373
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14178
XForce ISS Database: thunderbird-xul-code-exec(68133)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68133
Common Vulnerability Exposure (CVE) ID: CVE-2011-2377
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13872
CopyrightCopyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.