 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.131152 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2015-0477) |
| Summary: | The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss' package(s) announced via the MGASA-2015-0477 advisory. |
| Description: | Summary: The remote host is missing an update for the 'firefox, firefox-l10n, nspr, nss' package(s) announced via the MGASA-2015-0477 advisory. Vulnerability Insight: Updated firefox packages fix security vulnerabilities: Multiple memory safety issues in Firefox were discovered. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7201). Ronald Crane discovered a buffer overflow through code inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7205). Looben Yang discovered a use-after-free in WebRTC when closing channels in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7210). Abhishek Arya discovered an integer overflow when allocating large textures. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7212). Ronald Crane discovered an integer overflow when processing MP4 format video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7213). Tsubasa Iinuma discovered a way to bypass same-origin restrictions using data: and view-source: URLs. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information and read local files (CVE-2015-7214). Gerald Squelart discovered an integer underflow in the libstagefright library when parsing MP4 format video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7222). Affected Software/OS: 'firefox, firefox-l10n, nspr, nss' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-7201 BugTraq ID: 79279 http://www.securityfocus.com/bid/79279 Debian Security Information: DSA-3422 (Google Search) http://www.debian.org/security/2015/dsa-3422 Debian Security Information: DSA-3432 (Google Search) http://www.debian.org/security/2016/dsa-3432 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html https://security.gentoo.org/glsa/201512-10 RedHat Security Advisories: RHSA-2015:2657 http://rhn.redhat.com/errata/RHSA-2015-2657.html http://www.securitytracker.com/id/1034426 SuSE Security Announcement: SUSE-SU-2015:2334 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.html SuSE Security Announcement: SUSE-SU-2015:2335 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.html SuSE Security Announcement: SUSE-SU-2015:2336 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.html SuSE Security Announcement: openSUSE-SU-2015:2353 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html SuSE Security Announcement: openSUSE-SU-2015:2380 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.html SuSE Security Announcement: openSUSE-SU-2015:2406 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.html SuSE Security Announcement: openSUSE-SU-2016:0307 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html SuSE Security Announcement: openSUSE-SU-2016:0308 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.ubuntu.com/usn/USN-2833-1 http://www.ubuntu.com/usn/USN-2859-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-7205 Common Vulnerability Exposure (CVE) ID: CVE-2015-7210 BugTraq ID: 79283 http://www.securityfocus.com/bid/79283 Common Vulnerability Exposure (CVE) ID: CVE-2015-7212 Common Vulnerability Exposure (CVE) ID: CVE-2015-7213 Common Vulnerability Exposure (CVE) ID: CVE-2015-7214 Common Vulnerability Exposure (CVE) ID: CVE-2015-7222 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |