English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58962
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0979
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0979.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way in which Firefox processed certain
malformed web content. A web page containing malicious content could cause
Firefox to crash or potentially execute arbitrary code as the user running
Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340)

Several flaws were found in the way in which Firefox displayed malformed
web content. A web page containing specially-crafted content could
potentially trick a user into surrendering sensitive information.
(CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334)

A flaw was found in the Firefox sftp protocol handler. A malicious web page
could access data from a remote sftp site, possibly stealing sensitive user
data. (CVE-2007-5337)

A request-splitting flaw was found in the way in which Firefox generates a
digest authentication request. If a user opened a specially-crafted URL, it
was possible to perform cross-site scripting attacks, web cache poisoning,
or other, similar exploits. (CVE-2007-2292)

All users of Firefox are advised to upgrade to these updated packages,
which contain backported patches that correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0979.html
http://en.wikipedia.org/wiki/HTTP_response_splitting
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1095
BugTraq ID: 22688
http://www.securityfocus.com/bid/22688
Bugtraq: 20070223 Firefox: onUnload tailgating (MSIE7 entrapment bug variant) (Google Search)
http://www.securityfocus.com/archive/1/461007/100/0/threaded
Bugtraq: 20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too) (Google Search)
http://www.securityfocus.com/archive/1/461023/100/0/threaded
Bugtraq: 20071026 rPSA-2007-0225-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/482876/100/200/threaded
Bugtraq: 20071029 FLEA-2007-0062-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/482925/100/0/threaded
Bugtraq: 20071029 rPSA-2007-0225-2 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/482932/100/200/threaded
Debian Security Information: DSA-1392 (Google Search)
http://www.debian.org/security/2007/dsa-1392
Debian Security Information: DSA-1396 (Google Search)
http://www.debian.org/security/2007/dsa-1396
Debian Security Information: DSA-1401 (Google Search)
http://www.debian.org/security/2007/dsa-1401
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://lcamtuf.coredump.cx/ietrap/ff/
https://bugzilla.mozilla.org/show_bug.cgi?id=371360
http://osvdb.org/33809
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11665
http://www.redhat.com/support/errata/RHSA-2007-0979.html
http://www.redhat.com/support/errata/RHSA-2007-0980.html
http://www.redhat.com/support/errata/RHSA-2007-0981.html
http://securitytracker.com/id?1018837
http://secunia.com/advisories/27276
http://secunia.com/advisories/27298
http://secunia.com/advisories/27311
http://secunia.com/advisories/27315
http://secunia.com/advisories/27325
http://secunia.com/advisories/27327
http://secunia.com/advisories/27335
http://secunia.com/advisories/27336
http://secunia.com/advisories/27356
http://secunia.com/advisories/27360
http://secunia.com/advisories/27383
http://secunia.com/advisories/27387
http://secunia.com/advisories/27403
http://secunia.com/advisories/27414
http://secunia.com/advisories/27425
http://secunia.com/advisories/27480
http://secunia.com/advisories/27665
http://secunia.com/advisories/27680
http://secunia.com/advisories/28398
http://securityreason.com/securityalert/2310
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
SuSE Security Announcement: SUSE-SA:2007:057 (Google Search)
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
https://usn.ubuntu.com/535-1/
http://www.ubuntu.com/usn/usn-536-1
http://www.vupen.com/english/advisories/2007/3544
http://www.vupen.com/english/advisories/2007/3587
http://www.vupen.com/english/advisories/2008/0083
XForce ISS Database: ie-mozilla-onunload-dos(32647)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32647
XForce ISS Database: ie-mozilla-onunload-url-spoofing(32649)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32649
Common Vulnerability Exposure (CVE) ID: CVE-2007-2292
BugTraq ID: 23668
http://www.securityfocus.com/bid/23668
Bugtraq: 20070425 IE 7 and Firefox Browsers Digest Authentication Request Splitting (Google Search)
http://www.securityfocus.com/archive/1/466906/100/0/threaded
http://www.wisec.it/vulns.php?id=11
https://bugzilla.mozilla.org/show_bug.cgi?id=378787
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10195
http://www.securitytracker.com/id?1017968
http://securityreason.com/securityalert/2654
XForce ISS Database: firefox-lf-response-splitting(33981)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33981
Common Vulnerability Exposure (CVE) ID: CVE-2007-3511
BugTraq ID: 24725
http://www.securityfocus.com/bid/24725
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html
http://sla.ckers.org/forum/read.php?3,13142
http://yathong.googlepages.com/FirefoxFocusBug.html
http://osvdb.org/37994
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763
http://secunia.com/advisories/25904
XForce ISS Database: firefox-focus-security-bypass(35299)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35299
Common Vulnerability Exposure (CVE) ID: CVE-2007-3844
1018479
http://securitytracker.com/id?1018479
1018480
http://securitytracker.com/id?1018480
1018481
http://securitytracker.com/id?1018481
103177
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
20070801 FLEA-2007-0039-1 firefox
http://www.securityfocus.com/archive/1/475265/100/200/threaded
20070803 FLEA-2007-0040-1 thunderbird
http://www.securityfocus.com/archive/1/475450/30/5550/threaded
201516
25142
http://www.securityfocus.com/bid/25142
26234
http://secunia.com/advisories/26234
26258
http://secunia.com/advisories/26258
26288
http://secunia.com/advisories/26288
26303
http://secunia.com/advisories/26303
26309
http://secunia.com/advisories/26309
26331
http://secunia.com/advisories/26331
26335
http://secunia.com/advisories/26335
26393
http://secunia.com/advisories/26393
26460
http://secunia.com/advisories/26460
26572
http://secunia.com/advisories/26572
27276
27298
27325
27326
http://secunia.com/advisories/27326
27327
27356
27414
27680
28135
http://secunia.com/advisories/28135
28363
http://secunia.com/advisories/28363
ADV-2007-3587
ADV-2007-4256
http://www.vupen.com/english/advisories/2007/4256
ADV-2008-0082
http://www.vupen.com/english/advisories/2008/0082
DSA-1344
http://www.debian.org/security/2007/dsa-1344
DSA-1345
http://www.debian.org/security/2007/dsa-1345
DSA-1346
http://www.debian.org/security/2007/dsa-1346
DSA-1391
http://www.debian.org/security/2007/dsa-1391
FEDORA-2007-2601
FEDORA-2007-3431
GLSA-200708-09
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
HPSBUX02153
HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
MDKSA-2007:152
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
MDVSA-2008:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
RHSA-2007:0979
RHSA-2007:0980
RHSA-2007:0981
SSA:2007-213-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
SSRT061181
SSRT061236
SUSE-SA:2007:057
USN-493-1
http://www.ubuntu.com/usn/usn-493-1
USN-503-1
http://www.ubuntu.com/usn/usn-503-1
http://bugzilla.mozilla.org/show_bug.cgi?id=388121
http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html
http://www.mozilla.org/security/announce/2007/mfsa2007-26.html
https://issues.rpath.com/browse/RPL-1600
oval:org.mitre.oval:def:9493
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9493
Common Vulnerability Exposure (CVE) ID: CVE-2007-5334
1018837
20071026 rPSA-2007-0225-1 firefox
20071029 FLEA-2007-0062-1 firefox
20071029 rPSA-2007-0225-2 firefox thunderbird
26132
http://www.securityfocus.com/bid/26132
27311
27315
27335
27336
27360
27383
27387
27403
27425
27480
27665
28398
ADV-2007-3544
ADV-2008-0083
DSA-1392
DSA-1396
DSA-1401
FEDORA-2007-2664
GLSA-200711-14
MDKSA-2007:202
USN-535-1
USN-536-1
VU#349217
http://www.kb.cert.org/vuls/id/349217
http://www.mozilla.org/security/announce/2007/mfsa2007-33.html
https://bugzilla.mozilla.org/show_bug.cgi?id=391043
https://issues.rpath.com/browse/RPL-1858
mozilla-xul-page-spoofing(37286)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37286
oval:org.mitre.oval:def:11482
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11482
Common Vulnerability Exposure (CVE) ID: CVE-2007-5337
http://www.mozilla.org/security/announce/2007/mfsa2007-34.html
https://bugzilla.mozilla.org/show_bug.cgi?id=381146
mozilla-sftp-file-access(37287)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37287
oval:org.mitre.oval:def:11443
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443
Common Vulnerability Exposure (CVE) ID: CVE-2007-5338
1018836
http://securitytracker.com/id?1018836
http://www.mozilla.org/security/announce/2007/mfsa2007-35.html
mozilla-xpcnativewrapper-code-execution(37288)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37288
oval:org.mitre.oval:def:10965
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10965
Common Vulnerability Exposure (CVE) ID: CVE-2007-5339
1018834
http://securitytracker.com/id?1018834
1018835
http://securitytracker.com/id?1018835
1018977
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
231441
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
27313
http://secunia.com/advisories/27313
27704
http://secunia.com/advisories/27704
27744
http://secunia.com/advisories/27744
28179
http://secunia.com/advisories/28179
28636
http://secunia.com/advisories/28636
ADV-2007-3545
http://www.vupen.com/english/advisories/2007/3545
ADV-2007-4272
http://www.vupen.com/english/advisories/2007/4272
ADV-2008-0643
http://www.vupen.com/english/advisories/2008/0643
GLSA-200711-24
http://security.gentoo.org/glsa/glsa-200711-24.xml
SSA:2007-324-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007
SUSE-SR:2008:002
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
VU#559977
http://www.kb.cert.org/vuls/id/559977
http://bugs.gentoo.org/show_bug.cgi?id=196481
http://www.mozilla.org/security/announce/2007/mfsa2007-29.html
https://bugzilla.mozilla.org/buglist.cgi?bug_id=309322%2C330563%2C341858%2C344064%2C348126%2C354645%2C361745%2C362901%2C378670%2C378682%2C379799%2C382376%2C384105%2C386382%2C386914%2C387033%2C387460%2C387844%2C391974%2C392285%2C393770%2C394014%2C394418
https://issues.rpath.com/browse/RPL-1884
mozilla-multiple-browser-code-execution(37281)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37281
oval:org.mitre.oval:def:10459
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10459
Common Vulnerability Exposure (CVE) ID: CVE-2007-5340
VU#755513
http://www.kb.cert.org/vuls/id/755513
https://bugzilla.mozilla.org/buglist.cgi?bug_id=372309%2C387955%2C390078%2C393537
mozilla-multiple-java-code-execution(37282)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37282
oval:org.mitre.oval:def:9622
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9622
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.