 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.52681 |
| Category: | FreeBSD Local Security Checks |
| Title: | FreeBSD Ports: firefox |
| Summary: | The remote host is missing an update to the system; as announced in the referenced advisory. |
| Description: | Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: firefox linux-firefox mozilla linux-mozilla linux-mozilla-devel netscape7 de-linux-mozillafirebird el-linux-mozillafirebird ja-linux-mozillafirebird-gtk1 ja-mozillafirebird-gtk2 linux-mozillafirebird ru-linux-mozillafirebird zhCN-linux-mozillafirebird zhTW-linux-mozillafirebird de-linux-netscape de-netscape7 fr-linux-netscape fr-netscape7 ja-linux-netscape ja-netscape7 linux-netscape linux-phoenix mozilla+ipv6 mozilla-embedded mozilla-firebird mozilla-gtk1 mozilla-gtk2 mozilla-gtk mozilla-thunderbird phoenix pt_BR-netscape7 CVE-2005-1476 Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477. CVE-2005-1477 The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-1476 BugTraq ID: 13544 http://www.securityfocus.com/bid/13544 BugTraq ID: 15495 http://www.securityfocus.com/bid/15495 CERT/CC vulnerability note: VU#534710 http://www.kb.cert.org/vuls/id/534710 http://marc.info/?l=full-disclosure&m=111553138007647&w=2 http://marc.info/?l=full-disclosure&m=111556301530553&w=2 http://greyhatsecurity.org/firefox.htm http://greyhatsecurity.org/vulntests/ffrc.htm https://bugzilla.mozilla.org/show_bug.cgi?id=292691 https://bugzilla.mozilla.org/show_bug.cgi?id=293302 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10045 http://www.redhat.com/support/errata/RHSA-2005-434.html http://www.redhat.com/support/errata/RHSA-2005-435.html SCO Security Bulletin: SCOSA-2005.49 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://securitytracker.com/id?1013913 http://secunia.com/advisories/15292 http://www.vupen.com/english/advisories/2005/0493 XForce ISS Database: mozilla-javascript-code-execution(20443) https://exchange.xforce.ibmcloud.com/vulnerabilities/20443 Common Vulnerability Exposure (CVE) ID: CVE-2005-1477 CERT/CC vulnerability note: VU#648758 http://www.kb.cert.org/vuls/id/648758 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100001 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9231 |
| Copyright | Copyright (C) 2008 E-Soft Inc. |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |