Ubuntu Local Security Checks : Ubuntu USN-354-1 (firefox)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 94899 CVE descriptions and 51984 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 51984 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.57498
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-354-1 (firefox)
Summary:	Ubuntu USN-354-1 (firefox)
Description:	Description: The remote host is missing an update to firefox announced via advisory USN-354-1. A security issue affects the following Ubuntu releases: Ubuntu 5.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. For details, please visit the referenced security advisories. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: firefox 1.5.dfsg+1.5.0.7-0ubuntu5.10.3 firefox-dom-inspector 1.5.dfsg+1.5.0.7-0ubuntu5.10.3 firefox-gnome-support 1.5.dfsg+1.5.0.7-0ubuntu5.10.3 devhelp 0.10-1ubuntu2.1 devhelp-common 0.10-1ubuntu2.1 epiphany-browser 1.8.2-0ubuntu1.1 epiphany-browser-dev 1.8.2-0ubuntu1.1 gnome-app-install 0+20051005.1 libdevhelp-1-0 0.10-1ubuntu2.1 libdevhelp-1-dev 0.10-1ubuntu2.1 mozilla-firefox-locale-* 1.5-ubuntu5.10-1 yelp 2.12.1-0ubuntu1.1 After a standard system upgrade you need to restart Firefox to effect the necessary changes. Since the 1.0.x series of Firefox is not supported any more, this update introduces the firefox 1.5 series into Ubuntu 5.10. Please check whether all your extensions still work as expected. http://www.securityspace.com/smysecure/catid.html?in=USN-354-1 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3113 Bugtraq: 20060727 rPSA-2006-0137-1 firefox (Google Search) http://www.securityfocus.com/archive/1/archive/1/441333/100/0/threaded Bugtraq: 20060727 Secunia Research: Mozilla Firefox XPCOM Event Handling MemoryCorruption (Google Search) http://www.securityfocus.com/archive/1/archive/1/441330/100/0/threaded http://secunia.com/secunia_research/2006-53/advisory/ http://security.gentoo.org/glsa/glsa-200608-02.xml http://security.gentoo.org/glsa/glsa-200608-04.xml http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml HPdes Security Advisory: HPSBUX02153 http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded HPdes Security Advisory: SSRT061181 HPdes Security Advisory: HPSBUX02156 http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded HPdes Security Advisory: SSRT061236 http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 http://www.mandriva.com/security/advisories?name=MDKSA-2006:146 http://www.redhat.com/support/errata/RHSA-2006-0608.html http://www.redhat.com/support/errata/RHSA-2006-0610.html http://www.redhat.com/support/errata/RHSA-2006-0611.html RedHat Security Advisories: RHSA-2006:0609 http://rhn.redhat.com/errata/RHSA-2006-0609.html http://www.redhat.com/support/errata/RHSA-2006-0594.html SGI Security Advisory: 20060703-01-P ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc SuSE Security Announcement: SUSE-SA:2006:048 (Google Search) http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html http://www.ubuntulinux.org/support/documentation/usn/usn-327-1 http://www.ubuntulinux.org/support/documentation/usn/usn-329-1 http://www.ubuntu.com/usn/usn-350-1 http://www.ubuntu.com/usn/usn-354-1 Cert/CC Advisory: TA06-208A http://www.us-cert.gov/cas/techalerts/TA06-208A.html CERT/CC vulnerability note: VU#239124 http://www.kb.cert.org/vuls/id/239124 BugTraq ID: 19181 http://www.securityfocus.com/bid/19181 BugTraq ID: 19197 http://www.securityfocus.com/bid/19197 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10261 http://www.vupen.com/english/advisories/2006/2998 http://www.vupen.com/english/advisories/2006/3748 http://www.vupen.com/english/advisories/2006/3749 http://www.vupen.com/english/advisories/2008/0083 http://securitytracker.com/id?1016586 http://securitytracker.com/id?1016587 http://securitytracker.com/id?1016588 http://secunia.com/advisories/19873 http://secunia.com/advisories/21216 http://secunia.com/advisories/21228 http://secunia.com/advisories/21229 http://secunia.com/advisories/21246 http://secunia.com/advisories/21243 http://secunia.com/advisories/21269 http://secunia.com/advisories/21270 http://secunia.com/advisories/21275 http://secunia.com/advisories/21336 http://secunia.com/advisories/21358 http://secunia.com/advisories/21361 http://secunia.com/advisories/21250 http://secunia.com/advisories/21262 http://secunia.com/advisories/21343 http://secunia.com/advisories/21529 http://secunia.com/advisories/21532 http://secunia.com/advisories/21607 http://secunia.com/advisories/21631 http://secunia.com/advisories/22055 http://secunia.com/advisories/22210 http://secunia.com/advisories/22065 http://secunia.com/advisories/22066 XForce ISS Database: mozilla-xpcom-memory-corruption(27982) http://xforce.iss.net/xforce/xfdb/27982 Common Vulnerability Exposure (CVE) ID: CVE-2006-3677 Bugtraq: 20060726 ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/441332/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-06-025.html CERT/CC vulnerability note: VU#670060 http://www.kb.cert.org/vuls/id/670060 BugTraq ID: 19192 http://www.securityfocus.com/bid/19192 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10745 XForce ISS Database: mozilla-javascript-navigator-code-excecution(27981) http://xforce.iss.net/xforce/xfdb/27981 XForce ISS Database: iphone-mobilesafari-dos(39998) http://xforce.iss.net/xforce/xfdb/39998 Common Vulnerability Exposure (CVE) ID: CVE-2006-3801 CERT/CC vulnerability note: VU#476724 http://www.kb.cert.org/vuls/id/476724 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11501 XForce ISS Database: mozilla-deleted-frame-code-execution(27980) http://xforce.iss.net/xforce/xfdb/27980 Common Vulnerability Exposure (CVE) ID: CVE-2006-3802 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9611 XForce ISS Database: mozilla-dom-method-xss(27983) http://xforce.iss.net/xforce/xfdb/27983 Common Vulnerability Exposure (CVE) ID: CVE-2006-3803 CERT/CC vulnerability note: VU#265964 http://www.kb.cert.org/vuls/id/265964 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10635 XForce ISS Database: mozilla-javascript-garbage-race-condition(27984) http://xforce.iss.net/xforce/xfdb/27984 Common Vulnerability Exposure (CVE) ID: CVE-2006-3805 Debian Security Information: DSA-1159 (Google Search) http://www.debian.org/security/2006/dsa-1159 Debian Security Information: DSA-1160 (Google Search) http://www.debian.org/security/2006/dsa-1160 Debian Security Information: DSA-1161 (Google Search) http://www.debian.org/security/2006/dsa-1161 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1 http://www.ubuntu.com/usn/usn-361-1 CERT/CC vulnerability note: VU#876420 http://www.kb.cert.org/vuls/id/876420 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10690 http://secunia.com/advisories/21654 http://secunia.com/advisories/21634 http://secunia.com/advisories/21675 http://secunia.com/advisories/22342 XForce ISS Database: mozilla-garbage-collection-object-deletion(27986) http://xforce.iss.net/xforce/xfdb/27986 Common Vulnerability Exposure (CVE) ID: CVE-2006-3806 CERT/CC vulnerability note: VU#655892 http://www.kb.cert.org/vuls/id/655892 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11232 http://www.vupen.com/english/advisories/2007/0058 XForce ISS Database: mozilla-javascript-engine-overflow(27987) http://xforce.iss.net/xforce/xfdb/27987 Common Vulnerability Exposure (CVE) ID: CVE-2006-3807 CERT/CC vulnerability note: VU#687396 http://www.kb.cert.org/vuls/id/687396 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10374 XForce ISS Database: mozilla-js-constructor-code-execution(27988) http://xforce.iss.net/xforce/xfdb/27988 Common Vulnerability Exposure (CVE) ID: CVE-2006-3808 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10845 XForce ISS Database: mozilla-pac-code-execution(27989) http://xforce.iss.net/xforce/xfdb/27989 Common Vulnerability Exposure (CVE) ID: CVE-2006-3809 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9753 XForce ISS Database: mozilla-universalbrowserread-escalation(27990) http://xforce.iss.net/xforce/xfdb/27990 Common Vulnerability Exposure (CVE) ID: CVE-2006-3810 CERT/CC vulnerability note: VU#911004 http://www.kb.cert.org/vuls/id/911004 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10113 XForce ISS Database: mozilla-xpcnativewrapper-xss(27991) http://xforce.iss.net/xforce/xfdb/27991 Common Vulnerability Exposure (CVE) ID: CVE-2006-3811 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102971-1 CERT/CC vulnerability note: VU#527676 http://www.kb.cert.org/vuls/id/527676 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9934 http://www.vupen.com/english/advisories/2007/2350 http://secunia.com/advisories/25839 XForce ISS Database: mozilla-multiple-memory-corruption(27992) http://xforce.iss.net/xforce/xfdb/27992 Common Vulnerability Exposure (CVE) ID: CVE-2006-3812 CERT/CC vulnerability note: VU#398492 http://www.kb.cert.org/vuls/id/398492 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11013 XForce ISS Database: mozilla-chrome-information-disclosure(27993) http://xforce.iss.net/xforce/xfdb/27993 Common Vulnerability Exposure (CVE) ID: CVE-2006-4253 Bugtraq: 20060812 Concurrency-related vulnerabilities in browsers - expect problems (Google Search) http://www.securityfocus.com/archive/1/archive/1/443020/100/100/threaded Bugtraq: 20061006 Re: Concurrency-related vulnerabilities in browsers - expect problems (Google Search) http://www.securityfocus.com/archive/1/443306/100/100/threaded Bugtraq: 20060817 RE: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems (Google Search) http://www.securityfocus.com/archive/1/archive/1/443528/100/0/threaded Bugtraq: 20060817 Re: [VulnWatch] Re: Concurrency-related vulnerabilities in browsers - expect problems (Google Search) http://www.securityfocus.com/archive/1/443500/100/100/threaded http://www.securityfocus.com/archive/1/archive/1/447840/100/200/threaded http://www.securityfocus.com/archive/1/archive/1/447837/100/200/threaded Bugtraq: 20061017 Flaw in Firefox 2.0 RC2 (Google Search) http://www.securityfocus.com/archive/1/archive/1/448956/100/100/threaded Bugtraq: 20061019 Re: Flaw in Firefox 2.0 RC2 (Google Search) http://www.securityfocus.com/archive/1/archive/1/448984/100/100/threaded Bugtraq: 20061023 Flaw in Firefox 2.0 Final (Google Search) http://www.securityfocus.com/archive/1/archive/1/449487/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/449245/100/100/threaded Bugtraq: 20061025 Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/archive/1/449726/100/0/threaded Bugtraq: 20060915 rPSA-2006-0169-1 firefox thunderbird (Google Search) http://www.securityfocus.com/archive/1/archive/1/446140/100/0/threaded http://lcamtuf.coredump.cx/ffoxdie.html http://lcamtuf.coredump.cx/ffoxdie3.html http://www.securiteam.com/securitynews/5VP0M0AJFW.html http://www.pianetapc.it/view.php?id=770 http://security.gentoo.org/glsa/glsa-200609-19.xml http://security.gentoo.org/glsa/glsa-200610-01.xml http://security.gentoo.org/glsa/glsa-200610-04.xml http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742 http://www.mandriva.com/security/advisories?name=MDKSA-2006:168 http://www.mandriva.com/security/advisories?name=MDKSA-2006:169 http://www.redhat.com/support/errata/RHSA-2006-0676.html http://www.redhat.com/support/errata/RHSA-2006-0677.html http://www.redhat.com/support/errata/RHSA-2006-0675.html SGI Security Advisory: 20060901-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc SuSE Security Announcement: SUSE-SA:2006:054 (Google Search) http://www.novell.com/linux/security/advisories/2006_54_mozilla.html http://www.ubuntu.com/usn/usn-351-1 http://www.ubuntu.com/usn/usn-352-1 BugTraq ID: 19534 http://www.securityfocus.com/bid/19534 BugTraq ID: 19488 http://www.securityfocus.com/bid/19488 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9528 http://www.vupen.com/english/advisories/2006/3617 http://www.vupen.com/english/advisories/2007/1198 http://securitytracker.com/id?1016846 http://securitytracker.com/id?1016847 http://securitytracker.com/id?1016848 http://secunia.com/advisories/21513 http://secunia.com/advisories/21906 http://secunia.com/advisories/21949 http://secunia.com/advisories/21915 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21940 http://secunia.com/advisories/21950 http://secunia.com/advisories/22036 http://secunia.com/advisories/22001 http://secunia.com/advisories/22025 http://secunia.com/advisories/22074 http://secunia.com/advisories/22088 http://secunia.com/advisories/22274 http://secunia.com/advisories/22391 http://secunia.com/advisories/22422 http://secunia.com/advisories/22056 http://secunia.com/advisories/22195 http://secunia.com/advisories/24711 Common Vulnerability Exposure (CVE) ID: CVE-2006-4340 http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ http://www.mozilla.org/security/announce/2006/mfsa2006-66.html Debian Security Information: DSA-1191 (Google Search) http://www.us.debian.org/security/2006/dsa-1191 Debian Security Information: DSA-1192 (Google Search) http://www.debian.org/security/2006/dsa-1192 Debian Security Information: DSA-1210 (Google Search) http://www.debian.org/security/2006/dsa-1210 http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1 SuSE Security Announcement: SUSE-SA:2006:055 (Google Search) http://www.novell.com/linux/security/advisories/2006_55_ssl.html Cert/CC Advisory: TA06-312A http://www.us-cert.gov/cas/techalerts/TA06-312A.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11007 http://www.vupen.com/english/advisories/2006/3622 http://www.vupen.com/english/advisories/2006/3899 http://www.vupen.com/english/advisories/2007/0293 http://securitytracker.com/id?1016858 http://securitytracker.com/id?1016859 http://securitytracker.com/id?1016860 http://secunia.com/advisories/21903 http://secunia.com/advisories/22226 http://secunia.com/advisories/22247 http://secunia.com/advisories/22299 http://secunia.com/advisories/22446 http://secunia.com/advisories/22849 http://secunia.com/advisories/22992 http://secunia.com/advisories/23883 http://secunia.com/advisories/22044 XForce ISS Database: mozilla-nss-security-bypass(30098) http://xforce.iss.net/xforce/xfdb/30098 Common Vulnerability Exposure (CVE) ID: CVE-2006-4565 BugTraq ID: 20042 http://www.securityfocus.com/bid/20042 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11421 XForce ISS Database: mozilla-javascript-expression-bo(28955) http://xforce.iss.net/xforce/xfdb/28955 Common Vulnerability Exposure (CVE) ID: CVE-2006-4566 CERT/CC vulnerability note: VU#141528 http://www.kb.cert.org/vuls/id/141528 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9637 XForce ISS Database: mozilla-backslash-dos(28958) http://xforce.iss.net/xforce/xfdb/28958 Common Vulnerability Exposure (CVE) ID: CVE-2006-4567 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10488 http://securitytracker.com/id?1016850 http://securitytracker.com/id?1016851 XForce ISS Database: mozilla-auto-update-gain-access(28950) http://xforce.iss.net/xforce/xfdb/28950 Common Vulnerability Exposure (CVE) ID: CVE-2006-4568 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9843 http://securitytracker.com/id?1016855 http://securitytracker.com/id?1016856 XForce ISS Database: mozilla-documentopen-frame-spoofing(28961) http://xforce.iss.net/xforce/xfdb/28961 Common Vulnerability Exposure (CVE) ID: CVE-2006-4569 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10650 http://securitytracker.com/id?1016849 XForce ISS Database: firefox-popup-blocker-xss(28957) http://xforce.iss.net/xforce/xfdb/28957 Common Vulnerability Exposure (CVE) ID: CVE-2006-4571 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11728
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com