English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 73247 CVE descriptions
and 39212 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.52977
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-134-1 (mozilla-firefox)
Summary:Ubuntu USN-134-1 (mozilla-firefox)
Description:
The remote host is missing an update to mozilla-firefox
announced via advisory USN-134-1.

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected: mozilla-firefox

It was discovered that a malicious website could inject arbitrary
scripts into a target site by loading it into a frame and navigating
back to a previous Javascript URL that contained an eval() call. This
could be used to steal cookies or other confidential data from the
target site. If the target site is allowed to raise the install
confirmation dialog in Firefox then this flaw even allowed the
malicious site to execute arbitrary code with the privileges of the
Firefox user. By default only the Mozilla Update site is allowed to
attempt software installation
however, users can permit this for
additional sites. (MFSA 2005-42)

Michael Krax, Georgi Guninski, and L. David Baron found that the
security checks that prevent script injection could be bypassed by
wrapping a javascript: url in another pseudo-protocol like
view-source: or jar:. (CVE-2005-1531)

A variant of the attack described in CVE-2005-1160 (see USN-124-1) was
discovered. Additional checks were added to make sure Javascript eval
and Script objects are run with the privileges of the context that
created them, not the potentially elevated privilege of the context
calling them. (CVE-2005-1532)

Solution:
The problem can be corrected by upgrading the affected package to
version 1.0.2-0ubuntu5.3. After doing a standard system upgrade you
need to restart Firefox to effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-134-1

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-1531
http://www.redhat.com/support/errata/RHSA-2005-434.html
http://www.redhat.com/support/errata/RHSA-2005-435.html
SCO Security Bulletin: SCOSA-2005.49
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
BugTraq ID: 15495
http://www.securityfocus.com/bid/15495
BugTraq ID: 13641
http://www.securityfocus.com/bid/13641
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10351
http://www.vupen.com/english/advisories/2005/0530
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100015
http://securitytracker.com/id?1013962
http://securitytracker.com/id?1013963
Common Vulnerability Exposure (CVE) ID: CVE-2005-1532
http://www.redhat.com/support/errata/RHSA-2005-601.html
SuSE Security Announcement: SUSE-SA:2006:022 (Google Search)
http://www.novell.com/linux/security/advisories/2006_04_25.html
SuSE Security Announcement: SUSE-SA:2006:004 (Google Search)
BugTraq ID: 13645
http://www.securityfocus.com/bid/13645
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10791
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100014
http://securitytracker.com/id?1013965
http://securitytracker.com/id?1013964
http://secunia.com/advisories/19823
Common Vulnerability Exposure (CVE) ID: CVE-2005-1160
http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml
http://www.redhat.com/support/errata/RHSA-2005-383.html
http://www.redhat.com/support/errata/RHSA-2005-386.html
http://www.redhat.com/support/errata/RHSA-2005-384.html
BugTraq ID: 13233
http://www.securityfocus.com/bid/13233
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100017
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11291
http://secunia.com/advisories/14938
http://secunia.com/advisories/14992
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 39212 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.