English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57513
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-361-1 (mozilla)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to mozilla
announced via advisory USN-361-1.

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious URL. (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806,
CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565,
CVE-2006-4568, CVE-2006-4571)

A bug was found in the script handler for automatic proxy
configuration. A malicious proxy could send scripts which could
execute arbitrary code with the user's privileges. (CVE-2006-3808)

The NSS library did not sufficiently check the padding of PKCS #1 v1.5
signatures if the exponent of the public key is 3 (which is widely
used for CAs). This could be exploited to forge valid signatures
without the need of the secret key. (CVE-2006-4340)

Georgi Guninski discovered that even with JavaScript disabled, a
malicous email could still execute JavaScript when the message is
viewed, replied to, or forwarded by putting the script in a remote XBL
file loaded by the message. (CVE-2006-4570)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
libnspr4 2:1.7.13-0ubuntu05.04.2
libnss3 2:1.7.13-0ubuntu05.04.2
mozilla-browser 2:1.7.13-0ubuntu05.04.2
mozilla-mailnews 2:1.7.13-0ubuntu05.04.2
mozilla-psm 2:1.7.13-0ubuntu05.04.2

Ubuntu 5.10:
libnspr4 2:1.7.13-0ubuntu5.10.2
libnss3 2:1.7.13-0ubuntu5.10.2
mozilla-browser 2:1.7.13-0ubuntu5.10.2
mozilla-mailnews 2:1.7.13-0ubuntu5.10.2
mozilla-psm 2:1.7.13-0ubuntu5.10.2

After a standard system upgrade you need to restart Mozilla to effect
the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-361-1

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-2788
21269
http://secunia.com/advisories/21269
21270
http://secunia.com/advisories/21270
21336
http://secunia.com/advisories/21336
21532
http://secunia.com/advisories/21532
21631
http://secunia.com/advisories/21631
22247
http://secunia.com/advisories/22247
22299
http://secunia.com/advisories/22299
22342
http://secunia.com/advisories/22342
22849
http://secunia.com/advisories/22849
DSA-1191
http://www.us.debian.org/security/2006/dsa-1191
DSA-1192
http://www.debian.org/security/2006/dsa-1192
DSA-1210
http://www.debian.org/security/2006/dsa-1210
MDKSA-2006:143
http://www.mandriva.com/security/advisories?name=MDKSA-2006:143
MDKSA-2006:145
http://www.mandriva.com/security/advisories?name=MDKSA-2006:145
RHSA-2006:0578
http://www.redhat.com/support/errata/RHSA-2006-0578.html
RHSA-2006:0594
http://www.redhat.com/support/errata/RHSA-2006-0594.html
RHSA-2006:0609
http://rhn.redhat.com/errata/RHSA-2006-0609.html
RHSA-2006:0610
http://www.redhat.com/support/errata/RHSA-2006-0610.html
RHSA-2006:0611
http://www.redhat.com/support/errata/RHSA-2006-0611.html
USN-296-1
https://usn.ubuntu.com/296-1/
USN-361-1
http://www.ubuntu.com/usn/usn-361-1
https://bugzilla.mozilla.org/show_bug.cgi?id=321598
oval:org.mitre.oval:def:11065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11065
Common Vulnerability Exposure (CVE) ID: CVE-2006-3805
1016586
http://securitytracker.com/id?1016586
1016587
http://securitytracker.com/id?1016587
1016588
http://securitytracker.com/id?1016588
102763
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
19181
http://www.securityfocus.com/bid/19181
19873
http://secunia.com/advisories/19873
20060703-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
20060727 rPSA-2006-0137-1 firefox
http://www.securityfocus.com/archive/1/441333/100/0/threaded
21216
http://secunia.com/advisories/21216
21228
http://secunia.com/advisories/21228
21229
http://secunia.com/advisories/21229
21243
http://secunia.com/advisories/21243
21246
http://secunia.com/advisories/21246
21250
http://secunia.com/advisories/21250
21262
http://secunia.com/advisories/21262
21275
http://secunia.com/advisories/21275
21343
http://secunia.com/advisories/21343
21358
http://secunia.com/advisories/21358
21361
http://secunia.com/advisories/21361
21529
http://secunia.com/advisories/21529
21607
http://secunia.com/advisories/21607
21634
http://secunia.com/advisories/21634
21654
http://secunia.com/advisories/21654
21675
http://secunia.com/advisories/21675
22055
http://secunia.com/advisories/22055
22065
http://secunia.com/advisories/22065
22066
http://secunia.com/advisories/22066
22210
http://secunia.com/advisories/22210
ADV-2006-2998
http://www.vupen.com/english/advisories/2006/2998
ADV-2006-3748
http://www.vupen.com/english/advisories/2006/3748
ADV-2006-3749
http://www.vupen.com/english/advisories/2006/3749
ADV-2008-0083
http://www.vupen.com/english/advisories/2008/0083
DSA-1159
http://www.debian.org/security/2006/dsa-1159
DSA-1160
http://www.debian.org/security/2006/dsa-1160
DSA-1161
http://www.debian.org/security/2006/dsa-1161
GLSA-200608-02
http://security.gentoo.org/glsa/glsa-200608-02.xml
GLSA-200608-03
http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml
GLSA-200608-04
http://security.gentoo.org/glsa/glsa-200608-04.xml
HPSBUX02153
http://www.securityfocus.com/archive/1/446658/100/200/threaded
HPSBUX02156
http://www.securityfocus.com/archive/1/446657/100/200/threaded
MDKSA-2006:146
http://www.mandriva.com/security/advisories?name=MDKSA-2006:146
RHSA-2006:0608
http://www.redhat.com/support/errata/RHSA-2006-0608.html
SSRT061181
SSRT061236
SUSE-SA:2006:048
http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html
TA06-208A
http://www.us-cert.gov/cas/techalerts/TA06-208A.html
USN-327-1
https://usn.ubuntu.com/327-1/
USN-329-1
https://usn.ubuntu.com/329-1/
USN-350-1
http://www.ubuntu.com/usn/usn-350-1
USN-354-1
http://www.ubuntu.com/usn/usn-354-1
VU#876420
http://www.kb.cert.org/vuls/id/876420
http://www.mozilla.org/security/announce/2006/mfsa2006-50.html
https://issues.rpath.com/browse/RPL-536
https://issues.rpath.com/browse/RPL-537
mozilla-garbage-collection-object-deletion(27986)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27986
oval:org.mitre.oval:def:10690
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10690
Common Vulnerability Exposure (CVE) ID: CVE-2006-3806
ADV-2007-0058
http://www.vupen.com/english/advisories/2007/0058
VU#655892
http://www.kb.cert.org/vuls/id/655892
mozilla-javascript-engine-overflow(27987)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27987
oval:org.mitre.oval:def:11232
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11232
Common Vulnerability Exposure (CVE) ID: CVE-2006-3807
VU#687396
http://www.kb.cert.org/vuls/id/687396
http://www.mozilla.org/security/announce/2006/mfsa2006-51.html
mozilla-js-constructor-code-execution(27988)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27988
oval:org.mitre.oval:def:10374
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10374
Common Vulnerability Exposure (CVE) ID: CVE-2006-3808
http://www.mozilla.org/security/announce/2006/mfsa2006-52.html
mozilla-pac-code-execution(27989)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27989
oval:org.mitre.oval:def:10845
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10845
Common Vulnerability Exposure (CVE) ID: CVE-2006-3809
http://www.mozilla.org/security/announce/2006/mfsa2006-53.html
mozilla-universalbrowserread-escalation(27990)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27990
oval:org.mitre.oval:def:9753
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9753
Common Vulnerability Exposure (CVE) ID: CVE-2006-3811
102971
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102971-1
25839
http://secunia.com/advisories/25839
ADV-2007-2350
http://www.vupen.com/english/advisories/2007/2350
VU#527676
http://www.kb.cert.org/vuls/id/527676
http://www.mozilla.org/security/announce/2006/mfsa2006-55.html
mozilla-multiple-memory-corruption(27992)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27992
oval:org.mitre.oval:def:9934
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9934
Common Vulnerability Exposure (CVE) ID: CVE-2006-4340
1016858
http://securitytracker.com/id?1016858
1016859
http://securitytracker.com/id?1016859
1016860
http://securitytracker.com/id?1016860
102648
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
102781
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
20060901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
20060915 rPSA-2006-0169-1 firefox thunderbird
http://www.securityfocus.com/archive/1/446140/100/0/threaded
21903
http://secunia.com/advisories/21903
21906
http://secunia.com/advisories/21906
21915
http://secunia.com/advisories/21915
21916
http://secunia.com/advisories/21916
21939
http://secunia.com/advisories/21939
21940
http://secunia.com/advisories/21940
21949
http://secunia.com/advisories/21949
21950
http://secunia.com/advisories/21950
22001
http://secunia.com/advisories/22001
22025
http://secunia.com/advisories/22025
22036
http://secunia.com/advisories/22036
22044
http://secunia.com/advisories/22044
22056
http://secunia.com/advisories/22056
22074
http://secunia.com/advisories/22074
22088
http://secunia.com/advisories/22088
22195
http://secunia.com/advisories/22195
22226
http://secunia.com/advisories/22226
22274
http://secunia.com/advisories/22274
22422
http://secunia.com/advisories/22422
22446
http://secunia.com/advisories/22446
22992
http://secunia.com/advisories/22992
23883
http://secunia.com/advisories/23883
24711
http://secunia.com/advisories/24711
ADV-2006-3617
http://www.vupen.com/english/advisories/2006/3617
ADV-2006-3622
http://www.vupen.com/english/advisories/2006/3622
ADV-2006-3899
http://www.vupen.com/english/advisories/2006/3899
ADV-2007-0293
http://www.vupen.com/english/advisories/2007/0293
ADV-2007-1198
http://www.vupen.com/english/advisories/2007/1198
GLSA-200609-19
http://security.gentoo.org/glsa/glsa-200609-19.xml
GLSA-200610-01
http://security.gentoo.org/glsa/glsa-200610-01.xml
GLSA-200610-06
http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
MDKSA-2006:168
http://www.mandriva.com/security/advisories?name=MDKSA-2006:168
MDKSA-2006:169
http://www.mandriva.com/security/advisories?name=MDKSA-2006:169
RHSA-2006:0675
http://www.redhat.com/support/errata/RHSA-2006-0675.html
RHSA-2006:0676
http://www.redhat.com/support/errata/RHSA-2006-0676.html
RHSA-2006:0677
http://www.redhat.com/support/errata/RHSA-2006-0677.html
SUSE-SA:2006:054
http://www.novell.com/linux/security/advisories/2006_54_mozilla.html
SUSE-SA:2006:055
http://www.novell.com/linux/security/advisories/2006_55_ssl.html
TA06-312A
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
USN-351-1
http://www.ubuntu.com/usn/usn-351-1
USN-352-1
http://www.ubuntu.com/usn/usn-352-1
[ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
http://www.mozilla.org/security/announce/2006/mfsa2006-66.html
https://issues.rpath.com/browse/RPL-640
mozilla-nss-security-bypass(30098)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
oval:org.mitre.oval:def:11007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11007
Common Vulnerability Exposure (CVE) ID: CVE-2006-4565
1016846
http://securitytracker.com/id?1016846
1016847
http://securitytracker.com/id?1016847
1016848
http://securitytracker.com/id?1016848
20042
http://www.securityfocus.com/bid/20042
22391
http://secunia.com/advisories/22391
GLSA-200610-04
http://security.gentoo.org/glsa/glsa-200610-04.xml
http://www.mozilla.org/security/announce/2006/mfsa2006-57.html
mozilla-javascript-expression-bo(28955)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28955
oval:org.mitre.oval:def:11421
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11421
Common Vulnerability Exposure (CVE) ID: CVE-2006-4568
1016855
http://securitytracker.com/id?1016855
1016856
http://securitytracker.com/id?1016856
http://www.mozilla.org/security/announce/2006/mfsa2006-61.html
https://bugzilla.mozilla.org/show_bug.cgi?id=343168
mozilla-documentopen-frame-spoofing(28961)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28961
oval:org.mitre.oval:def:9843
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9843
Common Vulnerability Exposure (CVE) ID: CVE-2006-4570
1016866
http://securitytracker.com/id?1016866
1016867
http://securitytracker.com/id?1016867
http://www.mozilla.org/security/announce/2006/mfsa2006-63.html
oval:org.mitre.oval:def:10892
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10892
thunderbird-seamonkey-xbl-code-execution(28962)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28962
Common Vulnerability Exposure (CVE) ID: CVE-2006-4571
http://www.mozilla.org/security/announce/2006/mfsa2006-64.html
oval:org.mitre.oval:def:11728
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11728
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.