Test ID:	1.3.6.1.4.1.25623.1.0.55417
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-186-1 (mozilla-firefox)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to mozilla-firefox announced via advisory USN-186-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: mozilla-browser mozilla-calendar mozilla-mailnews mozilla-firefox Peter Zelezny discovered that URLs which are passed to Firefox or Mozilla on the command line are not correctly protected against interpretation by the shell. If Firefox or Mozilla is configured as the default handler for URLs (which is the default in Ubuntu), this could be exploited to execute arbitrary code with user privileges by tricking the user into clicking on a specially crafted URL (for example, in an email or chat client). (CVE-2005-2968, MFSA-2005-59) A buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user's privileges. (MFSA-2005-58) Mats Palmgren discovered a buffer overflow in the Unicode string parser. Unicode strings that contained zero-width non-joiner characters caused a browser crash, which could possibly even exploited to execute arbitrary code with the user's privileges. (MFSA-2005-58) Georgi Guninski reported an integer overflow in the JavaScript engine. This could be exploited to run arbitrary code under some conditions. (MFSA-2005-58) This update also fixes some less critical issues which are described at http://www.mozilla.org/security/announce/mfsa2005-58.html. Solution: On Ubuntu 4.10, the problem can be corrected by upgrading the affected package to version 2:1.7.12-0ubuntu04.10 (mozilla-browser, mozilla-calendar, mozilla-mailnews). On Ubuntu 5.04, the problem can be corrected by upgrading the affected package to version 2:1.7.12-0ubuntu05.04 (mozilla-browser, mozilla-calendar, mozilla-mailnews) and 1.0.7-0ubuntu0.1 (mozilla-firefox). After a standard system upgrade you need to restart all Firefox and Mozilla browsers to effect the necessary changes. Note: The Ubuntu 4.10 version of Firefox is also affected by this. An update will follow shortly. http://www.securityspace.com/smysecure/catid.html?in=USN-186-1 Risk factor : High CVSS Score: 7.5
Cross-Ref:	BugTraq ID: 15495 BugTraq ID: 14888 Common Vulnerability Exposure (CVE) ID: CVE-2005-2968 14888 http://www.securityfocus.com/bid/14888 15495 http://www.securityfocus.com/bid/15495 16869 http://secunia.com/advisories/16869 17042 http://secunia.com/advisories/17042 17090 http://secunia.com/advisories/17090 17149 http://secunia.com/advisories/17149 17263 http://secunia.com/advisories/17263 17284 http://secunia.com/advisories/17284 ADV-2005-1794 http://www.vupen.com/english/advisories/2005/1794 ADV-2005-1824 http://www.vupen.com/english/advisories/2005/1824 DSA-866 http://www.debian.org/security/2005/dsa-866 DSA-868 http://www.debian.org/security/2005/dsa-868 MDKSA-2005:174 http://www.mandriva.com/security/advisories?name=MDKSA-2005:174 RHSA-2005:785 http://www.redhat.com/support/errata/RHSA-2005-785.html RHSA-2005:791 http://www.redhat.com/support/errata/RHSA-2005-791.html SCOSA-2005.49 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt USN-186-1 http://www.ubuntu.com/usn/usn-186-1 USN-186-2 http://www.ubuntu.com/usn/usn-186-2 USN-200-1 http://www.ubuntu.com/usn/usn-200-1 VU#914681 http://www.kb.cert.org/vuls/id/914681 http://www.mozilla.org/security/announce/mfsa2005-58.html https://bugzilla.mozilla.org/show_bug.cgi?id=307185 oval:org.mitre.oval:def:11105 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11105
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.