English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56566
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0328
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0328.

Mozilla Firefox is an open source Web browser.

Several bugs were found in the way Firefox processes malformed javascript.
A malicious web page could modify the content of a different open web page,
possibly stealing sensitive information or conducting a cross-site
scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Firefox processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of chrome, allowing the page to steal
sensitive information or install browser malware. (CVE-2006-1727,
CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)

Several bugs were found in the way Firefox processes malformed web pages.
A carefully crafted malicious web page could cause the execution of
arbitrary code as the user running Firefox. (CVE-2006-0749, CVE-2006-1724,
CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739)

A bug was found in the way Firefox displays the secure site icon. If a
browser is configured to display the non-default secure site modal warning
dialog, it may be possible to trick a user into believing they are viewing
a secure site. (CVE-2006-1740)

A bug was found in the way Firefox allows javascript mutation events on
input form elements. A malicious web page could be created in such a way
that when a user submits a form, an arbitrary file could be uploaded to the
attacker. (CVE-2006-1729)

Users of Firefox are advised to upgrade to these updated packages
containing Firefox version 1.0.8 which corrects these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0328.html
http://www.mozilla.com/firefox/releases/1.0.8.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-0749
BugTraq ID: 17516
http://www.securityfocus.com/bid/17516
Bugtraq: 20060417 ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/431126/100/0/threaded
Cert/CC Advisory: TA06-107A
http://www.us-cert.gov/cas/techalerts/TA06-107A.html
CERT/CC vulnerability note: VU#736934
http://www.kb.cert.org/vuls/id/736934
Debian Security Information: DSA-1044 (Google Search)
http://www.debian.org/security/2006/dsa-1044
Debian Security Information: DSA-1046 (Google Search)
http://www.debian.org/security/2006/dsa-1046
Debian Security Information: DSA-1051 (Google Search)
http://www.debian.org/security/2006/dsa-1051
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
http://www.securityfocus.com/archive/1/436296/100/0/threaded
http://www.securityfocus.com/archive/1/436338/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
HPdes Security Advisory: HPSBTU02118
http://www.securityfocus.com/archive/1/434524/100/0/threaded
HPdes Security Advisory: HPSBUX02122
http://www.securityfocus.com/archive/1/438730/100/0/threaded
HPdes Security Advisory: SSRT061145
HPdes Security Advisory: SSRT061158
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
http://www.zerodayinitiative.com/advisories/ZDI-06-009.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11704
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1848
http://www.redhat.com/support/errata/RHSA-2006-0328.html
http://www.redhat.com/support/errata/RHSA-2006-0329.html
http://www.redhat.com/support/errata/RHSA-2006-0330.html
SCO Security Bulletin: SCOSA-2006.26
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
http://secunia.com/advisories/19631
http://secunia.com/advisories/19696
http://secunia.com/advisories/19714
http://secunia.com/advisories/19721
http://secunia.com/advisories/19729
http://secunia.com/advisories/19746
http://secunia.com/advisories/19759
http://secunia.com/advisories/19780
http://secunia.com/advisories/19794
http://secunia.com/advisories/19811
http://secunia.com/advisories/19821
http://secunia.com/advisories/19823
http://secunia.com/advisories/19852
http://secunia.com/advisories/19862
http://secunia.com/advisories/19863
http://secunia.com/advisories/19902
http://secunia.com/advisories/19941
http://secunia.com/advisories/19950
http://secunia.com/advisories/20051
http://secunia.com/advisories/21033
http://secunia.com/advisories/21622
SGI Security Advisory: 20060404-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
http://securityreason.com/securityalert/729
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
SuSE Security Announcement: SUSE-SA:2006:021 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
SuSE Security Announcement: SUSE-SA:2006:022 (Google Search)
http://www.novell.com/linux/security/advisories/2006_04_25.html
https://usn.ubuntu.com/271-1/
https://usn.ubuntu.com/275-1/
https://usn.ubuntu.com/276-1/
http://www.vupen.com/english/advisories/2006/1356
http://www.vupen.com/english/advisories/2006/3391
XForce ISS Database: mozilla-nshtmlcontentsink-memory-corruption(25819)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25819
Common Vulnerability Exposure (CVE) ID: CVE-2006-1724
1015919
http://securitytracker.com/id?1015919
1015920
http://securitytracker.com/id?1015920
1015921
http://securitytracker.com/id?1015921
102550
17516
19631
19649
http://secunia.com/advisories/19649
19696
19714
19780
19863
19941
21033
21622
22065
http://secunia.com/advisories/22065
22066
http://secunia.com/advisories/22066
228526
ADV-2006-1356
ADV-2006-3748
http://www.vupen.com/english/advisories/2006/3748
ADV-2006-3749
http://www.vupen.com/english/advisories/2006/3749
ADV-2008-0083
http://www.vupen.com/english/advisories/2008/0083
DSA-1046
DSA-1051
FEDORA-2006-410
FEDORA-2006-411
FLSA:189137-2
HPSBTU02118
HPSBUX02153
http://www.securityfocus.com/archive/1/446658/100/200/threaded
HPSBUX02156
http://www.securityfocus.com/archive/1/446657/100/200/threaded
RHSA-2006:0328
RHSA-2006:0330
SCOSA-2006.26
SSRT061145
SSRT061181
SSRT061236
TA06-107A
VU#350262
http://www.kb.cert.org/vuls/id/350262
http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
http://www.mozilla.org/security/announce/2006/mfsa2006-20.html
https://bugzilla.mozilla.org/show_bug.cgi?id=282105
oval:org.mitre.oval:def:10243
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10243
oval:org.mitre.oval:def:1901
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1901
Common Vulnerability Exposure (CVE) ID: CVE-2006-1727
1015926
http://securitytracker.com/id?1015926
1015927
http://securitytracker.com/id?1015927
1015928
http://securitytracker.com/id?1015928
1015929
http://securitytracker.com/id?1015929
19721
19729
19746
19759
19811
19821
19823
19852
19862
19902
19950
20051
20060404-01-U
ADV-2006-3391
DSA-1044
FLSA:189137-1
GLSA-200604-12
GLSA-200604-18
GLSA-200605-09
HPSBUX02122
MDKSA-2006:076
MDKSA-2006:078
RHSA-2006:0329
SSRT061158
SUSE-SA:2006:021
SUSE-SA:2006:022
USN-271-1
USN-275-1
USN-276-1
http://www.mozilla.org/security/announce/2006/mfsa2006-25.html
mozilla-printpreview-privilege-escalation(25824)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25824
oval:org.mitre.oval:def:10364
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10364
oval:org.mitre.oval:def:1649
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1649
Common Vulnerability Exposure (CVE) ID: CVE-2006-1728
1015922
http://securitytracker.com/id?1015922
1015923
http://securitytracker.com/id?1015923
1015924
http://securitytracker.com/id?1015924
1015925
http://securitytracker.com/id?1015925
102763
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
19794
ADV-2007-0058
http://www.vupen.com/english/advisories/2007/0058
MDKSA-2006:075
VU#932734
http://www.kb.cert.org/vuls/id/932734
http://www.mozilla.org/security/announce/2006/mfsa2006-24.html
mozilla-generatecrmfrequest-code-execution(25812)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25812
oval:org.mitre.oval:def:10508
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10508
oval:org.mitre.oval:def:1698
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1698
Common Vulnerability Exposure (CVE) ID: CVE-2006-1729
SUSE-SA:2006:035
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
http://www.mozilla.org/security/announce/2006/mfsa2006-23.html
mozilla-textbox-file-access(25823)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25823
oval:org.mitre.oval:def:10922
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10922
oval:org.mitre.oval:def:1929
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1929
Common Vulnerability Exposure (CVE) ID: CVE-2006-1730
1015915
http://securitytracker.com/id?1015915
1015916
http://securitytracker.com/id?1015916
1015917
http://securitytracker.com/id?1015917
1015918
http://securitytracker.com/id?1015918
20060415 ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability
http://www.securityfocus.com/archive/1/431060/100/0/threaded
720
http://securityreason.com/securityalert/720
VU#179014
http://www.kb.cert.org/vuls/id/179014
http://www.mozilla.org/security/announce/2006/mfsa2006-22.html
http://www.zerodayinitiative.com/advisories/ZDI-06-010.html
mozilla-css-letterspacing-overflow(25826)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25826
oval:org.mitre.oval:def:10055
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10055
oval:org.mitre.oval:def:1614
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1614
Common Vulnerability Exposure (CVE) ID: CVE-2006-1731
http://www.mozilla.org/security/announce/2006/mfsa2006-19.html
mozilla-valueof-xss(25820)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25820
oval:org.mitre.oval:def:1955
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1955
oval:org.mitre.oval:def:9604
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9604
Common Vulnerability Exposure (CVE) ID: CVE-2006-1732
http://www.mozilla.org/security/announce/2006/mfsa2006-17.html
https://bugzilla.mozilla.org/show_bug.cgi?id=313373
mozilla-windows-controllers-xss(25818)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25818
oval:org.mitre.oval:def:10232
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10232
oval:org.mitre.oval:def:1887
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1887
Common Vulnerability Exposure (CVE) ID: CVE-2006-1733
VU#488774
http://www.kb.cert.org/vuls/id/488774
http://www.mozilla.org/security/announce/2006/mfsa2006-16.html
mozilla-valueof-code-execution(25817)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25817
oval:org.mitre.oval:def:10815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10815
oval:org.mitre.oval:def:2020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2020
Common Vulnerability Exposure (CVE) ID: CVE-2006-1734
VU#842094
http://www.kb.cert.org/vuls/id/842094
http://www.mozilla.org/security/announce/2006/mfsa2006-15.html
mozilla-cloneparent-code-execution(25816)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25816
oval:org.mitre.oval:def:10755
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10755
oval:org.mitre.oval:def:1247
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1247
Common Vulnerability Exposure (CVE) ID: CVE-2006-1735
VU#813230
http://www.kb.cert.org/vuls/id/813230
http://www.mozilla.org/security/announce/2006/mfsa2006-14.html
mozilla-xbl-code-execution(25815)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25815
oval:org.mitre.oval:def:1037
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1037
oval:org.mitre.oval:def:10930
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10930
Common Vulnerability Exposure (CVE) ID: CVE-2006-1737
VU#329500
http://www.kb.cert.org/vuls/id/329500
http://www.mozilla.org/security/announce/2006/mfsa2006-11.html
mozilla-javascript-regexpr-memory-corruption(25808)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25808
oval:org.mitre.oval:def:10817
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10817
oval:org.mitre.oval:def:1829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1829
Common Vulnerability Exposure (CVE) ID: CVE-2006-1738
VU#252324
http://www.kb.cert.org/vuls/id/252324
mozilla-mozgrid-memory-corruption(25811)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25811
oval:org.mitre.oval:def:1687
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1687
oval:org.mitre.oval:def:9405
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9405
Common Vulnerability Exposure (CVE) ID: CVE-2006-1739
VU#935556
http://www.kb.cert.org/vuls/id/935556
https://bugzilla.mozilla.org/show_bug.cgi?id=265736
mozilla-css-memory-corruption(25810)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25810
oval:org.mitre.oval:def:1667
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1667
oval:org.mitre.oval:def:9817
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9817
Common Vulnerability Exposure (CVE) ID: CVE-2006-1740
http://www.mozilla.org/security/announce/2006/mfsa2006-12.html
https://bugzilla.mozilla.org/show_bug.cgi?id=271194
mozilla-secure-site-spoofing(25813)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25813
oval:org.mitre.oval:def:10424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10424
oval:org.mitre.oval:def:1811
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1811
Common Vulnerability Exposure (CVE) ID: CVE-2006-1741
http://www.mozilla.org/security/announce/2006/mfsa2006-09.html
mozilla-eventhandler-xss(25806)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25806
oval:org.mitre.oval:def:1855
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1855
oval:org.mitre.oval:def:9167
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9167
Common Vulnerability Exposure (CVE) ID: CVE-2006-1742
VU#492382
http://www.kb.cert.org/vuls/id/492382
http://www.mozilla.org/security/announce/2006/mfsa2006-10.html
mozilla-garbage-memory-corruption(25807)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25807
oval:org.mitre.oval:def:1087
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1087
oval:org.mitre.oval:def:11808
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11808
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.