English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.10.2013.0248
Category:Mageia Linux Local Security Checks
Title:Mageia: Security Advisory (MGASA-2013-0248)
Summary:The remote host is missing an update for the 'firefox, firefox-l10n, thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2013-0248 advisory.
Description:Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2013-0248 advisory.

Vulnerability Insight:
Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2013-1701).

Mozilla security researcher moz_bug_r_a4 reported that through an
interaction of frames and browser history it was possible to make
the browser believe attacker-supplied content came from the location
of a previous page in browser history. This allows for cross-site
scripting (XSS) attacks by loading scripts from a misrepresented
malicious site through relative locations and the potential access
of stored credentials of a spoofed site (CVE-2013-1709).

Mozilla security researcher moz_bug_r_a4 reported a mechanism to
execute arbitrary code or a cross-site scripting (XSS) attack when
Certificate Request Message Format (CRMF) request is generated in
certain circumstances (CVE-2013-1710).

Security researcher Cody Crews reported that some Javascript components
will perform checks against the wrong uniform resource identifier
(URI) before performing security sensitive actions. This will return
an incorrect location for the originator of the call. This could be
used to bypass same-origin policy, allowing for cross-site scripting
(XSS) or the installation of malicious add-ons from third-party pages
(CVE-2013-1713).

Mozilla community member Federico Lanusse reported a mechanism where
a web worker can violate same-origin policy and bypass cross-origin
checks through XMLHttpRequest. This could allow for cross-site
scripting (XSS) attacks by web workers (CVE-2013-1714).

Security researcher Georgi Guninski reported an issue with Java
applets where in some circumstances the applet could access files on
the local system when loaded using the a file:/// URI and violate file
origin policy due to interaction with the codebase parameter. This
affects applets running on the local file system. Mozilla developer
John Schoenick later discovered that fixes for this issue were
inadequate and allowed the invocation of Java applets to bypass
security checks in additional circumstances. This could lead to
untrusted Java applets having read-only access on the local files
system if used in conjunction with a method to download a file to a
known or guessable path (CVE-2013-1717).

Affected Software/OS:
'firefox, firefox-l10n, thunderbird, thunderbird-l10n' package(s) on Mageia 2, Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1701
BugTraq ID: 61874
http://www.securityfocus.com/bid/61874
Debian Security Information: DSA-2735 (Google Search)
http://www.debian.org/security/2013/dsa-2735
Debian Security Information: DSA-2746 (Google Search)
http://www.debian.org/security/2013/dsa-2746
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18514
Common Vulnerability Exposure (CVE) ID: CVE-2013-1709
BugTraq ID: 61867
http://www.securityfocus.com/bid/61867
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18531
Common Vulnerability Exposure (CVE) ID: CVE-2013-1710
BugTraq ID: 61900
http://www.securityfocus.com/bid/61900
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18773
Common Vulnerability Exposure (CVE) ID: CVE-2013-1713
BugTraq ID: 61876
http://www.securityfocus.com/bid/61876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18884
Common Vulnerability Exposure (CVE) ID: CVE-2013-1714
BugTraq ID: 61882
http://www.securityfocus.com/bid/61882
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18002
Common Vulnerability Exposure (CVE) ID: CVE-2013-1717
BugTraq ID: 61896
http://www.securityfocus.com/bid/61896
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18367
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.