English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75803 CVE descriptions
and 40037 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57839
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-398-4 (firefox)
Summary:Ubuntu USN-398-4 (firefox)
Description:
The remote host is missing an update to firefox
announced via advisory USN-398-4.

===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
firefox 1.5.dfsg+1.5.0.9-0ubuntu0.5.10.1

Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.9-0ubuntu0.6.06.1

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

Details follow:

USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when
auto-filling saved-password login forms without a username field,
Firefox would crash. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)

Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
malicious web page containing JavaScript. (CVE-2006-6503)





Solution:
http://www.securityspace.com/smysecure/catid.html?in=USN-398-4

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6497
Bugtraq: 20070102 rPSA-2006-0234-2 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/455728/100/200/threaded
Bugtraq: 20061222 rPSA-2006-0234-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/455145/100/0/threaded
Debian Security Information: DSA-1253 (Google Search)
http://www.debian.org/security/2007/dsa-1253
Debian Security Information: DSA-1258 (Google Search)
http://www.debian.org/security/2007/dsa-1258
Debian Security Information: DSA-1265 (Google Search)
http://www.debian.org/security/2007/dsa-1265
http://fedoranews.org/cms/node/2297
http://fedoranews.org/cms/node/2338
http://security.gentoo.org/glsa/glsa-200701-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:010
http://www.mandriva.com/security/advisories?name=MDKSA-2007:011
RedHat Security Advisories: RHSA-2006:0758
http://rhn.redhat.com/errata/RHSA-2006-0758.html
RedHat Security Advisories: RHSA-2006:0759
http://rhn.redhat.com/errata/RHSA-2006-0759.html
RedHat Security Advisories: RHSA-2006:0760
http://rhn.redhat.com/errata/RHSA-2006-0760.html
SGI Security Advisory: 20061202-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102885-1
SuSE Security Announcement: SUSE-SA:2006:080 (Google Search)
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
SuSE Security Announcement: SUSE-SA:2007:006 (Google Search)
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
http://www.ubuntu.com/usn/usn-398-1
http://www.ubuntu.com/usn/usn-398-2
http://www.ubuntu.com/usn/usn-400-1
Cert/CC Advisory: TA06-354A
http://www.us-cert.gov/cas/techalerts/TA06-354A.html
CERT/CC vulnerability note: VU#606260
http://www.kb.cert.org/vuls/id/606260
CERT/CC vulnerability note: VU#427972
http://www.kb.cert.org/vuls/id/427972
BugTraq ID: 21668
http://www.securityfocus.com/bid/21668
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11691
http://www.vupen.com/english/advisories/2006/5068
http://www.vupen.com/english/advisories/2007/1463
http://www.vupen.com/english/advisories/2008/0083
http://securitytracker.com/id?1017398
http://securitytracker.com/id?1017405
http://securitytracker.com/id?1017406
http://secunia.com/advisories/23433
http://secunia.com/advisories/23439
http://secunia.com/advisories/23440
http://secunia.com/advisories/23282
http://secunia.com/advisories/23420
http://secunia.com/advisories/23422
http://secunia.com/advisories/23468
http://secunia.com/advisories/23514
http://secunia.com/advisories/23589
http://secunia.com/advisories/23601
http://secunia.com/advisories/23545
http://secunia.com/advisories/23591
http://secunia.com/advisories/23598
http://secunia.com/advisories/23614
http://secunia.com/advisories/23618
http://secunia.com/advisories/23692
http://secunia.com/advisories/23672
http://secunia.com/advisories/23988
http://secunia.com/advisories/24078
http://secunia.com/advisories/24390
http://secunia.com/advisories/24948
Common Vulnerability Exposure (CVE) ID: CVE-2006-6498
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1
CERT/CC vulnerability note: VU#447772
http://www.kb.cert.org/vuls/id/447772
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10661
http://www.vupen.com/english/advisories/2007/2106
http://secunia.com/advisories/25556
Common Vulnerability Exposure (CVE) ID: CVE-2006-6499
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1
http://www.vupen.com/english/advisories/2007/1124
Common Vulnerability Exposure (CVE) ID: CVE-2006-6501
CERT/CC vulnerability note: VU#263412
http://www.kb.cert.org/vuls/id/263412
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9746
http://securitytracker.com/id?1017403
http://securitytracker.com/id?1017404
http://securitytracker.com/id?1017407
Common Vulnerability Exposure (CVE) ID: CVE-2006-6502
CERT/CC vulnerability note: VU#428500
http://www.kb.cert.org/vuls/id/428500
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9626
http://securitytracker.com/id?1017411
http://securitytracker.com/id?1017412
http://securitytracker.com/id?1017413
Common Vulnerability Exposure (CVE) ID: CVE-2006-6504
Bugtraq: 20061220 ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/454939/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-06-051.html
CERT/CC vulnerability note: VU#928956
http://www.kb.cert.org/vuls/id/928956
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11077
http://securitytracker.com/id?1017417
http://securitytracker.com/id?1017418
Common Vulnerability Exposure (CVE) ID: CVE-2006-6503
CERT/CC vulnerability note: VU#405092
http://www.kb.cert.org/vuls/id/405092
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10895
http://securitytracker.com/id?1017414
http://securitytracker.com/id?1017415
http://securitytracker.com/id?1017416
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.