English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.52763
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2005:434
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2005:434.

Several bugs were found in the way Firefox executes javascript code.
Javascript executed from a web page should run with a restricted access
level, preventing dangerous actions. It is possible that a malicious web
page could execute javascript code with elevated privileges, allowing
access to protected data and functions. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CVE-2005-1476,
CVE-2005-1477, CVE-2005-1531, and CVE-2005-1532 to these issues.

Please note that the effects of CVE-2005-1477 are mitigated by the default
setup, which allows only the Mozilla Update site to attempt installation of
Firefox extensions. The Mozilla Update site has been modified to prevent
this attack from working. If other URLs have been manually added to the
whitelist, it may be possible to execute this attack.

Users of Firefox are advised to upgrade to this updated package which
contains Firefox version 1.0.4 which is not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-434.html
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox1.0.4

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-1476
BugTraq ID: 13544
http://www.securityfocus.com/bid/13544
BugTraq ID: 15495
http://www.securityfocus.com/bid/15495
CERT/CC vulnerability note: VU#534710
http://www.kb.cert.org/vuls/id/534710
http://marc.info/?l=full-disclosure&m=111553138007647&w=2
http://marc.info/?l=full-disclosure&m=111556301530553&w=2
http://greyhatsecurity.org/firefox.htm
http://greyhatsecurity.org/vulntests/ffrc.htm
https://bugzilla.mozilla.org/show_bug.cgi?id=292691
https://bugzilla.mozilla.org/show_bug.cgi?id=293302
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10045
http://www.redhat.com/support/errata/RHSA-2005-434.html
http://www.redhat.com/support/errata/RHSA-2005-435.html
SCO Security Bulletin: SCOSA-2005.49
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
http://securitytracker.com/id?1013913
http://secunia.com/advisories/15292
http://www.vupen.com/english/advisories/2005/0493
XForce ISS Database: mozilla-javascript-code-execution(20443)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20443
Common Vulnerability Exposure (CVE) ID: CVE-2005-1477
CERT/CC vulnerability note: VU#648758
http://www.kb.cert.org/vuls/id/648758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9231
Common Vulnerability Exposure (CVE) ID: CVE-2005-1531
1013962
http://securitytracker.com/id?1013962
1013963
http://securitytracker.com/id?1013963
13641
http://www.securityfocus.com/bid/13641
15495
ADV-2005-0530
http://www.vupen.com/english/advisories/2005/0530
RHSA-2005:434
RHSA-2005:435
SCOSA-2005.49
http://www.mozilla.org/security/announce/mfsa2005-43.html
oval:org.mitre.oval:def:100015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100015
oval:org.mitre.oval:def:10351
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10351
Common Vulnerability Exposure (CVE) ID: CVE-2005-1532
1013964
http://securitytracker.com/id?1013964
1013965
http://securitytracker.com/id?1013965
13645
http://www.securityfocus.com/bid/13645
19823
http://secunia.com/advisories/19823
RHSA-2005:601
http://www.redhat.com/support/errata/RHSA-2005-601.html
SUSE-SA:2006:022
http://www.novell.com/linux/security/advisories/2006_04_25.html
http://www.mozilla.org/security/announce/mfsa2005-44.html
oval:org.mitre.oval:def:100014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100014
oval:org.mitre.oval:def:10791
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10791
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.