English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.881481
Category:CentOS Local Security Checks
Title:CentOS Update for firefox CESA-2012:1210 centos6
Summary:The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'firefox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

A web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974,
CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958,
CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963,
CVE-2012-3964)

A web page containing a malicious Scalable Vector Graphics (SVG) image file
could cause Firefox to crash or, potentially, execute arbitrary code with
the privileges of the user running Firefox. (CVE-2012-3969, CVE-2012-3970)

Two flaws were found in the way Firefox rendered certain images using
WebGL. A web page containing malicious content could cause Firefox to crash
or, under certain conditions, possibly execute arbitrary code with the
privileges of the user running Firefox. (CVE-2012-3967, CVE-2012-3968)

A flaw was found in the way Firefox decoded embedded bitmap images in Icon
Format (ICO) files. A web page containing a malicious ICO file could cause
Firefox to crash or, under certain conditions, possibly execute arbitrary
code with the privileges of the user running Firefox. (CVE-2012-3966)

A flaw was found in the way the 'eval' command was handled by the Firefox
Web Console. Running 'eval' in the Web Console while viewing a web page
containing malicious content could possibly cause Firefox to execute
arbitrary code with the privileges of the user running Firefox.
(CVE-2012-3980)

An out-of-bounds memory read flaw was found in the way Firefox used the
format-number feature of XSLT (Extensible Stylesheet Language
Transformations). A web page containing malicious content could possibly
cause an information leak, or cause Firefox to crash. (CVE-2012-3972)

It was found that the SSL certificate information for a previously visited
site could be displayed in the address bar while the main window displayed
a new page. This could lead to phishing attacks as attackers could use this
flaw to trick users into believing they are viewing a trusted site.
(CVE-2012-3976)

A flaw was found in the location object implementation in Firefox.
Malicious content could use this flaw to possibly allow restricted content
to be loaded. (CVE-2012-3978)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 10.0.7 ESR. You can find a link to the Mozilla
advisories in ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
firefox on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1970
BugTraq ID: 55266
http://www.securityfocus.com/bid/55266
Debian Security Information: DSA-2553 (Google Search)
http://www.debian.org/security/2012/dsa-2553
Debian Security Information: DSA-2554 (Google Search)
http://www.debian.org/security/2012/dsa-2554
Debian Security Information: DSA-2556 (Google Search)
http://www.debian.org/security/2012/dsa-2556
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16910
RedHat Security Advisories: RHSA-2012:1210
http://rhn.redhat.com/errata/RHSA-2012-1210.html
RedHat Security Advisories: RHSA-2012:1211
http://rhn.redhat.com/errata/RHSA-2012-1211.html
SuSE Security Announcement: SUSE-SU-2012:1157 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html
SuSE Security Announcement: SUSE-SU-2012:1167 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html
SuSE Security Announcement: openSUSE-SU-2012:1065 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html
http://www.ubuntu.com/usn/USN-1548-1
http://www.ubuntu.com/usn/USN-1548-2
Common Vulnerability Exposure (CVE) ID: CVE-2012-1972
BugTraq ID: 55314
http://www.securityfocus.com/bid/55314
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17017
Common Vulnerability Exposure (CVE) ID: CVE-2012-1973
BugTraq ID: 55316
http://www.securityfocus.com/bid/55316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17045
Common Vulnerability Exposure (CVE) ID: CVE-2012-1974
BugTraq ID: 55317
http://www.securityfocus.com/bid/55317
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17015
Common Vulnerability Exposure (CVE) ID: CVE-2012-1975
BugTraq ID: 55318
http://www.securityfocus.com/bid/55318
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17040
Common Vulnerability Exposure (CVE) ID: CVE-2012-1976
BugTraq ID: 55319
http://www.securityfocus.com/bid/55319
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16818
Common Vulnerability Exposure (CVE) ID: CVE-2012-3956
BugTraq ID: 55320
http://www.securityfocus.com/bid/55320
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16997
Common Vulnerability Exposure (CVE) ID: CVE-2012-3957
BugTraq ID: 55341
http://www.securityfocus.com/bid/55341
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16940
Common Vulnerability Exposure (CVE) ID: CVE-2012-3958
BugTraq ID: 55323
http://www.securityfocus.com/bid/55323
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16782
Common Vulnerability Exposure (CVE) ID: CVE-2012-3959
BugTraq ID: 55324
http://www.securityfocus.com/bid/55324
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16805
Common Vulnerability Exposure (CVE) ID: CVE-2012-3960
BugTraq ID: 55325
http://www.securityfocus.com/bid/55325
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16853
Common Vulnerability Exposure (CVE) ID: CVE-2012-3961
BugTraq ID: 55321
http://www.securityfocus.com/bid/55321
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16514
Common Vulnerability Exposure (CVE) ID: CVE-2012-3962
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16494
Common Vulnerability Exposure (CVE) ID: CVE-2012-3963
BugTraq ID: 55340
http://www.securityfocus.com/bid/55340
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16437
Common Vulnerability Exposure (CVE) ID: CVE-2012-3964
BugTraq ID: 55322
http://www.securityfocus.com/bid/55322
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16857
Common Vulnerability Exposure (CVE) ID: CVE-2012-3966
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16246
Common Vulnerability Exposure (CVE) ID: CVE-2012-3967
BugTraq ID: 55277
http://www.securityfocus.com/bid/55277
Common Vulnerability Exposure (CVE) ID: CVE-2012-3968
BugTraq ID: 55276
http://www.securityfocus.com/bid/55276
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16280
Common Vulnerability Exposure (CVE) ID: CVE-2012-3969
BugTraq ID: 55292
http://www.securityfocus.com/bid/55292
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16635
Common Vulnerability Exposure (CVE) ID: CVE-2012-3970
BugTraq ID: 55278
http://www.securityfocus.com/bid/55278
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16876
Common Vulnerability Exposure (CVE) ID: CVE-2012-3972
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16234
Common Vulnerability Exposure (CVE) ID: CVE-2012-3976
BugTraq ID: 55313
http://www.securityfocus.com/bid/55313
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16060
Common Vulnerability Exposure (CVE) ID: CVE-2012-3978
BugTraq ID: 55306
http://www.securityfocus.com/bid/55306
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16923
Common Vulnerability Exposure (CVE) ID: CVE-2012-3980
BugTraq ID: 55257
http://www.securityfocus.com/bid/55257
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17000
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2024 E-Soft Inc. All rights reserved.