English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58063
Category:Gentoo Local Security Checks
Title:Gentoo Security Advisory GLSA 200703-04 (mozilla-firefox)
Summary:The remote host is missing updates announced in;advisory GLSA 200703-04.
Description:Summary:
The remote host is missing updates announced in
advisory GLSA 200703-04.

Vulnerability Insight:
Multiple vulnerabilities have been reported in Mozilla Firefox, some of
which may allow user-assisted arbitrary remote code execution.

Solution:
Users upgrading to the following releases of Mozilla Firefox should note
that this upgrade has been found to lose the saved passwords file in some
cases. The saved passwords are encrypted and stored in the 'signons.txt'
file of ~
/.mozilla/ and we advise our users to save that file before
performing the upgrade.

All Mozilla Firefox 1.5 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-1.5.0.10'

All Mozilla Firefox 1.5 binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-1.5.0.10'

All Mozilla Firefox 2.0 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-2.0.0.2'

All Mozilla Firefox 2.0 binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-client/mozilla-firefox-bin-2.0.0.2'

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6077
BugTraq ID: 21240
http://www.securityfocus.com/bid/21240
BugTraq ID: 22694
http://www.securityfocus.com/bid/22694
Bugtraq: 20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452382/100/0/threaded
Bugtraq: 20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452431/100/0/threaded
Bugtraq: 20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452440/100/0/threaded
Bugtraq: 20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452463/100/0/threaded
Bugtraq: 20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/454982/100/0/threaded
Bugtraq: 20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/455073/100/0/threaded
Bugtraq: 20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/455148/100/0/threaded
Bugtraq: 20070226 rPSA-2007-0040-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/461336/100/0/threaded
Bugtraq: 20070303 rPSA-2007-0040-3 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/461809/100/0/threaded
Debian Security Information: DSA-1336 (Google Search)
http://www.debian.org/security/2007/dsa-1336
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.info-svc.com/news/11-21-2006/
http://www.info-svc.com/news/11-21-2006/rcsr1/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031
RedHat Security Advisories: RHSA-2007:0077
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://securitytracker.com/id?1017271
http://secunia.com/advisories/23046
http://secunia.com/advisories/23108
http://secunia.com/advisories/24205
http://secunia.com/advisories/24238
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24293
http://secunia.com/advisories/24320
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24342
http://secunia.com/advisories/24343
http://secunia.com/advisories/24384
http://secunia.com/advisories/24393
http://secunia.com/advisories/24395
http://secunia.com/advisories/24437
http://secunia.com/advisories/24457
http://secunia.com/advisories/24650
http://secunia.com/advisories/25588
SGI Security Advisory: 20070202-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
SGI Security Advisory: 20070301-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
SuSE Security Announcement: SUSE-SA:2007:019 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
SuSE Security Announcement: SUSE-SA:2007:022 (Google Search)
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2006/4662
http://www.vupen.com/english/advisories/2007/0718
XForce ISS Database: firefox-passwordmgr-information-disclosure(30470)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30470
Common Vulnerability Exposure (CVE) ID: CVE-2007-0775
1017698
http://www.securitytracker.com/id?1017698
20070202-01-P
20070226 rPSA-2007-0040-1 firefox
20070301-01-P
20070303 rPSA-2007-0040-3 firefox thunderbird
22694
24205
24238
24252
http://secunia.com/advisories/24252
24287
24290
24293
24320
24328
24333
24342
24343
24384
24389
http://secunia.com/advisories/24389
24393
24395
24406
http://secunia.com/advisories/24406
24410
http://secunia.com/advisories/24410
24437
24455
http://secunia.com/advisories/24455
24456
http://secunia.com/advisories/24456
24457
24522
http://secunia.com/advisories/24522
24650
25588
32114
http://www.osvdb.org/32114
ADV-2007-0718
ADV-2007-0719
http://www.vupen.com/english/advisories/2007/0719
ADV-2008-0083
http://www.vupen.com/english/advisories/2008/0083
DSA-1336
FEDORA-2007-281
FEDORA-2007-293
FEDORA-2007-308
http://fedoranews.org/cms/node/2747
FEDORA-2007-309
http://fedoranews.org/cms/node/2749
GLSA-200703-04
GLSA-200703-08
GLSA-200703-18
http://security.gentoo.org/glsa/glsa-200703-18.xml
HPSBUX02153
MDKSA-2007:050
MDKSA-2007:052
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
RHSA-2007:0077
RHSA-2007:0078
RHSA-2007:0079
RHSA-2007:0097
RHSA-2007:0108
SSA:2007-066-03
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
SSA:2007-066-04
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
SSA:2007-066-05
SSRT061181
SUSE-SA:2007:019
SUSE-SA:2007:022
USN-428-1
USN-431-1
http://www.ubuntu.com/usn/usn-431-1
VU#761756
http://www.kb.cert.org/vuls/id/761756
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
mozilla-multiple-layout-code-execution(32704)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32704
oval:org.mitre.oval:def:10012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10012
Common Vulnerability Exposure (CVE) ID: CVE-2007-0776
CERT/CC vulnerability note: VU#551436
http://www.kb.cert.org/vuls/id/551436
https://bugzilla.mozilla.org/show_bug.cgi?id=360645
http://www.osvdb.org/32113
XForce ISS Database: firefox-strokewidth-bo(32698)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32698
Common Vulnerability Exposure (CVE) ID: CVE-2007-0777
32115
http://www.osvdb.org/32115
VU#269484
http://www.kb.cert.org/vuls/id/269484
mozilla-multiple-javascript-code-execution(32699)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32699
oval:org.mitre.oval:def:11331
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11331
Common Vulnerability Exposure (CVE) ID: CVE-2007-0778
1017699
http://securitytracker.com/id?1017699
32110
http://www.osvdb.org/32110
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
https://bugzilla.mozilla.org/show_bug.cgi?id=347852
mozilla-diskcache-information-disclosure(32671)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32671
oval:org.mitre.oval:def:9151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9151
Common Vulnerability Exposure (CVE) ID: CVE-2007-0779
1017700
http://www.securitytracker.com/id?1017700
32109
http://osvdb.org/32109
http://www.mozilla.org/security/announce/2007/mfsa2007-04.html
https://bugzilla.mozilla.org/show_bug.cgi?id=361298
oval:org.mitre.oval:def:8757
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8757
Common Vulnerability Exposure (CVE) ID: CVE-2007-0780
1017702
http://www.securitytracker.com/id?1017702
32107
http://www.osvdb.org/32107
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
https://bugzilla.mozilla.org/show_bug.cgi?id=354973
mozilla-dataurl-xss(32667)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32667
oval:org.mitre.oval:def:9884
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884
Common Vulnerability Exposure (CVE) ID: CVE-2007-0800
BugTraq ID: 22396
http://www.securityfocus.com/bid/22396
Bugtraq: 20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search)
http://www.securityfocus.com/archive/1/459162/100/0/threaded
Bugtraq: 20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search)
http://www.securityfocus.com/archive/1/459163/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html
http://www.osvdb.org/32108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654
XForce ISS Database: firefox-popup-security-bypass(32194)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32194
Common Vulnerability Exposure (CVE) ID: CVE-2007-0801
Common Vulnerability Exposure (CVE) ID: CVE-2007-0981
BugTraq ID: 22566
http://www.securityfocus.com/bid/22566
Bugtraq: 20070214 Firefox: serious cookie stealing / same-domain bypass vulnerability (Google Search)
http://www.securityfocus.com/archive/1/460126/100/200/threaded
Bugtraq: 20070215 Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability (Google Search)
http://www.securityfocus.com/archive/1/460217/100/0/threaded
CERT/CC vulnerability note: VU#885753
http://www.kb.cert.org/vuls/id/885753
http://lcamtuf.dione.cc/ffhostname.html
http://www.osvdb.org/32104
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730
http://securitytracker.com/id?1017654
http://secunia.com/advisories/24175
http://securityreason.com/securityalert/2262
http://www.vupen.com/english/advisories/2007/0624
XForce ISS Database: firefox-locationhostname-security-bypass(32533)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32533
Common Vulnerability Exposure (CVE) ID: CVE-2007-0995
32111
http://www.osvdb.org/32111
32112
http://osvdb.org/32112
http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
oval:org.mitre.oval:def:10164
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164
CopyrightCopyright (C) 2008 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.