Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56566
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0328
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0328.

Mozilla Firefox is an open source Web browser.

Several bugs were found in the way Firefox processes malformed javascript.
A malicious web page could modify the content of a different open web page,
possibly stealing sensitive information or conducting a cross-site
scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Firefox processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of chrome, allowing the page to steal
sensitive information or install browser malware. (CVE-2006-1727,
CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)

Several bugs were found in the way Firefox processes malformed web pages.
A carefully crafted malicious web page could cause the execution of
arbitrary code as the user running Firefox. (CVE-2006-0749, CVE-2006-1724,
CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739)

A bug was found in the way Firefox displays the secure site icon. If a
browser is configured to display the non-default secure site modal warning
dialog, it may be possible to trick a user into believing they are viewing
a secure site. (CVE-2006-1740)

A bug was found in the way Firefox allows javascript mutation events on
input form elements. A malicious web page could be created in such a way
that when a user submits a form, an arbitrary file could be uploaded to the
attacker. (CVE-2006-1729)

Users of Firefox are advised to upgrade to these updated packages
containing Firefox version 1.0.8 which corrects these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0328.html
http://www.mozilla.com/firefox/releases/1.0.8.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-0749
BugTraq ID: 17516
http://www.securityfocus.com/bid/17516
Bugtraq: 20060417 ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/431126/100/0/threaded
Cert/CC Advisory: TA06-107A
http://www.us-cert.gov/cas/techalerts/TA06-107A.html
CERT/CC vulnerability note: VU#736934
http://www.kb.cert.org/vuls/id/736934
Debian Security Information: DSA-1044 (Google Search)
http://www.debian.org/security/2006/dsa-1044
Debian Security Information: DSA-1046 (Google Search)
http://www.debian.org/security/2006/dsa-1046
Debian Security Information: DSA-1051 (Google Search)
http://www.debian.org/security/2006/dsa-1051
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
http://www.securityfocus.com/archive/1/436296/100/0/threaded
http://www.securityfocus.com/archive/1/436338/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
HPdes Security Advisory: HPSBTU02118
http://www.securityfocus.com/archive/1/434524/100/0/threaded
HPdes Security Advisory: HPSBUX02122
http://www.securityfocus.com/archive/1/438730/100/0/threaded
HPdes Security Advisory: SSRT061145
HPdes Security Advisory: SSRT061158
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
http://www.zerodayinitiative.com/advisories/ZDI-06-009.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11704
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1848
http://www.redhat.com/support/errata/RHSA-2006-0328.html
http://www.redhat.com/support/errata/RHSA-2006-0329.html
http://www.redhat.com/support/errata/RHSA-2006-0330.html
SCO Security Bulletin: SCOSA-2006.26
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
http://secunia.com/advisories/19631
http://secunia.com/advisories/19696
http://secunia.com/advisories/19714
http://secunia.com/advisories/19721
http://secunia.com/advisories/19729
http://secunia.com/advisories/19746
http://secunia.com/advisories/19759
http://secunia.com/advisories/19780
http://secunia.com/advisories/19794
http://secunia.com/advisories/19811
http://secunia.com/advisories/19821
http://secunia.com/advisories/19823
http://secunia.com/advisories/19852
http://secunia.com/advisories/19862
http://secunia.com/advisories/19863
http://secunia.com/advisories/19902
http://secunia.com/advisories/19941
http://secunia.com/advisories/19950
http://secunia.com/advisories/20051
http://secunia.com/advisories/21033
http://secunia.com/advisories/21622
SGI Security Advisory: 20060404-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
http://securityreason.com/securityalert/729
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
SuSE Security Announcement: SUSE-SA:2006:021 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
SuSE Security Announcement: SUSE-SA:2006:022 (Google Search)
http://www.novell.com/linux/security/advisories/2006_04_25.html
https://usn.ubuntu.com/271-1/
https://usn.ubuntu.com/275-1/
https://usn.ubuntu.com/276-1/
http://www.vupen.com/english/advisories/2006/1356
http://www.vupen.com/english/advisories/2006/3391
XForce ISS Database: mozilla-nshtmlcontentsink-memory-corruption(25819)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25819
Common Vulnerability Exposure (CVE) ID: CVE-2006-1724
CERT/CC vulnerability note: VU#350262
http://www.kb.cert.org/vuls/id/350262
HPdes Security Advisory: HPSBUX02153
http://www.securityfocus.com/archive/1/446658/100/200/threaded
HPdes Security Advisory: HPSBUX02156
http://www.securityfocus.com/archive/1/446657/100/200/threaded
HPdes Security Advisory: SSRT061181
HPdes Security Advisory: SSRT061236
https://bugzilla.mozilla.org/show_bug.cgi?id=282105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10243
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1901
http://securitytracker.com/id?1015919
http://securitytracker.com/id?1015920
http://securitytracker.com/id?1015921
http://secunia.com/advisories/19649
http://secunia.com/advisories/22065
http://secunia.com/advisories/22066
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/3749
http://www.vupen.com/english/advisories/2008/0083
Common Vulnerability Exposure (CVE) ID: CVE-2006-1727
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10364
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1649
http://securitytracker.com/id?1015926
http://securitytracker.com/id?1015927
http://securitytracker.com/id?1015928
http://securitytracker.com/id?1015929
XForce ISS Database: mozilla-printpreview-privilege-escalation(25824)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25824
Common Vulnerability Exposure (CVE) ID: CVE-2006-1728
CERT/CC vulnerability note: VU#932734
http://www.kb.cert.org/vuls/id/932734
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10508
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1698
http://securitytracker.com/id?1015922
http://securitytracker.com/id?1015923
http://securitytracker.com/id?1015924
http://securitytracker.com/id?1015925
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
http://www.vupen.com/english/advisories/2007/0058
XForce ISS Database: mozilla-generatecrmfrequest-code-execution(25812)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25812
Common Vulnerability Exposure (CVE) ID: CVE-2006-1729
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10922
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1929
SuSE Security Announcement: SUSE-SA:2006:035 (Google Search)
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
XForce ISS Database: mozilla-textbox-file-access(25823)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25823
Common Vulnerability Exposure (CVE) ID: CVE-2006-1730
Bugtraq: 20060415 ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/431060/100/0/threaded
CERT/CC vulnerability note: VU#179014
http://www.kb.cert.org/vuls/id/179014
http://www.zerodayinitiative.com/advisories/ZDI-06-010.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10055
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1614
http://securitytracker.com/id?1015915
http://securitytracker.com/id?1015916
http://securitytracker.com/id?1015917
http://securitytracker.com/id?1015918
http://securityreason.com/securityalert/720
XForce ISS Database: mozilla-css-letterspacing-overflow(25826)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25826
Common Vulnerability Exposure (CVE) ID: CVE-2006-1731
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1955
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9604
XForce ISS Database: mozilla-valueof-xss(25820)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25820
Common Vulnerability Exposure (CVE) ID: CVE-2006-1732
https://bugzilla.mozilla.org/show_bug.cgi?id=313373
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10232
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1887
XForce ISS Database: mozilla-windows-controllers-xss(25818)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25818
Common Vulnerability Exposure (CVE) ID: CVE-2006-1733
CERT/CC vulnerability note: VU#488774
http://www.kb.cert.org/vuls/id/488774
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020
XForce ISS Database: mozilla-valueof-code-execution(25817)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25817
Common Vulnerability Exposure (CVE) ID: CVE-2006-1734
CERT/CC vulnerability note: VU#842094
http://www.kb.cert.org/vuls/id/842094
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10755
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1247
XForce ISS Database: mozilla-cloneparent-code-execution(25816)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25816
Common Vulnerability Exposure (CVE) ID: CVE-2006-1735
CERT/CC vulnerability note: VU#813230
http://www.kb.cert.org/vuls/id/813230
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1037
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10930
XForce ISS Database: mozilla-xbl-code-execution(25815)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25815
Common Vulnerability Exposure (CVE) ID: CVE-2006-1737
CERT/CC vulnerability note: VU#329500
http://www.kb.cert.org/vuls/id/329500
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10817
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1829
XForce ISS Database: mozilla-javascript-regexpr-memory-corruption(25808)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25808
Common Vulnerability Exposure (CVE) ID: CVE-2006-1738
CERT/CC vulnerability note: VU#252324
http://www.kb.cert.org/vuls/id/252324
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1687
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9405
XForce ISS Database: mozilla-mozgrid-memory-corruption(25811)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25811
Common Vulnerability Exposure (CVE) ID: CVE-2006-1739
CERT/CC vulnerability note: VU#935556
http://www.kb.cert.org/vuls/id/935556
https://bugzilla.mozilla.org/show_bug.cgi?id=265736
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1667
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9817
XForce ISS Database: mozilla-css-memory-corruption(25810)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25810
Common Vulnerability Exposure (CVE) ID: CVE-2006-1740
https://bugzilla.mozilla.org/show_bug.cgi?id=271194
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1811
XForce ISS Database: mozilla-secure-site-spoofing(25813)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25813
Common Vulnerability Exposure (CVE) ID: CVE-2006-1741
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9167
XForce ISS Database: mozilla-eventhandler-xss(25806)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25806
Common Vulnerability Exposure (CVE) ID: CVE-2006-1742
CERT/CC vulnerability note: VU#492382
http://www.kb.cert.org/vuls/id/492382
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1087
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11808
XForce ISS Database: mozilla-garbage-memory-corruption(25807)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25807
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.