English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 73247 CVE descriptions
and 39212 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58470
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1338-1 (iceweasel)
Summary:Debian Security Advisory DSA 1338-1 (iceweasel)
Description:The remote host is missing an update to iceweasel
announced via advisory DSA 1338-1.

Several remote vulnerabilities have been discovered in the Iceweasel web
browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-3089

Ronen Zilberman and Michal Zalewski discovered that a timing race
allows the injection of content into about:blank frames.

CVE-2007-3656

Michal Zalewski discovered that same-origin policies for wyciwyg://
documents are insufficiently enforced.

CVE-2007-3734

Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman,
Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul
Nickerson,and Vladimir Sukhoy discovered crashes in the layout engine,
which might allow the execution of arbitrary code.

CVE-2007-3735

Asaf Romano, Jesse Ruderman and Igor Bukanov discovered crashes in the
javascript engine, which might allow the execution of arbitrary code.

CVE-2007-3736

moz_bug_r_a4 discovered that the addEventListener() and setTimeout()
functions allow cross-site scripting.

CVE-2007-3737

moz_bug_r_a4 discovered that a programming error in event handling
allows privilege escalation.

CVE-2007-3738

shutdown and moz_bug_r_a4 discovered that the XPCNativeWrapper allows
the execution of arbitrary code.

The Mozilla products in the oldstable distribution (sarge) are no longer
supported with with security updates. You're strongly encouraged to upgrade to
stable as soon as possible.

For the stable distribution (etch) these problems have been fixed in version
2.0.0.5-0etch1. Builds for alpha and mips are not yet available, they will
be provided later.

For the unstable distribution (sid) these problems have been fixed in version
2.0.0.5-1.

We recommend that you upgrade your iceweasel packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201338-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3089
Bugtraq: 20070604 Assorted browser vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/archive/1/470446/100/0/threaded
Bugtraq: 20070720 rPSA-2007-0148-1 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/474226/100/0/threaded
Bugtraq: 20070724 FLEA-2007-0033-1: firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/474542/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html
http://lcamtuf.coredump.cx/ifsnatch/
https://bugzilla.mozilla.org/show_bug.cgi?id=381300
https://bugzilla.mozilla.org/show_bug.cgi?id=382686
Debian Security Information: DSA-1337 (Google Search)
http://www.debian.org/security/2007/dsa-1337
Debian Security Information: DSA-1338 (Google Search)
http://www.debian.org/security/2007/dsa-1338
Debian Security Information: DSA-1339 (Google Search)
http://www.debian.org/security/2007/dsa-1339
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://www.redhat.com/support/errata/RHSA-2007-0722.html
http://www.redhat.com/support/errata/RHSA-2007-0723.html
http://www.redhat.com/support/errata/RHSA-2007-0724.html
SGI Security Advisory: 20070701-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
SuSE Security Announcement: SUSE-SA:2007:049 (Google Search)
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
http://www.ubuntu.com/usn/usn-490-1
Cert/CC Advisory: TA07-199A
http://www.us-cert.gov/cas/techalerts/TA07-199A.html
CERT/CC vulnerability note: VU#143297
http://www.kb.cert.org/vuls/id/143297
BugTraq ID: 24286
http://www.securityfocus.com/bid/24286
http://osvdb.org/38024
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11122
http://www.vupen.com/english/advisories/2007/2564
http://www.vupen.com/english/advisories/2007/4256
http://www.securitytracker.com/id?1018412
http://secunia.com/advisories/26095
http://secunia.com/advisories/26103
http://secunia.com/advisories/26106
http://secunia.com/advisories/26107
http://secunia.com/advisories/25589
http://secunia.com/advisories/26179
http://secunia.com/advisories/26149
http://secunia.com/advisories/26151
http://secunia.com/advisories/26072
http://secunia.com/advisories/26211
http://secunia.com/advisories/26216
http://secunia.com/advisories/26204
http://secunia.com/advisories/26205
http://secunia.com/advisories/26159
http://secunia.com/advisories/26271
http://secunia.com/advisories/26258
http://secunia.com/advisories/26460
http://secunia.com/advisories/28135
http://securityreason.com/securityalert/2781
XForce ISS Database: firefox-iframe-security-bypass(34701)
http://xforce.iss.net/xforce/xfdb/34701
Common Vulnerability Exposure (CVE) ID: CVE-2007-3656
Bugtraq: 20070709 Firefox wyciwyg:// cache zone bypass (Google Search)
http://www.securityfocus.com/archive/1/archive/1/473191/100/0/threaded
http://lcamtuf.coredump.cx/ffcache/
BugTraq ID: 24831
http://www.securityfocus.com/bid/24831
http://osvdb.org/38028
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9105
http://www.securitytracker.com/id?1018411
http://secunia.com/advisories/25990
http://securityreason.com/securityalert/2872
XForce ISS Database: mozilla-wyciwyg-security-bypass(35298)
http://xforce.iss.net/xforce/xfdb/35298
Common Vulnerability Exposure (CVE) ID: CVE-2007-3734
Debian Security Information: DSA-1391 (Google Search)
http://www.debian.org/security/2007/dsa-1391
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
http://www.ubuntu.com/usn/usn-503-1
BugTraq ID: 24946
http://www.securityfocus.com/bid/24946
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10108
http://www.vupen.com/english/advisories/2007/2565
http://www.vupen.com/english/advisories/2008/0082
http://www.securitytracker.com/id?1018408
http://secunia.com/advisories/26096
http://secunia.com/advisories/26176
http://secunia.com/advisories/26572
http://secunia.com/advisories/27326
http://secunia.com/advisories/28363
XForce ISS Database: mozilla-browser-engine-code-execution(35458)
http://xforce.iss.net/xforce/xfdb/35458
Common Vulnerability Exposure (CVE) ID: CVE-2007-3735
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11066
XForce ISS Database: mozilla-javascript-eng-code-execution(35459)
http://xforce.iss.net/xforce/xfdb/35459
Common Vulnerability Exposure (CVE) ID: CVE-2007-3736
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11749
http://www.securitytracker.com/id?1018410
XForce ISS Database: mozilla-addeventlistener-settimeout-xss(35462)
http://xforce.iss.net/xforce/xfdb/35462
Common Vulnerability Exposure (CVE) ID: CVE-2007-3737
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10009
http://www.securitytracker.com/id?1018409
XForce ISS Database: firefox-eventhandler-code-execution(35461)
http://xforce.iss.net/xforce/xfdb/35461
Common Vulnerability Exposure (CVE) ID: CVE-2007-3738
SuSE Security Announcement: SUSE-SA:2007:057 (Google Search)
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9875
http://www.securitytracker.com/id?1018414
XForce ISS Database: firefox-xpcnativewrapper-code-execution(35460)
http://xforce.iss.net/xforce/xfdb/35460
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 39212 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.