Debian Local Security Checks : Debian: Security Advisory (DSA-1192-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.57486
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1192-1)
Summary:	The remote host is missing an update for the Debian 'mozilla' package(s) announced via the DSA-1192-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'mozilla' package(s) announced via the DSA-1192-1 advisory. Vulnerability Insight: Several security related problems have been discovered in Mozilla and derived products such as Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code. CVE-2006-4340 Daniel Bleichenbacher recently described an implementation error in RSA signature verification that cause the application to incorrectly trust SSL certificates. CVE-2006-4565, CVE-2006-4566 Priit Laes reported that a JavaScript regular expression can trigger a heap-based buffer overflow which allows remote attackers to cause a denial of service and possibly execute arbitrary code. CVE-2006-4568 A vulnerability has been discovered that allows remote attackers to bypass the security model and inject content into the sub-frame of another site. CVE-2006-4570 Georgi Guninski demonstrated that even with JavaScript disabled in mail (the default) an attacker can still execute JavaScript when a mail message is viewed, replied to, or forwarded. CVE-2006-4571 Multiple unspecified vulnerabilities in Firefox, Thunderbird and SeaMonkey allow remote attackers to cause a denial of service, corrupt memory, and possibly execute arbitrary code. For the stable distribution (sarge) these problems have been fixed in version 1.7.8-1sarge7.3.1. We recommend that you upgrade your Mozilla packages. Affected Software/OS: 'mozilla' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2788 21269 http://secunia.com/advisories/21269 21270 http://secunia.com/advisories/21270 21336 http://secunia.com/advisories/21336 21532 http://secunia.com/advisories/21532 21631 http://secunia.com/advisories/21631 22247 http://secunia.com/advisories/22247 22299 http://secunia.com/advisories/22299 22342 http://secunia.com/advisories/22342 22849 http://secunia.com/advisories/22849 DSA-1191 http://www.us.debian.org/security/2006/dsa-1191 DSA-1192 http://www.debian.org/security/2006/dsa-1192 DSA-1210 http://www.debian.org/security/2006/dsa-1210 MDKSA-2006:143 http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 MDKSA-2006:145 http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 RHSA-2006:0578 http://www.redhat.com/support/errata/RHSA-2006-0578.html RHSA-2006:0594 http://www.redhat.com/support/errata/RHSA-2006-0594.html RHSA-2006:0609 http://rhn.redhat.com/errata/RHSA-2006-0609.html RHSA-2006:0610 http://www.redhat.com/support/errata/RHSA-2006-0610.html RHSA-2006:0611 http://www.redhat.com/support/errata/RHSA-2006-0611.html USN-296-1 https://usn.ubuntu.com/296-1/ USN-361-1 http://www.ubuntu.com/usn/usn-361-1 https://bugzilla.mozilla.org/show_bug.cgi?id=321598 oval:org.mitre.oval:def:11065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11065 Common Vulnerability Exposure (CVE) ID: CVE-2006-4340 1016858 http://securitytracker.com/id?1016858 1016859 http://securitytracker.com/id?1016859 1016860 http://securitytracker.com/id?1016860 102648 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 102781 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1 20060901-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc 20060915 rPSA-2006-0169-1 firefox thunderbird http://www.securityfocus.com/archive/1/446140/100/0/threaded 21903 http://secunia.com/advisories/21903 21906 http://secunia.com/advisories/21906 21915 http://secunia.com/advisories/21915 21916 http://secunia.com/advisories/21916 21939 http://secunia.com/advisories/21939 21940 http://secunia.com/advisories/21940 21949 http://secunia.com/advisories/21949 21950 http://secunia.com/advisories/21950 22001 http://secunia.com/advisories/22001 22025 http://secunia.com/advisories/22025 22036 http://secunia.com/advisories/22036 22044 http://secunia.com/advisories/22044 22055 http://secunia.com/advisories/22055 22056 http://secunia.com/advisories/22056 22066 http://secunia.com/advisories/22066 22074 http://secunia.com/advisories/22074 22088 http://secunia.com/advisories/22088 22195 http://secunia.com/advisories/22195 22210 http://secunia.com/advisories/22210 22226 http://secunia.com/advisories/22226 22274 http://secunia.com/advisories/22274 22422 http://secunia.com/advisories/22422 22446 http://secunia.com/advisories/22446 22992 http://secunia.com/advisories/22992 23883 http://secunia.com/advisories/23883 24711 http://secunia.com/advisories/24711 ADV-2006-3617 http://www.vupen.com/english/advisories/2006/3617 ADV-2006-3622 http://www.vupen.com/english/advisories/2006/3622 ADV-2006-3748 http://www.vupen.com/english/advisories/2006/3748 ADV-2006-3899 http://www.vupen.com/english/advisories/2006/3899 ADV-2007-0293 http://www.vupen.com/english/advisories/2007/0293 ADV-2007-1198 http://www.vupen.com/english/advisories/2007/1198 ADV-2008-0083 http://www.vupen.com/english/advisories/2008/0083 GLSA-200609-19 http://security.gentoo.org/glsa/glsa-200609-19.xml GLSA-200610-01 http://security.gentoo.org/glsa/glsa-200610-01.xml GLSA-200610-06 http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml HPSBUX02153 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 MDKSA-2006:168 http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 MDKSA-2006:169 http://www.mandriva.com/security/advisories?name=MDKSA-2006:169 RHSA-2006:0675 http://www.redhat.com/support/errata/RHSA-2006-0675.html RHSA-2006:0676 http://www.redhat.com/support/errata/RHSA-2006-0676.html RHSA-2006:0677 http://www.redhat.com/support/errata/RHSA-2006-0677.html SSRT061181 SUSE-SA:2006:054 http://www.novell.com/linux/security/advisories/2006_54_mozilla.html SUSE-SA:2006:055 http://www.novell.com/linux/security/advisories/2006_55_ssl.html TA06-312A http://www.us-cert.gov/cas/techalerts/TA06-312A.html USN-350-1 http://www.ubuntu.com/usn/usn-350-1 USN-351-1 http://www.ubuntu.com/usn/usn-351-1 USN-352-1 http://www.ubuntu.com/usn/usn-352-1 USN-354-1 http://www.ubuntu.com/usn/usn-354-1 [ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ http://www.mozilla.org/security/announce/2006/mfsa2006-60.html http://www.mozilla.org/security/announce/2006/mfsa2006-66.html https://issues.rpath.com/browse/RPL-640 mozilla-nss-security-bypass(30098) https://exchange.xforce.ibmcloud.com/vulnerabilities/30098 oval:org.mitre.oval:def:11007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007 Common Vulnerability Exposure (CVE) ID: CVE-2006-4565 1016846 http://securitytracker.com/id?1016846 1016847 http://securitytracker.com/id?1016847 1016848 http://securitytracker.com/id?1016848 20042 http://www.securityfocus.com/bid/20042 22391 http://secunia.com/advisories/22391 GLSA-200610-04 http://security.gentoo.org/glsa/glsa-200610-04.xml http://www.mozilla.org/security/announce/2006/mfsa2006-57.html mozilla-javascript-expression-bo(28955) https://exchange.xforce.ibmcloud.com/vulnerabilities/28955 oval:org.mitre.oval:def:11421 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11421 Common Vulnerability Exposure (CVE) ID: CVE-2006-4566 VU#141528 http://www.kb.cert.org/vuls/id/141528 mozilla-backslash-dos(28958) https://exchange.xforce.ibmcloud.com/vulnerabilities/28958 oval:org.mitre.oval:def:9637 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9637 Common Vulnerability Exposure (CVE) ID: CVE-2006-4568 1016855 http://securitytracker.com/id?1016855 1016856 http://securitytracker.com/id?1016856 http://www.mozilla.org/security/announce/2006/mfsa2006-61.html https://bugzilla.mozilla.org/show_bug.cgi?id=343168 mozilla-documentopen-frame-spoofing(28961) https://exchange.xforce.ibmcloud.com/vulnerabilities/28961 oval:org.mitre.oval:def:9843 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9843 Common Vulnerability Exposure (CVE) ID: CVE-2006-4570 1016866 http://securitytracker.com/id?1016866 1016867 http://securitytracker.com/id?1016867 http://www.mozilla.org/security/announce/2006/mfsa2006-63.html oval:org.mitre.oval:def:10892 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10892 thunderbird-seamonkey-xbl-code-execution(28962) https://exchange.xforce.ibmcloud.com/vulnerabilities/28962 Common Vulnerability Exposure (CVE) ID: CVE-2006-4571 http://www.mozilla.org/security/announce/2006/mfsa2006-64.html oval:org.mitre.oval:def:11728 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11728
Copyright	Copyright (C) 2008 Greenbone AG