Test ID:	1.3.6.1.4.1.25623.1.0.55292
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-181-1 (mozilla-firefox)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mozilla-firefox announced via advisory USN-181-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: mozilla-browser mozilla-firefox mozilla-thunderbird Tom Ferris discovered a buffer overflow in the Mozilla products (Mozilla browser, Firefox, Thunderbird). By tricking an user to click on a Hyperlink with a specially crafted destination URL, a remote attacker could crash the application. It might even be possible to exploit this vulnerability to execute arbitrary code, but this has not yet been confirmed. Solution: On Ubuntu 4.10, the problem can be corrected by upgrading the affected packages to version 1.7.10-0ubuntu04.10.1 (mozilla-browser), 1.0.6-0ubuntu04.10.1 (mozilla-thunderbird), and 1.0.6-0ubuntu0.0.2 (mozilla-firefox). On Ubuntu 5.04, the problem can be corrected by upgrading the affected packages to version 1.7.10-0ubuntu05.04.1 (mozilla-browser), 1.0.6-0ubuntu05.04.1 (mozilla-thunderbird), and 1.0.6-0ubuntu0.2 (mozilla-firefox). After a standard system upgrade you need to restart all running Firefox, Mozilla, and Thunderbird instances to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-181-1 Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 14784 Common Vulnerability Exposure (CVE) ID: CVE-2005-2871 http://www.securityfocus.com/bid/14784 CERT/CC vulnerability note: VU#573857 http://www.kb.cert.org/vuls/id/573857 Computer Incident Advisory Center Bulletin: P-303 http://www.ciac.org/ciac/bulletins/p-303.shtml Debian Security Information: DSA-837 (Google Search) http://www.debian.org/security/2005/dsa-837 Debian Security Information: DSA-866 (Google Search) http://www.debian.org/security/2005/dsa-866 Debian Security Information: DSA-868 (Google Search) http://www.debian.org/security/2005/dsa-868 http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00004.html http://marc.info/?l=full-disclosure&m=112624614008387&w=2 http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0316.html http://www.gentoo.org/security/en/glsa/glsa-200509-11.xml HPdes Security Advisory: HPSBUX01133 HPdes Security Advisory: SSRT5940 http://www.mandriva.com/security/advisories?name=MDKSA-2005:174 http://www.securiteam.com/securitynews/5RP0B0UGVW.html http://www.security-protocols.com/advisory/sp-x17-advisory.txt http://www.security-protocols.com/firefox-death.html http://www.osvdb.org/19255 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1287 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A584 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9608 http://www.redhat.com/support/errata/RHSA-2005-768.html http://www.redhat.com/support/errata/RHSA-2005-769.html http://www.redhat.com/support/errata/RHSA-2005-791.html http://securitytracker.com/id?1014877 http://secunia.com/advisories/16764 http://secunia.com/advisories/16766 http://secunia.com/advisories/16767 http://secunia.com/advisories/17042 http://secunia.com/advisories/17090 http://secunia.com/advisories/17263 http://secunia.com/advisories/17284 http://securityreason.com/securityalert/83 http://www.ubuntu.com/usn/usn-181-1 http://www.vupen.com/english/advisories/2005/1690 http://www.vupen.com/english/advisories/2005/1691 http://www.vupen.com/english/advisories/2005/1824 XForce ISS Database: mozilla-url-bo(22207) https://exchange.xforce.ibmcloud.com/vulnerabilities/22207
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.