English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.54020
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2005:028 (Mozilla. Mozilla Firefox)
Summary:SuSE Security Advisory SUSE-SA:2005:028 (Mozilla. Mozilla Firefox)
Description:
The remote host is missing updates announced in
advisory SUSE-SA:2005:028.

Several problems have been fixed with the security update releases
of the Mozilla Firefox 1.0.3 web browser and the Mozilla Suite 1.7.7.

This security update contains those security fixes. The Firefox
packages have been directly upgraded to the version 1.0.3, for
the Mozilla Suite packages the fixes up to version 1.7.7 have been
back ported.

Updates are currently provided for:

Mozilla Firefox: SUSE Linux 9.0 up to 9.3, Novell Linux Desktop 9
Mozilla Suite: SUSE Linux 9.2 and 9.3

Fixes of the Mozilla Suite for older products (SUSE Linux 8.2 - 9.1,
SUSE Linux Enterprise Server 8 and 9, SUSE Linux Desktop 1.0) are
being worked on.

Following security issues have been fixed:
- MFSA 2005-33,CVE-2005-0989:
A flaw in the Javascript regular expression handling of Mozilla
based browser can lead to disclosure of browser memory, potentially
exposing private data from web pages viewed or passwords or
similar data sent to other web pages. This flaw could also crash
the browser.

- MFSA 2005-34,CVE-2005-0752:
With manual Plugin install it was possible for the Plugin to
execute javascript code with the installing users privileges.

- MFSA 2005-35,CVE-2005-1153:
Showing blocked javascript: pop up uses wrong privilege context,
this could be used for a privilege escalation (installing malicious
plugins).

- MFSA 2005-36,CVE-2005-1154:
Cross-site scripting through global scope pollution, this could
lead to an attacker being able to run code in foreign websites
context, potentially sniffing information or performing actions
in that context.

- MFSA 2005-37,CVE-2005-1155,firelinking:
Code execution through javascript: favicons, which could be used
for a privilege escalation.

- MFSA 2005-38,CVE-2005-1157,CVE-2005-1156,firesearching:
Search Plugin cross-site scripting.

- MFSA 2005-39,CVE-2005-1158:
Arbitrary code execution from Firefox sidebar panel II.

- MFSA 2005-40,CVE-2005-1159:
Missing Install object instance checks.

- MFSA 2005-41,CVE-2005-1160:
Privilege escalation via DOM property overrides.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2005:028

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-0989
http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml
HPdes Security Advisory: HPSBUX01133
HPdes Security Advisory: SSRT5940
http://www.redhat.com/support/errata/RHSA-2005-383.html
http://www.redhat.com/support/errata/RHSA-2005-386.html
http://www.redhat.com/support/errata/RHSA-2005-384.html
http://www.redhat.com/support/errata/RHSA-2005-601.html
SCO Security Bulletin: SCOSA-2005.49
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
SuSE Security Announcement: SUSE-SA:2006:022 (Google Search)
http://www.novell.com/linux/security/advisories/2006_04_25.html
SuSE Security Announcement: SUSE-SA:2006:004 (Google Search)
BugTraq ID: 15495
http://www.securityfocus.com/bid/15495
BugTraq ID: 12988
http://www.securityfocus.com/bid/12988
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100025
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11706
http://securitytracker.com/id?1013635
http://securitytracker.com/id?1013643
http://secunia.com/advisories/14820
http://secunia.com/advisories/14821
http://secunia.com/advisories/19823
Common Vulnerability Exposure (CVE) ID: CVE-2005-0752
BugTraq ID: 13228
http://www.securityfocus.com/bid/13228
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100024
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10279
http://secunia.com/advisories/14938
Common Vulnerability Exposure (CVE) ID: CVE-2005-1153
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100023
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9584
http://secunia.com/advisories/14992
Common Vulnerability Exposure (CVE) ID: CVE-2005-1154
BugTraq ID: 13230
http://www.securityfocus.com/bid/13230
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100022
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10339
Common Vulnerability Exposure (CVE) ID: CVE-2005-1155
http://www.mikx.de/firelinking/
CERT/CC vulnerability note: VU#973309
http://www.kb.cert.org/vuls/id/973309
BugTraq ID: 13216
http://www.securityfocus.com/bid/13216
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100021
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10655
Common Vulnerability Exposure (CVE) ID: CVE-2005-1156
http://www.mikx.de/firesearching/
BugTraq ID: 13211
http://www.securityfocus.com/bid/13211
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100020
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11230
http://securitytracker.com/id?1013745
http://secunia.com/advisories/14996
XForce ISS Database: mozilla-plugin-xss(20125)
http://xforce.iss.net/xforce/xfdb/20125
Common Vulnerability Exposure (CVE) ID: CVE-2005-1157
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9961
Common Vulnerability Exposure (CVE) ID: CVE-2005-1158
BugTraq ID: 13231
http://www.securityfocus.com/bid/13231
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100019
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11734
Common Vulnerability Exposure (CVE) ID: CVE-2005-1159
BugTraq ID: 13232
http://www.securityfocus.com/bid/13232
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100018
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10629
http://securitytracker.com/id?1013742
http://securitytracker.com/id?1013743
XForce ISS Database: mozilla-installtrigger-command-execution(20123)
http://xforce.iss.net/xforce/xfdb/20123
Common Vulnerability Exposure (CVE) ID: CVE-2005-1160
BugTraq ID: 13233
http://www.securityfocus.com/bid/13233
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100017
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11291
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.