English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58931
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0724
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0724.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed
JavaScript code. A web page containing malicious JavaScript code could
cause Firefox to crash or potentially execute arbitrary code as the user
running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738)

Several content injection flaws were found in the way Firefox handled
certain JavaScript code. A web page containing malicious JavaScript code
could inject arbitrary content into other web pages. (CVE-2007-3736,
CVE-2007-3089)

A flaw was found in the way Firefox cached web pages on the local disk. A
malicious web page may be able to inject arbitrary HTML into a browsing
session if the user reloads a targeted site. (CVE-2007-3656)

Users of Firefox are advised to upgrade to these erratum packages, which
contain backported patches that correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0724.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3089
BugTraq ID: 24286
http://www.securityfocus.com/bid/24286
Bugtraq: 20070604 Assorted browser vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/470446/100/0/threaded
Bugtraq: 20070720 rPSA-2007-0148-1 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/474226/100/0/threaded
Bugtraq: 20070724 FLEA-2007-0033-1: firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/474542/100/0/threaded
Cert/CC Advisory: TA07-199A
http://www.us-cert.gov/cas/techalerts/TA07-199A.html
CERT/CC vulnerability note: VU#143297
http://www.kb.cert.org/vuls/id/143297
Debian Security Information: DSA-1337 (Google Search)
http://www.debian.org/security/2007/dsa-1337
Debian Security Information: DSA-1338 (Google Search)
http://www.debian.org/security/2007/dsa-1338
Debian Security Information: DSA-1339 (Google Search)
http://www.debian.org/security/2007/dsa-1339
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://lcamtuf.coredump.cx/ifsnatch/
https://bugzilla.mozilla.org/show_bug.cgi?id=381300
https://bugzilla.mozilla.org/show_bug.cgi?id=382686
http://osvdb.org/38024
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122
http://www.redhat.com/support/errata/RHSA-2007-0722.html
http://www.redhat.com/support/errata/RHSA-2007-0723.html
http://www.redhat.com/support/errata/RHSA-2007-0724.html
http://www.securitytracker.com/id?1018412
http://secunia.com/advisories/25589
http://secunia.com/advisories/26072
http://secunia.com/advisories/26095
http://secunia.com/advisories/26103
http://secunia.com/advisories/26106
http://secunia.com/advisories/26107
http://secunia.com/advisories/26149
http://secunia.com/advisories/26151
http://secunia.com/advisories/26159
http://secunia.com/advisories/26179
http://secunia.com/advisories/26204
http://secunia.com/advisories/26205
http://secunia.com/advisories/26211
http://secunia.com/advisories/26216
http://secunia.com/advisories/26258
http://secunia.com/advisories/26271
http://secunia.com/advisories/26460
http://secunia.com/advisories/28135
SGI Security Advisory: 20070701-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
http://securityreason.com/securityalert/2781
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
SuSE Security Announcement: SUSE-SA:2007:049 (Google Search)
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
http://www.ubuntu.com/usn/usn-490-1
http://www.vupen.com/english/advisories/2007/2564
http://www.vupen.com/english/advisories/2007/4256
XForce ISS Database: firefox-iframe-security-bypass(34701)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34701
Common Vulnerability Exposure (CVE) ID: CVE-2007-3656
BugTraq ID: 24831
http://www.securityfocus.com/bid/24831
Bugtraq: 20070709 Firefox wyciwyg:// cache zone bypass (Google Search)
http://www.securityfocus.com/archive/1/473191/100/0/threaded
http://lcamtuf.coredump.cx/ffcache/
http://osvdb.org/38028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105
http://www.securitytracker.com/id?1018411
http://secunia.com/advisories/25990
http://securityreason.com/securityalert/2872
XForce ISS Database: mozilla-wyciwyg-security-bypass(35298)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35298
Common Vulnerability Exposure (CVE) ID: CVE-2007-3734
1018408
http://www.securitytracker.com/id?1018408
103177
20070701-01-P
20070720 rPSA-2007-0148-1 firefox thunderbird
20070724 FLEA-2007-0033-1: firefox thunderbird
201516
24946
http://www.securityfocus.com/bid/24946
25589
26072
26095
26096
http://secunia.com/advisories/26096
26103
26106
26107
26149
26151
26159
26176
http://secunia.com/advisories/26176
26179
26204
26205
26211
26216
26258
26271
26460
26572
http://secunia.com/advisories/26572
27326
http://secunia.com/advisories/27326
28135
28363
http://secunia.com/advisories/28363
ADV-2007-2564
ADV-2007-2565
http://www.vupen.com/english/advisories/2007/2565
ADV-2007-4256
ADV-2008-0082
http://www.vupen.com/english/advisories/2008/0082
DSA-1337
DSA-1338
DSA-1339
DSA-1391
http://www.debian.org/security/2007/dsa-1391
GLSA-200708-09
HPSBUX02153
HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
MDKSA-2007:152
MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
MDVSA-2008:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
RHSA-2007:0722
RHSA-2007:0723
RHSA-2007:0724
SSRT061181
SSRT061236
SUSE-SA:2007:049
USN-490-1
USN-503-1
http://www.ubuntu.com/usn/usn-503-1
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
mozilla-browser-engine-code-execution(35458)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35458
oval:org.mitre.oval:def:10108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10108
Common Vulnerability Exposure (CVE) ID: CVE-2007-3735
mozilla-javascript-eng-code-execution(35459)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35459
oval:org.mitre.oval:def:11066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11066
Common Vulnerability Exposure (CVE) ID: CVE-2007-3736
1018410
http://www.securitytracker.com/id?1018410
http://www.mozilla.org/security/announce/2007/mfsa2007-19.html
mozilla-addeventlistener-settimeout-xss(35462)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35462
oval:org.mitre.oval:def:11749
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11749
Common Vulnerability Exposure (CVE) ID: CVE-2007-3737
1018409
http://www.securitytracker.com/id?1018409
firefox-eventhandler-code-execution(35461)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35461
http://www.mozilla.org/security/announce/2007/mfsa2007-21.html
oval:org.mitre.oval:def:10009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10009
Common Vulnerability Exposure (CVE) ID: CVE-2007-3738
1018414
http://www.securitytracker.com/id?1018414
SUSE-SA:2007:057
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
firefox-xpcnativewrapper-code-execution(35460)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35460
http://www.mozilla.org/security/announce/2007/mfsa2007-25.html
oval:org.mitre.oval:def:9875
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9875
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.