English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72022 CVE descriptions
and 38680 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60657
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1535-1 (iceweasel)
Summary:Debian Security Advisory DSA 1535-1 (iceweasel)
Description:The remote host is missing an update to iceweasel
announced via advisory DSA 1535-1.

Several remote vulnerabilities have been discovered in the Iceweasel
web browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following
problems:

CVE-2007-4879

Peter Brodersen and Alexander Klink discovered that the
autoselection of SSL client certificates could lead to users
being tracked, resulting in a loss of privacy.

CVE-2008-1233

moz_bug_r_a4 discovered that variants of CVE-2007-3738 and
CVE-2007-5338 allow the execution of arbitrary code through
XPCNativeWrapper.

CVE-2008-1234

moz_bug_r_a4 discovered that insecure handling of event
handlers could lead to cross-site scripting.

CVE-2008-1235

Boris Zbarsky, Johnny Stenback, and moz_bug_r_a4 discovered
that incorrect principal handling can lead to cross-site
scripting and the execution of arbitrary code.

CVE-2008-1236

Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats
Palmgren discovered crashes in the layout engine, which might
allow the execution of arbitrary code.

CVE-2008-1237

georgi, tgirmann and Igor Bukanov discovered crashes in the
Javascript engine, which might allow the execution of arbitrary
code.

CVE-2008-1238

Gregory Fleischer discovered that HTTP Referrer headers were
handled incorrectly in combination with URLs containing Basic
Authentication credentials with empty usernames, resulting
in potential Cross-Site Request Forgery attacks.

CVE-2008-1240

Gregory Fleischer discovered that web content fetched through
the jar: protocol can use Java to connect to arbitrary ports.
This is only an issue in combination with the non-free Java
plugin.

CVE-2008-1241

Chris Thomas discovered that background tabs could generate
XUL popups overlaying the current tab, resulting in potential
spoofing attacks.

For the stable distribution (etch), these problems have been fixed in
version 2.0.0.13-0etch1.

The Mozilla products from the old stable distribution (sarge) are no
longer supported.

We recommend that you upgrade your iceweasel packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201535-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-4879
Bugtraq: 20080327 rPSA-2008-0128-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/490196/100/0/threaded
http://0x90.eu/ff_tls_poc.html
Debian Security Information: DSA-1532 (Google Search)
http://www.debian.org/security/2008/dsa-1532
Debian Security Information: DSA-1534 (Google Search)
http://www.debian.org/security/2008/dsa-1534
Debian Security Information: DSA-1535 (Google Search)
http://www.debian.org/security/2008/dsa-1535
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:080
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
SuSE Security Announcement: SUSE-SA:2008:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html
http://www.ubuntu.com/usn/usn-592-1
Cert/CC Advisory: TA08-087A
http://www.us-cert.gov/cas/techalerts/TA08-087A.html
BugTraq ID: 28448
http://www.securityfocus.com/bid/28448
http://www.vupen.com/english/advisories/2008/0998/references
http://www.vupen.com/english/advisories/2008/1793/references
http://www.securitytracker.com/id?1019704
http://secunia.com/advisories/29560
http://secunia.com/advisories/29539
http://secunia.com/advisories/29558
http://secunia.com/advisories/29616
http://secunia.com/advisories/29526
http://secunia.com/advisories/29541
http://secunia.com/advisories/29547
http://secunia.com/advisories/29645
http://secunia.com/advisories/30327
http://secunia.com/advisories/30620
Common Vulnerability Exposure (CVE) ID: CVE-2008-1233
Debian Security Information: DSA-1574 (Google Search)
http://www.debian.org/security/2008/dsa-1574
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
RedHat Security Advisories: RHSA-2008:0208
http://rhn.redhat.com/errata/RHSA-2008-0208.html
http://www.redhat.com/support/errata/RHSA-2008-0207.html
http://www.redhat.com/support/errata/RHSA-2008-0209.html
http://marc.info/?l=slackware-security&m=121022465927874&w=2
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
http://www.ubuntu.com/usn/usn-605-1
CERT/CC vulnerability note: VU#466521
http://www.kb.cert.org/vuls/id/466521
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11078
http://www.vupen.com/english/advisories/2008/0999/references
http://www.vupen.com/english/advisories/2008/2091/references
http://www.securitytracker.com/id?1019694
http://secunia.com/advisories/29391
http://secunia.com/advisories/29548
http://secunia.com/advisories/29550
http://secunia.com/advisories/29607
http://secunia.com/advisories/30016
http://secunia.com/advisories/30094
http://secunia.com/advisories/30370
http://secunia.com/advisories/31043
http://secunia.com/advisories/30192
http://secunia.com/advisories/30105
XForce ISS Database: mozilla-settimeout-code-execution(41443)
http://xforce.iss.net/xforce/xfdb/41443
Common Vulnerability Exposure (CVE) ID: CVE-2008-1234
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9551
XForce ISS Database: firefox-eventhandlers-xss(41455)
http://xforce.iss.net/xforce/xfdb/41455
Common Vulnerability Exposure (CVE) ID: CVE-2008-1235
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10980
XForce ISS Database: mozilla-principal-code-execution(41457)
http://xforce.iss.net/xforce/xfdb/41457
Common Vulnerability Exposure (CVE) ID: CVE-2008-1236
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11788
http://www.securitytracker.com/id?1019695
XForce ISS Database: mozilla-layoutengine-code-execution(41445)
http://xforce.iss.net/xforce/xfdb/41445
Common Vulnerability Exposure (CVE) ID: CVE-2008-1237
SuSE Security Announcement: SUSE-SR:2008:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9651
XForce ISS Database: firefox-javascript-engine-code-execution(41446)
http://xforce.iss.net/xforce/xfdb/41446
Common Vulnerability Exposure (CVE) ID: CVE-2008-1238
http://sla.ckers.org/forum/read.php?10,20033
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9889
http://www.securitytracker.com/id?1019703
XForce ISS Database: mozilla-http-referrer-spoofing(41449)
http://xforce.iss.net/xforce/xfdb/41449
Common Vulnerability Exposure (CVE) ID: CVE-2008-1240
XForce ISS Database: mozilla-liveconnect-unauthorized-access(41458)
http://xforce.iss.net/xforce/xfdb/41458
Common Vulnerability Exposure (CVE) ID: CVE-2008-1241
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11163
http://www.securitytracker.com/id?1019700
XForce ISS Database: firefox-xul-popup-spoofing(41454)
http://xforce.iss.net/xforce/xfdb/41454
Common Vulnerability Exposure (CVE) ID: CVE-2007-3738
Bugtraq: 20070720 rPSA-2007-0148-1 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/474226/100/0/threaded
Bugtraq: 20070724 FLEA-2007-0033-1: firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/474542/100/0/threaded
Debian Security Information: DSA-1337 (Google Search)
http://www.debian.org/security/2007/dsa-1337
Debian Security Information: DSA-1338 (Google Search)
http://www.debian.org/security/2007/dsa-1338
Debian Security Information: DSA-1339 (Google Search)
http://www.debian.org/security/2007/dsa-1339
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://www.redhat.com/support/errata/RHSA-2007-0722.html
http://www.redhat.com/support/errata/RHSA-2007-0723.html
http://www.redhat.com/support/errata/RHSA-2007-0724.html
SGI Security Advisory: 20070701-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
SuSE Security Announcement: SUSE-SA:2007:049 (Google Search)
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
SuSE Security Announcement: SUSE-SA:2007:057 (Google Search)
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
http://www.ubuntu.com/usn/usn-490-1
BugTraq ID: 24946
http://www.securityfocus.com/bid/24946
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9875
http://www.vupen.com/english/advisories/2007/2564
http://www.vupen.com/english/advisories/2007/4256
http://www.securitytracker.com/id?1018414
http://secunia.com/advisories/26095
http://secunia.com/advisories/26103
http://secunia.com/advisories/26106
http://secunia.com/advisories/26107
http://secunia.com/advisories/25589
http://secunia.com/advisories/26179
http://secunia.com/advisories/26149
http://secunia.com/advisories/26151
http://secunia.com/advisories/26072
http://secunia.com/advisories/26211
http://secunia.com/advisories/26216
http://secunia.com/advisories/26204
http://secunia.com/advisories/26205
http://secunia.com/advisories/26159
http://secunia.com/advisories/26271
http://secunia.com/advisories/26258
http://secunia.com/advisories/26460
http://secunia.com/advisories/28135
XForce ISS Database: firefox-xpcnativewrapper-code-execution(35460)
http://xforce.iss.net/xforce/xfdb/35460
Common Vulnerability Exposure (CVE) ID: CVE-2007-5338
Bugtraq: 20071029 FLEA-2007-0062-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482925/100/0/threaded
Bugtraq: 20071026 rPSA-2007-0225-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482876/100/200/threaded
Bugtraq: 20071029 rPSA-2007-0225-2 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/482932/100/200/threaded
Debian Security Information: DSA-1396 (Google Search)
http://www.debian.org/security/2007/dsa-1396
Debian Security Information: DSA-1401 (Google Search)
http://www.debian.org/security/2007/dsa-1401
Debian Security Information: DSA-1392 (Google Search)
http://www.debian.org/security/2007/dsa-1392
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://www.redhat.com/support/errata/RHSA-2007-0979.html
http://www.redhat.com/support/errata/RHSA-2007-0980.html
http://www.redhat.com/support/errata/RHSA-2007-0981.html
http://www.ubuntulinux.org/support/documentation/usn/usn-535-1
http://www.ubuntu.com/usn/usn-536-1
BugTraq ID: 26132
http://www.securityfocus.com/bid/26132
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10965
http://www.vupen.com/english/advisories/2007/3544
http://www.vupen.com/english/advisories/2007/3587
http://www.vupen.com/english/advisories/2008/0083
http://securitytracker.com/id?1018836
http://secunia.com/advisories/27276
http://secunia.com/advisories/27325
http://secunia.com/advisories/27327
http://secunia.com/advisories/27335
http://secunia.com/advisories/27356
http://secunia.com/advisories/27383
http://secunia.com/advisories/27425
http://secunia.com/advisories/27403
http://secunia.com/advisories/27480
http://secunia.com/advisories/27387
http://secunia.com/advisories/27298
http://secunia.com/advisories/27311
http://secunia.com/advisories/27315
http://secunia.com/advisories/27336
http://secunia.com/advisories/27665
http://secunia.com/advisories/27414
http://secunia.com/advisories/27680
http://secunia.com/advisories/27360
http://secunia.com/advisories/28398
XForce ISS Database: mozilla-xpcnativewrapper-code-execution(37288)
http://xforce.iss.net/xforce/xfdb/37288
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 38680 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.