 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2014.0518 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2014-0518) |
| Summary: | The remote host is missing an update for the 'iceape' package(s) announced via the MGASA-2014-0518 advisory. |
| Description: | Summary: The remote host is missing an update for the 'iceape' package(s) announced via the MGASA-2014-0518 advisory. Vulnerability Insight: When the oxygen-gtk was active and iceape tried to draw a menu (for example after a mouse down event on the menu bar), a segmentation fault was triggered causing iceape to crash. The oxygen-gtk theme engine contains a solution for this problem, this is now enabled for iceape. (MGA #12978) Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (CVE-2014-1587, CVE-2014-1588) A method was found to trigger chrome level XML Binding Language (XBL) bindings through web content. This was possible because some chrome accessible CSS stylesheets had their primary namespace improperly declared. When this occurred, it was possible to use these stylesheets to manipulate XBL bindings, allowing web content to bypass security restrictions. This issue was limited to a specific set of stylesheets. (CVE-2014-1589) In Iceape (seamonkey) before version 2.31, passing a JavaScript object to XMLHttpRequest that mimics an input stream will result in a crash. This crash is not exploitable and can only be used for denial of service attacks. (CVE-2014-1590) Content Security Policy (CSP) violation reports triggered by a redirect did not remove path information as required by the CSP specification in Iceape (seamonkey) 2.30. This potentially reveals information about the redirect that would not otherwise be known to the original site. This could be used by a malicious site to obtain sensitive information such as usernames or single-sign-on tokens encoded within the target URLs. (CVE-2014-1591) In Iceape (seamonkey) before version 2.31, a use-after-free could be created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash. (CVE-2014-1592) A buffer overflow during the parsing of media content was found using the Address Sanitizer tool. This leads to a potentially exploitable crash. (CVE-2014-1593) A bad casting from the BasicThebesLayer to BasicContainerLayer resulted in undefined behavior. This behavior is potentially exploitable with some compilers but no clear mechanism to trigger it through web content was identified. (CVE-2014-1594) When chrome objects are protected by Chrome Object Wrappers (COW) and are passed as native interfaces, if this is done with some methods, normally protected objects may be accessible to native methods exposed to web content. (CVE-2014-8631) When XrayWrappers filter object properties and validation of the object initially occurs, one set of object properties will appear to be available. Later, when the XrayWrappers are removed, a more expansive set of properties is ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'iceape' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-1587 BugTraq ID: 71391 http://www.securityfocus.com/bid/71391 Debian Security Information: DSA-3090 (Google Search) http://www.debian.org/security/2014/dsa-3090 Debian Security Information: DSA-3092 (Google Search) http://www.debian.org/security/2014/dsa-3092 https://security.gentoo.org/glsa/201504-01 SuSE Security Announcement: openSUSE-SU-2015:0138 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1588 Common Vulnerability Exposure (CVE) ID: CVE-2014-1589 Common Vulnerability Exposure (CVE) ID: CVE-2014-1590 BugTraq ID: 71397 http://www.securityfocus.com/bid/71397 Common Vulnerability Exposure (CVE) ID: CVE-2014-1591 Common Vulnerability Exposure (CVE) ID: CVE-2014-1592 BugTraq ID: 71398 http://www.securityfocus.com/bid/71398 Common Vulnerability Exposure (CVE) ID: CVE-2014-1593 BugTraq ID: 71395 http://www.securityfocus.com/bid/71395 Common Vulnerability Exposure (CVE) ID: CVE-2014-1594 BugTraq ID: 71396 http://www.securityfocus.com/bid/71396 Common Vulnerability Exposure (CVE) ID: CVE-2014-8631 Common Vulnerability Exposure (CVE) ID: CVE-2014-8632 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |