Test ID:	1.3.6.1.4.1.25623.1.0.56236
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2006:0200
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2006:0200. Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's Javascript interpreter derefernces objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Firefox to execute arbitrary javascript when a user runs Firefox. (CVE-2006-0296) A denial of service bug was found in the way Firefox saves history information. If a user visits a web page with a very long title, it is possible Firefox will crash or take a very long time the next time it is run. (CVE-2005-4134) This update also fixes a bug when using XSLT to transform documents. Passing DOM Nodes as parameters to functions expecting an xsl:param could cause Firefox to throw an exception. Users of Firefox are advised to upgrade to this updated package, which contains backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0200.html Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-4134 BugTraq ID: 15773 http://www.securityfocus.com/bid/15773 BugTraq ID: 16476 http://www.securityfocus.com/bid/16476 Debian Security Information: DSA-1044 (Google Search) http://www.debian.org/security/2006/dsa-1044 Debian Security Information: DSA-1046 (Google Search) http://www.debian.org/security/2006/dsa-1046 Debian Security Information: DSA-1051 (Google Search) http://www.debian.org/security/2006/dsa-1051 http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html http://www.securityfocus.com/archive/1/425978/100/0/threaded http://www.securityfocus.com/archive/1/425975/100/0/threaded http://marc.info/?l=full-disclosure&m=113405896025702&w=2 http://marc.info/?l=full-disclosure&m=113404911919629&w=2 http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml HPdes Security Advisory: HPSBUX02122 http://www.securityfocus.com/archive/1/438730/100/0/threaded HPdes Security Advisory: SSRT061158 http://www.mandriva.com/security/advisories?name=MDKSA-2006:036 http://www.mandriva.com/security/advisories?name=MDKSA-2006:037 http://www.mozilla.org/security/history-title.html http://www.networksecurity.fi/advisories/netscape-history.html http://www.osvdb.org/21533 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619 http://www.redhat.com/support/errata/RHSA-2006-0199.html http://www.redhat.com/support/errata/RHSA-2006-0200.html SCO Security Bulletin: SCOSA-2006.26 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt http://securitytracker.com/id?1015328 http://secunia.com/advisories/17934 http://secunia.com/advisories/17944 http://secunia.com/advisories/17946 http://secunia.com/advisories/18700 http://secunia.com/advisories/18704 http://secunia.com/advisories/18705 http://secunia.com/advisories/18706 http://secunia.com/advisories/18708 http://secunia.com/advisories/18709 http://secunia.com/advisories/19230 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http://secunia.com/advisories/19852 http://secunia.com/advisories/19862 http://secunia.com/advisories/19863 http://secunia.com/advisories/19902 http://secunia.com/advisories/19941 http://secunia.com/advisories/21033 http://secunia.com/advisories/21622 SGI Security Advisory: 20060201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1 https://usn.ubuntu.com/271-1/ https://usn.ubuntu.com/275-1/ http://www.vupen.com/english/advisories/2005/2805 http://www.vupen.com/english/advisories/2006/0413 http://www.vupen.com/english/advisories/2006/3391 Common Vulnerability Exposure (CVE) ID: CVE-2006-0292 1015570 http://securitytracker.com/id?1015570 102550 16476 18700 18703 http://secunia.com/advisories/18703 18704 18705 18706 18708 18709 19230 19746 19759 19780 http://secunia.com/advisories/19780 19821 http://secunia.com/advisories/19821 19823 http://secunia.com/advisories/19823 19852 19862 19863 19902 19941 19950 http://secunia.com/advisories/19950 20051 http://secunia.com/advisories/20051 20060201-01-U 21033 21622 22065 http://secunia.com/advisories/22065 228526 ADV-2006-0413 ADV-2006-3391 ADV-2006-3749 http://www.vupen.com/english/advisories/2006/3749 DSA-1044 DSA-1046 DSA-1051 FEDORA-2006-075 FEDORA-2006-076 FLSA-2006:180036-2 FLSA:180036-1 GLSA-200604-12 GLSA-200604-18 GLSA-200605-09 http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml HPSBUX02122 HPSBUX02156 http://www.securityfocus.com/archive/1/446657/100/200/threaded MDKSA-2006:036 MDKSA-2006:037 MDKSA-2006:078 http://www.mandriva.com/security/advisories?name=MDKSA-2006:078 RHSA-2006:0199 RHSA-2006:0200 RHSA-2006:0330 http://www.redhat.com/support/errata/RHSA-2006-0330.html SCOSA-2006.26 SSRT061158 SSRT061236 SUSE-SA:2006:022 http://www.novell.com/linux/security/advisories/2006_04_25.html USN-271-1 USN-275-1 USN-276-1 https://usn.ubuntu.com/276-1/ http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.mozilla.org/security/announce/2006/mfsa2006-01.html https://bugzilla.mozilla.org/show_bug.cgi?id=316885 mozilla-javascript-memory-corruption(24430) https://exchange.xforce.ibmcloud.com/vulnerabilities/24430 oval:org.mitre.oval:def:10016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016 oval:org.mitre.oval:def:670 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670 Common Vulnerability Exposure (CVE) ID: CVE-2006-0296 TA06-038A http://www.us-cert.gov/cas/techalerts/TA06-038A.html VU#592425 http://www.kb.cert.org/vuls/id/592425 http://www.mozilla.org/security/announce/2006/mfsa2006-05.html https://bugzilla.mozilla.org/show_bug.cgi?id=319847 mozilla-xuldocument-command-execution(24434) https://exchange.xforce.ibmcloud.com/vulnerabilities/24434 oval:org.mitre.oval:def:11803 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11803 oval:org.mitre.oval:def:1493 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1493
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.