Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2013-0248)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2013.0248

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2013-0248)

Resumen: The remote host is missing an update for the 'firefox, firefox-l10n, thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2013-0248 advisory.

Descripción: Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2013-0248 advisory.

Vulnerability Insight:
Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2013-1701).

Mozilla security researcher moz_bug_r_a4 reported that through an
interaction of frames and browser history it was possible to make
the browser believe attacker-supplied content came from the location
of a previous page in browser history. This allows for cross-site
scripting (XSS) attacks by loading scripts from a misrepresented
malicious site through relative locations and the potential access
of stored credentials of a spoofed site (CVE-2013-1709).

Mozilla security researcher moz_bug_r_a4 reported a mechanism to
execute arbitrary code or a cross-site scripting (XSS) attack when
Certificate Request Message Format (CRMF) request is generated in
certain circumstances (CVE-2013-1710).

Security researcher Cody Crews reported that some Javascript components
will perform checks against the wrong uniform resource identifier
(URI) before performing security sensitive actions. This will return
an incorrect location for the originator of the call. This could be
used to bypass same-origin policy, allowing for cross-site scripting
(XSS) or the installation of malicious add-ons from third-party pages
(CVE-2013-1713).

Mozilla community member Federico Lanusse reported a mechanism where
a web worker can violate same-origin policy and bypass cross-origin
checks through XMLHttpRequest. This could allow for cross-site
scripting (XSS) attacks by web workers (CVE-2013-1714).

Security researcher Georgi Guninski reported an issue with Java
applets where in some circumstances the applet could access files on
the local system when loaded using the a file:/// URI and violate file
origin policy due to interaction with the codebase parameter. This
affects applets running on the local file system. Mozilla developer
John Schoenick later discovered that fixes for this issue were
inadequate and allowed the invocation of Java applets to bypass
security checks in additional circumstances. This could lead to
untrusted Java applets having read-only access on the local files
system if used in conjunction with a method to download a file to a
known or guessable path (CVE-2013-1717).

Affected Software/OS:
'firefox, firefox-l10n, thunderbird, thunderbird-l10n' package(s) on Mageia 2, Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-1701
BugTraq ID: 61874
http://www.securityfocus.com/bid/61874
Debian Security Information: DSA-2735 (Google Search)
http://www.debian.org/security/2013/dsa-2735
Debian Security Information: DSA-2746 (Google Search)
http://www.debian.org/security/2013/dsa-2746
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18514
Common Vulnerability Exposure (CVE) ID: CVE-2013-1709
BugTraq ID: 61867
http://www.securityfocus.com/bid/61867
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18531
Common Vulnerability Exposure (CVE) ID: CVE-2013-1710
BugTraq ID: 61900
http://www.securityfocus.com/bid/61900
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18773
Common Vulnerability Exposure (CVE) ID: CVE-2013-1713
BugTraq ID: 61876
http://www.securityfocus.com/bid/61876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18884
Common Vulnerability Exposure (CVE) ID: CVE-2013-1714
BugTraq ID: 61882
http://www.securityfocus.com/bid/61882
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18002
Common Vulnerability Exposure (CVE) ID: CVE-2013-1717
BugTraq ID: 61896
http://www.securityfocus.com/bid/61896
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18367

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2013.0248
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2013-0248)
Resumen:	The remote host is missing an update for the 'firefox, firefox-l10n, thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2013-0248 advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox, firefox-l10n, thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2013-0248 advisory. Vulnerability Insight: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2013-1701). Mozilla security researcher moz_bug_r_a4 reported that through an interaction of frames and browser history it was possible to make the browser believe attacker-supplied content came from the location of a previous page in browser history. This allows for cross-site scripting (XSS) attacks by loading scripts from a misrepresented malicious site through relative locations and the potential access of stored credentials of a spoofed site (CVE-2013-1709). Mozilla security researcher moz_bug_r_a4 reported a mechanism to execute arbitrary code or a cross-site scripting (XSS) attack when Certificate Request Message Format (CRMF) request is generated in certain circumstances (CVE-2013-1710). Security researcher Cody Crews reported that some Javascript components will perform checks against the wrong uniform resource identifier (URI) before performing security sensitive actions. This will return an incorrect location for the originator of the call. This could be used to bypass same-origin policy, allowing for cross-site scripting (XSS) or the installation of malicious add-ons from third-party pages (CVE-2013-1713). Mozilla community member Federico Lanusse reported a mechanism where a web worker can violate same-origin policy and bypass cross-origin checks through XMLHttpRequest. This could allow for cross-site scripting (XSS) attacks by web workers (CVE-2013-1714). Security researcher Georgi Guninski reported an issue with Java applets where in some circumstances the applet could access files on the local system when loaded using the a file:/// URI and violate file origin policy due to interaction with the codebase parameter. This affects applets running on the local file system. Mozilla developer John Schoenick later discovered that fixes for this issue were inadequate and allowed the invocation of Java applets to bypass security checks in additional circumstances. This could lead to untrusted Java applets having read-only access on the local files system if used in conjunction with a method to download a file to a known or guessable path (CVE-2013-1717). Affected Software/OS: 'firefox, firefox-l10n, thunderbird, thunderbird-l10n' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1701 BugTraq ID: 61874 http://www.securityfocus.com/bid/61874 Debian Security Information: DSA-2735 (Google Search) http://www.debian.org/security/2013/dsa-2735 Debian Security Information: DSA-2746 (Google Search) http://www.debian.org/security/2013/dsa-2746 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18514 Common Vulnerability Exposure (CVE) ID: CVE-2013-1709 BugTraq ID: 61867 http://www.securityfocus.com/bid/61867 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18531 Common Vulnerability Exposure (CVE) ID: CVE-2013-1710 BugTraq ID: 61900 http://www.securityfocus.com/bid/61900 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18773 Common Vulnerability Exposure (CVE) ID: CVE-2013-1713 BugTraq ID: 61876 http://www.securityfocus.com/bid/61876 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18884 Common Vulnerability Exposure (CVE) ID: CVE-2013-1714 BugTraq ID: 61882 http://www.securityfocus.com/bid/61882 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18002 Common Vulnerability Exposure (CVE) ID: CVE-2013-1717 BugTraq ID: 61896 http://www.securityfocus.com/bid/61896 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18367
Copyright	Copyright (C) 2022 Greenbone AG