English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72151 CVE descriptions
and 38907 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59113
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-428-1 (firefox)
Summary:Ubuntu USN-428-1 (firefox)
Description:
The remote host is missing an update to firefox
announced via advisory USN-428-1.

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

Several flaws have been found that could be used to perform Cross-site
scripting attacks. A malicious web site could exploit these to modify
the contents or steal confidential data (such as passwords) from other
opened web pages. (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800,
CVE-2007-0981, CVE-2007-0995, CVE-2007-0996)

The SSLv2 protocol support in the NSS library did not sufficiently
check the validity of public keys presented with a SSL certificate. A
malicious SSL web site using SSLv2 could potentially exploit this to
execute arbitrary code with the user's privileges. (CVE-2007-0008)

The SSLv2 protocol support in the NSS library did not sufficiently
verify the validity of client master keys presented in an SSL client
certificate. A remote attacker could exploit this to execute arbitrary
code in a server application that uses the NSS library.
(CVE-2007-0009)

Various flaws have been reported that could allow an attacker to
execute arbitrary code with user privileges by tricking the user into
opening a malicious web page. (CVE-2007-0775, CVE-2007-0776,
CVE-2007-0777, CVE-2007-1092)

Two web pages could collide in the disk cache with the result that
depending on order loaded the end of the longer document could be
appended to the shorter when the shorter one was reloaded from the
cache. It is possible a determined hacker could construct a targeted
attack to steal some sensitive data from a particular web page. The
potential victim would have to be already logged into the targeted
service (or be fooled into doing so) and then visit the malicious
site. (CVE-2007-0778)

David Eckel reported that browser UI elements--such as the host name
and security indicators--could be spoofed by using custom cursor
images and a specially crafted style sheet. (CVE-2007-0779)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
firefox 1.5.dfsg+1.5.0.10-0ubuntu0.5.10.1

Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1
libnspr4 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1
libnss3 1.5.dfsg+1.5.0.10-0ubuntu0.6.06.1

Ubuntu 6.10:
firefox 2.0.0.2+0dfsg-0ubuntu0.6.10
libnspr4 2.0.0.2+0dfsg-0ubuntu0.6.10
libnss3 2.0.0.2+0dfsg-0ubuntu0.6.10

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-428-1

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6077
Bugtraq: 20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/archive/1/452382/100/0/threaded
Bugtraq: 20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/archive/1/452431/100/0/threaded
Bugtraq: 20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/archive/1/452440/100/0/threaded
Bugtraq: 20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/archive/1/452463/100/0/threaded
Bugtraq: 20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/archive/1/454982/100/0/threaded
Bugtraq: 20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/archive/1/455073/100/0/threaded
Bugtraq: 20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/archive/1/455148/100/0/threaded
Bugtraq: 20070226 rPSA-2007-0040-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/archive/1/461336/100/0/threaded
Bugtraq: 20070303 rPSA-2007-0040-3 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/archive/1/461809/100/0/threaded
http://www.info-svc.com/news/11-21-2006/
http://www.info-svc.com/news/11-21-2006/rcsr1/
Debian Security Information: DSA-1336 (Google Search)
http://www.debian.org/security/2007/dsa-1336
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.redhat.com/support/errata/RHSA-2007-0079.html
RedHat Security Advisories: RHSA-2007:0077
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
SGI Security Advisory: 20070301-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
SGI Security Advisory: 20070202-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
SuSE Security Announcement: SUSE-SA:2007:019 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
SuSE Security Announcement: SUSE-SA:2007:022 (Google Search)
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.ubuntu.com/usn/usn-428-1
BugTraq ID: 21240
http://www.securityfocus.com/bid/21240
BugTraq ID: 22694
http://www.securityfocus.com/bid/22694
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10031
http://www.vupen.com/english/advisories/2006/4662
http://www.vupen.com/english/advisories/2007/0718
http://securitytracker.com/id?1017271
http://secunia.com/advisories/23046
http://secunia.com/advisories/23108
http://secunia.com/advisories/24238
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24205
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24343
http://secunia.com/advisories/24320
http://secunia.com/advisories/24293
http://secunia.com/advisories/24393
http://secunia.com/advisories/24395
http://secunia.com/advisories/24384
http://secunia.com/advisories/24437
http://secunia.com/advisories/24650
http://secunia.com/advisories/24457
http://secunia.com/advisories/24342
http://secunia.com/advisories/25588
XForce ISS Database: firefox-passwordmgr-information-disclosure(30470)
http://xforce.iss.net/xforce/xfdb/30470
Common Vulnerability Exposure (CVE) ID: CVE-2007-0008
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482
https://bugzilla.mozilla.org/show_bug.cgi?id=364319
http://fedoranews.org/cms/node/2709
http://fedoranews.org/cms/node/2711
http://fedoranews.org/cms/node/2747
http://fedoranews.org/cms/node/2749
http://security.gentoo.org/glsa/glsa-200703-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
http://www.ubuntu.com/usn/usn-431-1
CERT/CC vulnerability note: VU#377812
http://www.kb.cert.org/vuls/id/377812
BugTraq ID: 64758
http://www.securityfocus.com/bid/64758
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10502
http://www.vupen.com/english/advisories/2007/0719
http://www.vupen.com/english/advisories/2007/1165
http://www.vupen.com/english/advisories/2007/2141
http://www.osvdb.org/32105
http://www.securitytracker.com/id?1017696
http://secunia.com/advisories/24252
http://secunia.com/advisories/24253
http://secunia.com/advisories/24277
http://secunia.com/advisories/24389
http://secunia.com/advisories/24410
http://secunia.com/advisories/24522
http://secunia.com/advisories/24562
http://secunia.com/advisories/24703
http://secunia.com/advisories/25597
http://secunia.com/advisories/24406
http://secunia.com/advisories/24455
http://secunia.com/advisories/24456
XForce ISS Database: nss-mastersecret-bo(32666)
http://xforce.iss.net/xforce/xfdb/32666
Common Vulnerability Exposure (CVE) ID: CVE-2007-0009
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
https://bugzilla.mozilla.org/show_bug.cgi?id=364323
CERT/CC vulnerability note: VU#592796
http://www.kb.cert.org/vuls/id/592796
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10174
http://www.osvdb.org/32106
XForce ISS Database: nss-clientmasterkey-bo(32663)
http://xforce.iss.net/xforce/xfdb/32663
Common Vulnerability Exposure (CVE) ID: CVE-2007-0775
CERT/CC vulnerability note: VU#761756
http://www.kb.cert.org/vuls/id/761756
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10012
http://www.vupen.com/english/advisories/2008/0083
http://www.osvdb.org/32114
http://www.securitytracker.com/id?1017698
XForce ISS Database: mozilla-multiple-layout-code-execution(32704)
http://xforce.iss.net/xforce/xfdb/32704
Common Vulnerability Exposure (CVE) ID: CVE-2007-0776
https://bugzilla.mozilla.org/show_bug.cgi?id=360645
CERT/CC vulnerability note: VU#551436
http://www.kb.cert.org/vuls/id/551436
http://www.osvdb.org/32113
XForce ISS Database: firefox-strokewidth-bo(32698)
http://xforce.iss.net/xforce/xfdb/32698
Common Vulnerability Exposure (CVE) ID: CVE-2007-0777
CERT/CC vulnerability note: VU#269484
http://www.kb.cert.org/vuls/id/269484
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11331
http://www.osvdb.org/32115
XForce ISS Database: mozilla-multiple-javascript-code-execution(32699)
http://xforce.iss.net/xforce/xfdb/32699
Common Vulnerability Exposure (CVE) ID: CVE-2007-0778
https://bugzilla.mozilla.org/show_bug.cgi?id=347852
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9151
http://www.osvdb.org/32110
http://securitytracker.com/id?1017699
XForce ISS Database: mozilla-diskcache-information-disclosure(32671)
http://xforce.iss.net/xforce/xfdb/32671
Common Vulnerability Exposure (CVE) ID: CVE-2007-0779
https://bugzilla.mozilla.org/show_bug.cgi?id=361298
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8757
http://osvdb.org/32109
http://www.securitytracker.com/id?1017700
Common Vulnerability Exposure (CVE) ID: CVE-2007-0780
https://bugzilla.mozilla.org/show_bug.cgi?id=354973
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9884
http://www.osvdb.org/32107
http://www.securitytracker.com/id?1017702
XForce ISS Database: mozilla-dataurl-xss(32667)
http://xforce.iss.net/xforce/xfdb/32667
Common Vulnerability Exposure (CVE) ID: CVE-2007-0800
Bugtraq: 20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search)
http://www.securityfocus.com/archive/1/archive/1/459162/100/0/threaded
Bugtraq: 20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search)
http://www.securityfocus.com/archive/1/459163/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html
BugTraq ID: 22396
http://www.securityfocus.com/bid/22396
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10654
http://www.osvdb.org/32108
XForce ISS Database: firefox-popup-security-bypass(32194)
http://xforce.iss.net/xforce/xfdb/32194
Common Vulnerability Exposure (CVE) ID: CVE-2007-0981
Bugtraq: 20070214 Firefox: serious cookie stealing / same-domain bypass vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/460126/100/200/threaded
http://www.securityfocus.com/archive/1/460217/100/0/threaded
http://lcamtuf.dione.cc/ffhostname.html
CERT/CC vulnerability note: VU#885753
http://www.kb.cert.org/vuls/id/885753
BugTraq ID: 22566
http://www.securityfocus.com/bid/22566
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9730
http://www.vupen.com/english/advisories/2007/0624
http://www.osvdb.org/32104
http://securitytracker.com/id?1017654
http://secunia.com/advisories/24175
http://securityreason.com/securityalert/2262
XForce ISS Database: firefox-locationhostname-security-bypass(32533)
http://xforce.iss.net/xforce/xfdb/32533
Common Vulnerability Exposure (CVE) ID: CVE-2007-0995
http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10164
http://www.osvdb.org/32111
http://osvdb.org/32112
Common Vulnerability Exposure (CVE) ID: CVE-2007-0996
Bugtraq: 20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/461076/100/0/threaded
http://www.hardened-php.net/advisory_032007.142.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10086
http://osvdb.org/33812
Common Vulnerability Exposure (CVE) ID: CVE-2007-1092
Bugtraq: 20070223 Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/461024/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0525.html
CERT/CC vulnerability note: VU#393921
http://www.kb.cert.org/vuls/id/393921
BugTraq ID: 22679
http://www.securityfocus.com/bid/22679
http://osvdb.org/32103
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11158
http://www.securitytracker.com/id?1017701
http://securityreason.com/securityalert/2302
XForce ISS Database: mozilla-onunload-code-execution(32648)
http://xforce.iss.net/xforce/xfdb/32648
XForce ISS Database: ie-mozilla-onunload-dos(32647)
http://xforce.iss.net/xforce/xfdb/32647
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.