English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57839
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-398-4 (firefox)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to firefox
announced via advisory USN-398-4.

===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
firefox 1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1

Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Details follow:

USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when
auto-filling saved-password login forms without a username field,
Firefox would crash. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)

Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
malicious web page containing JavaScript. (CVE-2006-6503)





Solution:
http://www.securityspace.com/smysecure/catid.html?in=USN-398-4

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6497
1017398
http://securitytracker.com/id?1017398
1017405
http://securitytracker.com/id?1017405
1017406
http://securitytracker.com/id?1017406
102885
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102885-1
20061202-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc
20061222 rPSA-2006-0234-1 firefox
http://www.securityfocus.com/archive/1/455145/100/0/threaded
20070102 rPSA-2006-0234-2 firefox thunderbird
http://www.securityfocus.com/archive/1/455728/100/200/threaded
21668
http://www.securityfocus.com/bid/21668
23282
http://secunia.com/advisories/23282
23420
http://secunia.com/advisories/23420
23422
http://secunia.com/advisories/23422
23433
http://secunia.com/advisories/23433
23439
http://secunia.com/advisories/23439
23440
http://secunia.com/advisories/23440
23468
http://secunia.com/advisories/23468
23514
http://secunia.com/advisories/23514
23545
http://secunia.com/advisories/23545
23589
http://secunia.com/advisories/23589
23591
http://secunia.com/advisories/23591
23598
http://secunia.com/advisories/23598
23601
http://secunia.com/advisories/23601
23614
http://secunia.com/advisories/23614
23618
http://secunia.com/advisories/23618
23672
http://secunia.com/advisories/23672
23692
http://secunia.com/advisories/23692
23988
http://secunia.com/advisories/23988
24078
http://secunia.com/advisories/24078
24390
http://secunia.com/advisories/24390
24948
http://secunia.com/advisories/24948
ADV-2006-5068
http://www.vupen.com/english/advisories/2006/5068
ADV-2007-1463
http://www.vupen.com/english/advisories/2007/1463
ADV-2008-0083
http://www.vupen.com/english/advisories/2008/0083
DSA-1253
http://www.debian.org/security/2007/dsa-1253
DSA-1258
http://www.debian.org/security/2007/dsa-1258
DSA-1265
http://www.debian.org/security/2007/dsa-1265
FEDORA-2006-1491
http://fedoranews.org/cms/node/2297
FEDORA-2007-004
http://fedoranews.org/cms/node/2338
GLSA-200701-02
http://security.gentoo.org/glsa/glsa-200701-02.xml
GLSA-200701-03
http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml
GLSA-200701-04
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
MDKSA-2007:010
http://www.mandriva.com/security/advisories?name=MDKSA-2007:010
MDKSA-2007:011
http://www.mandriva.com/security/advisories?name=MDKSA-2007:011
RHSA-2006:0758
http://rhn.redhat.com/errata/RHSA-2006-0758.html
RHSA-2006:0759
http://rhn.redhat.com/errata/RHSA-2006-0759.html
RHSA-2006:0760
http://rhn.redhat.com/errata/RHSA-2006-0760.html
SSRT061181
SUSE-SA:2006:080
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
SUSE-SA:2007:006
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
TA06-354A
http://www.us-cert.gov/cas/techalerts/TA06-354A.html
USN-398-1
http://www.ubuntu.com/usn/usn-398-1
USN-398-2
http://www.ubuntu.com/usn/usn-398-2
USN-400-1
http://www.ubuntu.com/usn/usn-400-1
VU#427972
http://www.kb.cert.org/vuls/id/427972
VU#606260
http://www.kb.cert.org/vuls/id/606260
http://www.mozilla.org/security/announce/2006/mfsa2006-68.html
https://issues.rpath.com/browse/RPL-883
oval:org.mitre.oval:def:11691
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11691
Common Vulnerability Exposure (CVE) ID: CVE-2006-6498
102955
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1
25556
http://secunia.com/advisories/25556
ADV-2007-2106
http://www.vupen.com/english/advisories/2007/2106
VU#447772
http://www.kb.cert.org/vuls/id/447772
oval:org.mitre.oval:def:10661
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661
Common Vulnerability Exposure (CVE) ID: CVE-2006-6499
BugTraq ID: 21668
Cert/CC Advisory: TA06-354A
CERT/CC vulnerability note: VU#427972
Debian Security Information: DSA-1253 (Google Search)
Debian Security Information: DSA-1258 (Google Search)
Debian Security Information: DSA-1265 (Google Search)
HPdes Security Advisory: HPSBUX02153
HPdes Security Advisory: SSRT061181
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1
SuSE Security Announcement: SUSE-SA:2006:080 (Google Search)
SuSE Security Announcement: SUSE-SA:2007:006 (Google Search)
http://www.vupen.com/english/advisories/2007/1124
Common Vulnerability Exposure (CVE) ID: CVE-2006-6501
1017403
http://securitytracker.com/id?1017403
1017404
http://securitytracker.com/id?1017404
1017407
http://securitytracker.com/id?1017407
VU#263412
http://www.kb.cert.org/vuls/id/263412
http://www.mozilla.org/security/announce/2006/mfsa2006-70.html
oval:org.mitre.oval:def:9746
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9746
Common Vulnerability Exposure (CVE) ID: CVE-2006-6502
1017411
http://securitytracker.com/id?1017411
1017412
http://securitytracker.com/id?1017412
1017413
http://securitytracker.com/id?1017413
VU#428500
http://www.kb.cert.org/vuls/id/428500
http://www.mozilla.org/security/announce/2006/mfsa2006-71.html
oval:org.mitre.oval:def:9626
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9626
Common Vulnerability Exposure (CVE) ID: CVE-2006-6504
1017417
http://securitytracker.com/id?1017417
1017418
http://securitytracker.com/id?1017418
20061220 ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability
http://www.securityfocus.com/archive/1/454939/100/0/threaded
VU#928956
http://www.kb.cert.org/vuls/id/928956
http://www.mozilla.org/security/announce/2006/mfsa2006-73.html
http://www.zerodayinitiative.com/advisories/ZDI-06-051.html
oval:org.mitre.oval:def:11077
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077
Common Vulnerability Exposure (CVE) ID: CVE-2006-6503
1017414
http://securitytracker.com/id?1017414
1017415
http://securitytracker.com/id?1017415
1017416
http://securitytracker.com/id?1017416
VU#405092
http://www.kb.cert.org/vuls/id/405092
http://www.mozilla.org/security/announce/2006/mfsa2006-72.html
oval:org.mitre.oval:def:10895
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10895
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.