 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.871386 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Update for firefox RHSA-2015:1207-01 |
| Resumen: | The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'firefox' package(s) announced via the referenced advisory. Vulnerability Insight: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2722, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) It was found that Firefox skipped key-pinning checks when handling an error that could be overridden by the user (for example an expired certificate error). This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform. (CVE-2015-2741) A flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined with another vulnerability, it could allow execution of arbitrary code with the privileges of the user running Firefox. (CVE-2015-2743) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Jann Horn, Paul Bandha, Holger Fuhrmannek, Herre, Looben Yan, Ronald Crane, and Jonas Jenwald as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.1 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. Affected Software/OS: firefox on Red Hat Enterprise Linux (v. 5 server), Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Server (v. 7), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-2722 BugTraq ID: 75541 http://www.securityfocus.com/bid/75541 https://security.gentoo.org/glsa/201512-10 RedHat Security Advisories: RHSA-2015:1207 http://rhn.redhat.com/errata/RHSA-2015-1207.html http://www.securitytracker.com/id/1032783 http://www.securitytracker.com/id/1032784 SuSE Security Announcement: SUSE-SU-2015:1268 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html SuSE Security Announcement: SUSE-SU-2015:1269 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html SuSE Security Announcement: SUSE-SU-2015:1449 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html SuSE Security Announcement: openSUSE-SU-2015:1229 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.ubuntu.com/usn/USN-2656-1 http://www.ubuntu.com/usn/USN-2656-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-2724 Debian Security Information: DSA-3300 (Google Search) http://www.debian.org/security/2015/dsa-3300 Debian Security Information: DSA-3324 (Google Search) http://www.debian.org/security/2015/dsa-3324 RedHat Security Advisories: RHSA-2015:1455 http://rhn.redhat.com/errata/RHSA-2015-1455.html http://www.ubuntu.com/usn/USN-2673-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2725 Common Vulnerability Exposure (CVE) ID: CVE-2015-2727 Common Vulnerability Exposure (CVE) ID: CVE-2015-2728 Common Vulnerability Exposure (CVE) ID: CVE-2015-2729 Common Vulnerability Exposure (CVE) ID: CVE-2015-2731 Common Vulnerability Exposure (CVE) ID: CVE-2015-2733 Common Vulnerability Exposure (CVE) ID: CVE-2015-2734 Common Vulnerability Exposure (CVE) ID: CVE-2015-2735 Common Vulnerability Exposure (CVE) ID: CVE-2015-2736 Common Vulnerability Exposure (CVE) ID: CVE-2015-2737 Common Vulnerability Exposure (CVE) ID: CVE-2015-2738 Common Vulnerability Exposure (CVE) ID: CVE-2015-2739 Common Vulnerability Exposure (CVE) ID: CVE-2015-2740 Common Vulnerability Exposure (CVE) ID: CVE-2015-2741 Common Vulnerability Exposure (CVE) ID: CVE-2015-2743 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |