ID de Prueba:	1.3.6.1.4.1.25623.1.0.831674
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for mozilla MDVSA-2012:088 (mozilla)
Resumen:	The remote host is missing an update for the 'mozilla'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'mozilla' package(s) announced via the referenced advisory. Vulnerability Insight: Security issues were identified and fixed in mozilla firefox and thunderbird: Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure (CVE-2012-1947) Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column (CVE-2012-1940). Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns (CVE-2012-1941). Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: mozilla on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2 Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1947 Debian Security Information: DSA-2488 (Google Search) http://www.debian.org/security/2012/dsa-2488 Debian Security Information: DSA-2489 (Google Search) http://www.debian.org/security/2012/dsa-2489 http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16911 RedHat Security Advisories: RHSA-2012:0710 http://rhn.redhat.com/errata/RHSA-2012-0710.html RedHat Security Advisories: RHSA-2012:0715 http://rhn.redhat.com/errata/RHSA-2012-0715.html SuSE Security Announcement: SUSE-SU-2012:0746 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html SuSE Security Announcement: openSUSE-SU-2012:0760 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html Common Vulnerability Exposure (CVE) ID: CVE-2012-1940 BugTraq ID: 53794 http://www.securityfocus.com/bid/53794 Debian Security Information: DSA-2499 (Google Search) http://www.debian.org/security/2012/dsa-2499 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17054 Common Vulnerability Exposure (CVE) ID: CVE-2012-1941 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16985 Common Vulnerability Exposure (CVE) ID: CVE-2012-1946 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17010 http://secunia.com/advisories/49981 Common Vulnerability Exposure (CVE) ID: CVE-2012-1945 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16743 Common Vulnerability Exposure (CVE) ID: CVE-2012-1944 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17005 Common Vulnerability Exposure (CVE) ID: CVE-2012-1938 BugTraq ID: 53796 http://www.securityfocus.com/bid/53796 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17058 Common Vulnerability Exposure (CVE) ID: CVE-2012-1939 Common Vulnerability Exposure (CVE) ID: CVE-2012-1937 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17055 Common Vulnerability Exposure (CVE) ID: CVE-2011-3101 BugTraq ID: 53540 http://www.securityfocus.com/bid/53540 http://security.gentoo.org/glsa/glsa-201205-03.xml http://www.securitytracker.com/id?1027067 SuSE Security Announcement: openSUSE-SU-2012:0656 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html XForce ISS Database: chrome-nvidia-code-exec(75606) https://exchange.xforce.ibmcloud.com/vulnerabilities/75606 Common Vulnerability Exposure (CVE) ID: CVE-2012-0441 BugTraq ID: 53798 http://www.securityfocus.com/bid/53798 Debian Security Information: DSA-2490 (Google Search) http://www.debian.org/security/2012/dsa-2490 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16701 http://secunia.com/advisories/49976 http://secunia.com/advisories/50316 http://www.ubuntu.com/usn/USN-1540-1 http://www.ubuntu.com/usn/USN-1540-2
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.