Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0328

The remote host is missing updates announced in
advisory RHSA-2006:0328.

Mozilla Firefox is an open source Web browser.

Several bugs were found in the way Firefox processes malformed javascript.
A malicious web page could modify the content of a different open web page,
possibly stealing sensitive information or conducting a cross-site
scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Firefox processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of chrome, allowing the page to steal
sensitive information or install browser malware. (CVE-2006-1727,
CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)

Several bugs were found in the way Firefox processes malformed web pages.
A carefully crafted malicious web page could cause the execution of
arbitrary code as the user running Firefox. (CVE-2006-0749, CVE-2006-1724,
CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739)

A bug was found in the way Firefox displays the secure site icon. If a
browser is configured to display the non-default secure site modal warning
dialog, it may be possible to trick a user into believing they are viewing
a secure site. (CVE-2006-1740)

A bug was found in the way Firefox allows javascript mutation events on
input form elements. A malicious web page could be created in such a way
that when a user submits a form, an arbitrary file could be uploaded to the
attacker. (CVE-2006-1729)

Users of Firefox are advised to upgrade to these updated packages
containing Firefox version 1.0.8 which corrects these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-0749
BugTraq ID: 17516
Bugtraq: 20060417 ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability (Google Search)
Cert/CC Advisory: TA06-107A
CERT/CC vulnerability note: VU#736934
Debian Security Information: DSA-1044 (Google Search)
Debian Security Information: DSA-1046 (Google Search)
Debian Security Information: DSA-1051 (Google Search)
HPdes Security Advisory: HPSBTU02118
HPdes Security Advisory: HPSBUX02122
HPdes Security Advisory: SSRT061145
HPdes Security Advisory: SSRT061158
SCO Security Bulletin: SCOSA-2006.26
SGI Security Advisory: 20060404-01-U
SuSE Security Announcement: SUSE-SA:2006:021 (Google Search)
SuSE Security Announcement: SUSE-SA:2006:022 (Google Search)
XForce ISS Database: mozilla-nshtmlcontentsink-memory-corruption(25819)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1724
CERT/CC vulnerability note: VU#350262
HPdes Security Advisory: HPSBUX02153
HPdes Security Advisory: HPSBUX02156
HPdes Security Advisory: SSRT061181
HPdes Security Advisory: SSRT061236
Common Vulnerability Exposure (CVE) ID: CVE-2006-1727
XForce ISS Database: mozilla-printpreview-privilege-escalation(25824)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1728
CERT/CC vulnerability note: VU#932734
XForce ISS Database: mozilla-generatecrmfrequest-code-execution(25812)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1729
SuSE Security Announcement: SUSE-SA:2006:035 (Google Search)
XForce ISS Database: mozilla-textbox-file-access(25823)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1730
Bugtraq: 20060415 ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability (Google Search)
CERT/CC vulnerability note: VU#179014
XForce ISS Database: mozilla-css-letterspacing-overflow(25826)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1731
XForce ISS Database: mozilla-valueof-xss(25820)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1732
XForce ISS Database: mozilla-windows-controllers-xss(25818)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1733
CERT/CC vulnerability note: VU#488774
XForce ISS Database: mozilla-valueof-code-execution(25817)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1734
CERT/CC vulnerability note: VU#842094
XForce ISS Database: mozilla-cloneparent-code-execution(25816)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1735
CERT/CC vulnerability note: VU#813230
XForce ISS Database: mozilla-xbl-code-execution(25815)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1737
CERT/CC vulnerability note: VU#329500
XForce ISS Database: mozilla-javascript-regexpr-memory-corruption(25808)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1738
CERT/CC vulnerability note: VU#252324
XForce ISS Database: mozilla-mozgrid-memory-corruption(25811)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1739
CERT/CC vulnerability note: VU#935556
XForce ISS Database: mozilla-css-memory-corruption(25810)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1740
XForce ISS Database: mozilla-secure-site-spoofing(25813)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1741
XForce ISS Database: mozilla-eventhandler-xss(25806)
Common Vulnerability Exposure (CVE) ID: CVE-2006-1742
CERT/CC vulnerability note: VU#492382
XForce ISS Database: mozilla-garbage-memory-corruption(25807)
CopyrightCopyright (c) 2006 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.