English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2014.0259
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2014-0259)
Resumen:The remote host is missing an update for the 'iceape' package(s) announced via the MGASA-2014-0259 advisory.
Descripción:Summary:
The remote host is missing an update for the 'iceape' package(s) announced via the MGASA-2014-0259 advisory.

Vulnerability Insight:
Updated iceape packages fix security issues:

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before
24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial
of service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors. (CVE-2014-1518)

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to
cause a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors. (CVE-2014-1519)

The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web
Audio subsystem in Mozilla Firefox before 29.0 and SeaMonkey before 2.26
allows remote attackers to execute arbitrary code or cause a denial of
service (out-of-bounds read, memory corruption, and application crash)
via crafted content. (CVE-2014-1522)

Heap-based buffer overflow in the read_u32 function in Mozilla Firefox
before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and
SeaMonkey before 2.26 allows remote attackers to cause a denial of service
(out-of-bounds read and application crash) via a crafted JPEG image.
(CVE-2014-1523)

The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox
before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and
SeaMonkey before 2.26 does not properly check whether objects are XBL
objects, which allows remote attackers to execute arbitrary code or cause
a denial of service (buffer overflow) via crafted JavaScript code that
accesses a non-XBL object as if it were an XBL object. (CVE-2014-1524)

The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before
29.0 and SeaMonkey before 2.26 does not properly perform garbage
collection for Text Track Manager variables, which allows remote
attackers to execute arbitrary code or cause a denial of service
(use-after-free and heap memory corruption) via a crafted VIDEO element
in an HTML document. (CVE-2014-1525)

The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x
before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows
remote attackers to bypass intended source-component restrictions and
execute arbitrary JavaScript code in a privileged context via a crafted
web page for which Notification.permission is granted. (CVE-2014-1529)

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR
24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26
allows remote attackers to trigger the loading of a URL with a spoofed
baseURI property, and conduct cross-site scripting (XSS) attacks, via a
crafted web site that performs history navigation. (CVE-2014-1530)

Use-after-free vulnerability in the nsGenericHTMLElement::
GetWidthHeightForImage function in Mozilla ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'iceape' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-1518
BugTraq ID: 67123
http://www.securityfocus.com/bid/67123
Debian Security Information: DSA-2918 (Google Search)
http://www.debian.org/security/2014/dsa-2918
Debian Security Information: DSA-2924 (Google Search)
http://www.debian.org/security/2014/dsa-2924
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html
https://security.gentoo.org/glsa/201504-01
RedHat Security Advisories: RHSA-2014:0448
http://rhn.redhat.com/errata/RHSA-2014-0448.html
RedHat Security Advisories: RHSA-2014:0449
http://rhn.redhat.com/errata/RHSA-2014-0449.html
http://www.securitytracker.com/id/1030163
http://www.securitytracker.com/id/1030164
http://secunia.com/advisories/59866
SuSE Security Announcement: SUSE-SU-2014:0665 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html
SuSE Security Announcement: SUSE-SU-2014:0727 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html
SuSE Security Announcement: openSUSE-SU-2014:0599 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html
SuSE Security Announcement: openSUSE-SU-2014:0602 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html
SuSE Security Announcement: openSUSE-SU-2014:0629 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html
SuSE Security Announcement: openSUSE-SU-2014:0640 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-05/msg00040.html
http://www.ubuntu.com/usn/USN-2185-1
http://www.ubuntu.com/usn/USN-2189-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-1519
Common Vulnerability Exposure (CVE) ID: CVE-2014-1522
Common Vulnerability Exposure (CVE) ID: CVE-2014-1523
BugTraq ID: 67129
http://www.securityfocus.com/bid/67129
http://www.securitytracker.com/id/1030165
Common Vulnerability Exposure (CVE) ID: CVE-2014-1524
BugTraq ID: 67131
http://www.securityfocus.com/bid/67131
Common Vulnerability Exposure (CVE) ID: CVE-2014-1525
Common Vulnerability Exposure (CVE) ID: CVE-2014-1526
Common Vulnerability Exposure (CVE) ID: CVE-2014-1529
BugTraq ID: 67135
http://www.securityfocus.com/bid/67135
Common Vulnerability Exposure (CVE) ID: CVE-2014-1530
BugTraq ID: 67137
http://www.securityfocus.com/bid/67137
Common Vulnerability Exposure (CVE) ID: CVE-2014-1531
BugTraq ID: 67134
http://www.securityfocus.com/bid/67134
Common Vulnerability Exposure (CVE) ID: CVE-2014-1532
BugTraq ID: 67130
http://www.securityfocus.com/bid/67130
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.