Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58962
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:0979
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:0979.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way in which Firefox processed certain
malformed web content. A web page containing malicious content could cause
Firefox to crash or potentially execute arbitrary code as the user running
Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340)

Several flaws were found in the way in which Firefox displayed malformed
web content. A web page containing specially-crafted content could
potentially trick a user into surrendering sensitive information.
(CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334)

A flaw was found in the Firefox sftp protocol handler. A malicious web page
could access data from a remote sftp site, possibly stealing sensitive user
data. (CVE-2007-5337)

A request-splitting flaw was found in the way in which Firefox generates a
digest authentication request. If a user opened a specially-crafted URL, it
was possible to perform cross-site scripting attacks, web cache poisoning,
or other, similar exploits. (CVE-2007-2292)

All users of Firefox are advised to upgrade to these updated packages,
which contain backported patches that correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0979.html
http://en.wikipedia.org/wiki/HTTP_response_splitting
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-1095
BugTraq ID: 22688
http://www.securityfocus.com/bid/22688
Bugtraq: 20070223 Firefox: onUnload tailgating (MSIE7 entrapment bug variant) (Google Search)
http://www.securityfocus.com/archive/1/461007/100/0/threaded
Bugtraq: 20070223 MSIE7 browser entrapment vulnerability (probably Firefox, too) (Google Search)
http://www.securityfocus.com/archive/1/461023/100/0/threaded
Bugtraq: 20071026 rPSA-2007-0225-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/482876/100/200/threaded
Bugtraq: 20071029 FLEA-2007-0062-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/482925/100/0/threaded
Bugtraq: 20071029 rPSA-2007-0225-2 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/482932/100/200/threaded
Debian Security Information: DSA-1392 (Google Search)
http://www.debian.org/security/2007/dsa-1392
Debian Security Information: DSA-1396 (Google Search)
http://www.debian.org/security/2007/dsa-1396
Debian Security Information: DSA-1401 (Google Search)
http://www.debian.org/security/2007/dsa-1401
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00285.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00498.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052630.html
http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202
http://lcamtuf.coredump.cx/ietrap/ff/
https://bugzilla.mozilla.org/show_bug.cgi?id=371360
http://osvdb.org/33809
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11665
http://www.redhat.com/support/errata/RHSA-2007-0979.html
http://www.redhat.com/support/errata/RHSA-2007-0980.html
http://www.redhat.com/support/errata/RHSA-2007-0981.html
http://securitytracker.com/id?1018837
http://secunia.com/advisories/27276
http://secunia.com/advisories/27298
http://secunia.com/advisories/27311
http://secunia.com/advisories/27315
http://secunia.com/advisories/27325
http://secunia.com/advisories/27327
http://secunia.com/advisories/27335
http://secunia.com/advisories/27336
http://secunia.com/advisories/27356
http://secunia.com/advisories/27360
http://secunia.com/advisories/27383
http://secunia.com/advisories/27387
http://secunia.com/advisories/27403
http://secunia.com/advisories/27414
http://secunia.com/advisories/27425
http://secunia.com/advisories/27480
http://secunia.com/advisories/27665
http://secunia.com/advisories/27680
http://secunia.com/advisories/28398
http://securityreason.com/securityalert/2310
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
SuSE Security Announcement: SUSE-SA:2007:057 (Google Search)
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
https://usn.ubuntu.com/535-1/
http://www.ubuntu.com/usn/usn-536-1
http://www.vupen.com/english/advisories/2007/3544
http://www.vupen.com/english/advisories/2007/3587
http://www.vupen.com/english/advisories/2008/0083
XForce ISS Database: ie-mozilla-onunload-dos(32647)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32647
XForce ISS Database: ie-mozilla-onunload-url-spoofing(32649)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32649
Common Vulnerability Exposure (CVE) ID: CVE-2007-2292
BugTraq ID: 23668
http://www.securityfocus.com/bid/23668
Bugtraq: 20070425 IE 7 and Firefox Browsers Digest Authentication Request Splitting (Google Search)
http://www.securityfocus.com/archive/1/466906/100/0/threaded
http://www.wisec.it/vulns.php?id=11
https://bugzilla.mozilla.org/show_bug.cgi?id=378787
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10195
http://www.securitytracker.com/id?1017968
http://securityreason.com/securityalert/2654
XForce ISS Database: firefox-lf-response-splitting(33981)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33981
Common Vulnerability Exposure (CVE) ID: CVE-2007-3511
BugTraq ID: 24725
http://www.securityfocus.com/bid/24725
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html
http://sla.ckers.org/forum/read.php?3,13142
http://yathong.googlepages.com/FirefoxFocusBug.html
http://osvdb.org/37994
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9763
http://secunia.com/advisories/25904
XForce ISS Database: firefox-focus-security-bypass(35299)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35299
Common Vulnerability Exposure (CVE) ID: CVE-2007-3844
BugTraq ID: 25142
http://www.securityfocus.com/bid/25142
Bugtraq: 20070801 FLEA-2007-0039-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/475265/100/200/threaded
Bugtraq: 20070803 FLEA-2007-0040-1 thunderbird (Google Search)
http://www.securityfocus.com/archive/1/475450/30/5550/threaded
Debian Security Information: DSA-1344 (Google Search)
http://www.debian.org/security/2007/dsa-1344
Debian Security Information: DSA-1345 (Google Search)
http://www.debian.org/security/2007/dsa-1345
Debian Security Information: DSA-1346 (Google Search)
http://www.debian.org/security/2007/dsa-1346
Debian Security Information: DSA-1391 (Google Search)
http://www.debian.org/security/2007/dsa-1391
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
HPdes Security Advisory: HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9493
http://securitytracker.com/id?1018479
http://securitytracker.com/id?1018480
http://securitytracker.com/id?1018481
http://secunia.com/advisories/26234
http://secunia.com/advisories/26258
http://secunia.com/advisories/26288
http://secunia.com/advisories/26303
http://secunia.com/advisories/26309
http://secunia.com/advisories/26331
http://secunia.com/advisories/26335
http://secunia.com/advisories/26393
http://secunia.com/advisories/26460
http://secunia.com/advisories/26572
http://secunia.com/advisories/27326
http://secunia.com/advisories/28135
http://secunia.com/advisories/28363
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.010101
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
http://www.ubuntu.com/usn/usn-493-1
http://www.ubuntu.com/usn/usn-503-1
http://www.vupen.com/english/advisories/2007/4256
http://www.vupen.com/english/advisories/2008/0082
Common Vulnerability Exposure (CVE) ID: CVE-2007-5334
BugTraq ID: 26132
http://www.securityfocus.com/bid/26132
CERT/CC vulnerability note: VU#349217
http://www.kb.cert.org/vuls/id/349217
https://bugzilla.mozilla.org/show_bug.cgi?id=391043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11482
XForce ISS Database: mozilla-xul-page-spoofing(37286)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37286
Common Vulnerability Exposure (CVE) ID: CVE-2007-5337
https://bugzilla.mozilla.org/show_bug.cgi?id=381146
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11443
XForce ISS Database: mozilla-sftp-file-access(37287)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37287
Common Vulnerability Exposure (CVE) ID: CVE-2007-5338
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10965
http://securitytracker.com/id?1018836
XForce ISS Database: mozilla-xpcnativewrapper-code-execution(37288)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37288
Common Vulnerability Exposure (CVE) ID: CVE-2007-5339
CERT/CC vulnerability note: VU#559977
http://www.kb.cert.org/vuls/id/559977
http://security.gentoo.org/glsa/glsa-200711-24.xml
https://bugzilla.mozilla.org/buglist.cgi?bug_id=309322,330563,341858,344064,348126,354645,361745,362901,378670,378682,379799,382376,384105,386382,386914,387033,387460,387844,391974,392285,393770,394014,394418
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10459
http://securitytracker.com/id?1018834
http://securitytracker.com/id?1018835
http://secunia.com/advisories/27313
http://secunia.com/advisories/27704
http://secunia.com/advisories/27744
http://secunia.com/advisories/28179
http://secunia.com/advisories/28636
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.471007
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
SuSE Security Announcement: SUSE-SR:2008:002 (Google Search)
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
http://www.vupen.com/english/advisories/2007/3545
http://www.vupen.com/english/advisories/2007/4272
http://www.vupen.com/english/advisories/2008/0643
XForce ISS Database: mozilla-multiple-browser-code-execution(37281)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37281
Common Vulnerability Exposure (CVE) ID: CVE-2007-5340
CERT/CC vulnerability note: VU#755513
http://www.kb.cert.org/vuls/id/755513
https://bugzilla.mozilla.org/buglist.cgi?bug_id=372309,387955,390078,393537
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9622
XForce ISS Database: mozilla-multiple-java-code-execution(37282)
https://exchange.xforce.ibmcloud.com/vulnerabilities/37282
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.