English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58063
Category:Gentoo Local Security Checks
Title:Gentoo Security Advisory GLSA 200703-04 (mozilla-firefox)
Summary:Gentoo Security Advisory GLSA 200703-04 (mozilla-firefox)
Description:The remote host is missing updates announced in
advisory GLSA 200703-04.

Multiple vulnerabilities have been reported in Mozilla Firefox, some of
which may allow user-assisted arbitrary remote code execution.

Solution:
Users upgrading to the following releases of Mozilla Firefox should note
that this upgrade has been found to lose the saved passwords file in some
cases. The saved passwords are encrypted and stored in the 'signons.txt'
file of ~
/.mozilla/ and we advise our users to save that file before
performing the upgrade.

All Mozilla Firefox 1.5 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-1.5.0.10'

All Mozilla Firefox 1.5 binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-1.5.0.10'

All Mozilla Firefox 2.0 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-2.0.0.2'

All Mozilla Firefox 2.0 binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-2.0.0.2'

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200703-04
http://bugs.gentoo.org/show_bug.cgi?id=165555
https://bugzilla.mozilla.org/show_bug.cgi?id=360493#c366
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6077
Bugtraq: 20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/archive/1/452382/100/0/threaded
Bugtraq: 20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/archive/1/452431/100/0/threaded
Bugtraq: 20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/archive/1/452440/100/0/threaded
Bugtraq: 20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/archive/1/452463/100/0/threaded
Bugtraq: 20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/archive/1/454982/100/0/threaded
Bugtraq: 20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/archive/1/455073/100/0/threaded
Bugtraq: 20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/archive/1/455148/100/0/threaded
Bugtraq: 20070226 rPSA-2007-0040-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded
Bugtraq: 20070303 rPSA-2007-0040-3 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/461809/100/0/threaded
http://www.info-svc.com/news/11-21-2006/
http://www.info-svc.com/news/11-21-2006/rcsr1/
Debian Security Information: DSA-1336 (Google Search)
http://www.debian.org/security/2007/dsa-1336
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.redhat.com/support/errata/RHSA-2007-0079.html
RedHat Security Advisories: RHSA-2007:0077
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
SGI Security Advisory: 20070301-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
SGI Security Advisory: 20070202-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
SuSE Security Announcement: SUSE-SA:2007:019 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
SuSE Security Announcement: SUSE-SA:2007:022 (Google Search)
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.ubuntu.com/usn/usn-428-1
BugTraq ID: 21240
http://www.securityfocus.com/bid/21240
BugTraq ID: 22694
http://www.securityfocus.com/bid/22694
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10031
http://www.vupen.com/english/advisories/2006/4662
http://www.vupen.com/english/advisories/2007/0718
http://securitytracker.com/id?1017271
http://secunia.com/advisories/23046
http://secunia.com/advisories/23108
http://secunia.com/advisories/24238
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24205
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24343
http://secunia.com/advisories/24320
http://secunia.com/advisories/24293
http://secunia.com/advisories/24393
http://secunia.com/advisories/24395
http://secunia.com/advisories/24384
http://secunia.com/advisories/24437
http://secunia.com/advisories/24650
http://secunia.com/advisories/24457
http://secunia.com/advisories/24342
http://secunia.com/advisories/25588
XForce ISS Database: firefox-passwordmgr-information-disclosure(30470)
http://xforce.iss.net/xforce/xfdb/30470
Common Vulnerability Exposure (CVE) ID: CVE-2007-0775
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://security.gentoo.org/glsa/glsa-200703-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://www.ubuntu.com/usn/usn-431-1
CERT/CC vulnerability note: VU#761756
http://www.kb.cert.org/vuls/id/761756
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10012
http://www.vupen.com/english/advisories/2007/0719
http://www.vupen.com/english/advisories/2008/0083
http://www.osvdb.org/32114
http://www.securitytracker.com/id?1017698
http://secunia.com/advisories/24252
http://secunia.com/advisories/24389
http://secunia.com/advisories/24410
http://secunia.com/advisories/24522
http://secunia.com/advisories/24406
http://secunia.com/advisories/24455
http://secunia.com/advisories/24456
XForce ISS Database: mozilla-multiple-layout-code-execution(32704)
http://xforce.iss.net/xforce/xfdb/32704
Common Vulnerability Exposure (CVE) ID: CVE-2007-0776
https://bugzilla.mozilla.org/show_bug.cgi?id=360645
CERT/CC vulnerability note: VU#551436
http://www.kb.cert.org/vuls/id/551436
http://www.osvdb.org/32113
XForce ISS Database: firefox-strokewidth-bo(32698)
http://xforce.iss.net/xforce/xfdb/32698
Common Vulnerability Exposure (CVE) ID: CVE-2007-0777
CERT/CC vulnerability note: VU#269484
http://www.kb.cert.org/vuls/id/269484
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11331
http://www.osvdb.org/32115
XForce ISS Database: mozilla-multiple-javascript-code-execution(32699)
http://xforce.iss.net/xforce/xfdb/32699
Common Vulnerability Exposure (CVE) ID: CVE-2007-0778
https://bugzilla.mozilla.org/show_bug.cgi?id=347852
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9151
http://www.osvdb.org/32110
http://securitytracker.com/id?1017699
XForce ISS Database: mozilla-diskcache-information-disclosure(32671)
http://xforce.iss.net/xforce/xfdb/32671
Common Vulnerability Exposure (CVE) ID: CVE-2007-0779
https://bugzilla.mozilla.org/show_bug.cgi?id=361298
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8757
http://osvdb.org/32109
http://www.securitytracker.com/id?1017700
Common Vulnerability Exposure (CVE) ID: CVE-2007-0780
https://bugzilla.mozilla.org/show_bug.cgi?id=354973
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9884
http://www.osvdb.org/32107
http://www.securitytracker.com/id?1017702
XForce ISS Database: mozilla-dataurl-xss(32667)
http://xforce.iss.net/xforce/xfdb/32667
Common Vulnerability Exposure (CVE) ID: CVE-2007-0800
Bugtraq: 20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search)
http://www.securityfocus.com/archive/1/archive/1/459162/100/0/threaded
Bugtraq: 20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search)
http://www.securityfocus.com/archive/1/459163/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html
BugTraq ID: 22396
http://www.securityfocus.com/bid/22396
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10654
http://www.osvdb.org/32108
XForce ISS Database: firefox-popup-security-bypass(32194)
http://xforce.iss.net/xforce/xfdb/32194
Common Vulnerability Exposure (CVE) ID: CVE-2007-0801
Common Vulnerability Exposure (CVE) ID: CVE-2007-0981
Bugtraq: 20070214 Firefox: serious cookie stealing / same-domain bypass vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/460126/100/200/threaded
http://www.securityfocus.com/archive/1/460217/100/0/threaded
http://lcamtuf.dione.cc/ffhostname.html
CERT/CC vulnerability note: VU#885753
http://www.kb.cert.org/vuls/id/885753
BugTraq ID: 22566
http://www.securityfocus.com/bid/22566
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9730
http://www.vupen.com/english/advisories/2007/0624
http://www.osvdb.org/32104
http://securitytracker.com/id?1017654
http://secunia.com/advisories/24175
http://securityreason.com/securityalert/2262
XForce ISS Database: firefox-locationhostname-security-bypass(32533)
http://xforce.iss.net/xforce/xfdb/32533
Common Vulnerability Exposure (CVE) ID: CVE-2007-0995
http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10164
http://www.osvdb.org/32111
http://osvdb.org/32112
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.