English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59758
Category:Fedora Local Security Checks
Title:Fedora Core 7 FEDORA-2007-1155 (epiphany-extensions)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to epiphany-extensions
announced via advisory FEDORA-2007-1155.

Epiphany Extensions is a collection of extensions for Epiphany, the
GNOME web browser.

Update Information:

Updated Firefox packages that fix several security bugs are now available for Fedora 7.

Users of epiphany-extensions are advised to upgrade to this errata package, which has been rebuilt against the updated Firefox package.


ChangeLog:

* Wed Jul 18 2007 Peter Gordon - 2.18.3-2
- Rebuild against new Gecko release (Firefox 2.0.0.5).
* Wed Jul 4 2007 Peter Gordon - 2.18.3-1
- Update to new upstream release (2.18.3).
* Wed Jun 6 2007 Christopher Aillon - 2.18.2-3
- Specfiles should _NOT_ call rpm directly. Fix the previous bug the
correct way, by doing explicit requires on the exact versions instead
of via rpm -q
* Tue Jun 5 2007 Peter Gordon - 2.18.2-2
- Add %{_target_cpu} to versioned Firefox dependency to avoid multilib
updating issues such as bug 242318, wherein the 32-bit older Firefox build
matches the versioned dependency, but the updated 64-bit Firefox build
matches the 64-bit shared library dependencies. (Thanks to Frederik Hertzum
for the bug report.)
* Wed May 30 2007 Peter Gordon - 2.18.2-1
- Update to new upstream bugfix release (2.18.2)
and rebuild for newer
Firefox/Gecko version (2.0.0.4).
References:

[ 1 ] Bug #248518
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248518
[ 2 ] CVE-2007-3734
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734
[ 3 ] CVE-2007-3735
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735
[ 4 ] CVE-2007-3736
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736
[ 5 ] CVE-2007-3089
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089
[ 6 ] CVE-2007-3737
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737
[ 7 ] CVE-2007-3656
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656
[ 8 ] CVE-2007-3738
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738
Updated packages:

09e0f52430e459f13eb9bfee9ec644b6a00a8ac5 epiphany-extensions-2.18.3-2.ppc64.rpm
729db8ef221b4dbd9e1286c0102d7af359831c2b epiphany-extensions-debuginfo-2.18.3-2.ppc64.rpm
5bc029911fc09b7351070afbe5d486619f924215 epiphany-extensions-2.18.3-2.i386.rpm
2a1f4984f3d1b2af8a8733d43f598b49bd61c36b epiphany-extensions-debuginfo-2.18.3-2.i386.rpm
26b52098ee0b9f1b76c47c015d4269c5e75d4349 epiphany-extensions-2.18.3-2.x86_64.rpm
108f4159a537962ea755f47dacc5ff3894db72cc epiphany-extensions-debuginfo-2.18.3-2.x86_64.rpm
0dd417f28ed97f05003cb9d33eb5ceac471eedea epiphany-extensions-2.18.3-2.ppc.rpm
0fc7df45d6ef70f0303b5e563577b16b1188aa85 epiphany-extensions-debuginfo-2.18.3-2.ppc.rpm
cc43601a3b450cf0ab7f9f71e225671e53d9a0a0 epiphany-extensions-2.18.3-2.src.rpm

This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.

Solution: Apply the appropriate updates.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-1155

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3734
1018408
http://www.securitytracker.com/id?1018408
103177
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103177-1
20070701-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc
20070720 rPSA-2007-0148-1 firefox thunderbird
http://www.securityfocus.com/archive/1/474226/100/0/threaded
20070724 FLEA-2007-0033-1: firefox thunderbird
http://www.securityfocus.com/archive/1/474542/100/0/threaded
201516
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1
24946
http://www.securityfocus.com/bid/24946
25589
http://secunia.com/advisories/25589
26072
http://secunia.com/advisories/26072
26095
http://secunia.com/advisories/26095
26096
http://secunia.com/advisories/26096
26103
http://secunia.com/advisories/26103
26106
http://secunia.com/advisories/26106
26107
http://secunia.com/advisories/26107
26149
http://secunia.com/advisories/26149
26151
http://secunia.com/advisories/26151
26159
http://secunia.com/advisories/26159
26176
http://secunia.com/advisories/26176
26179
http://secunia.com/advisories/26179
26204
http://secunia.com/advisories/26204
26205
http://secunia.com/advisories/26205
26211
http://secunia.com/advisories/26211
26216
http://secunia.com/advisories/26216
26258
http://secunia.com/advisories/26258
26271
http://secunia.com/advisories/26271
26460
http://secunia.com/advisories/26460
26572
http://secunia.com/advisories/26572
27326
http://secunia.com/advisories/27326
28135
http://secunia.com/advisories/28135
28363
http://secunia.com/advisories/28363
ADV-2007-2564
http://www.vupen.com/english/advisories/2007/2564
ADV-2007-2565
http://www.vupen.com/english/advisories/2007/2565
ADV-2007-4256
http://www.vupen.com/english/advisories/2007/4256
ADV-2008-0082
http://www.vupen.com/english/advisories/2008/0082
DSA-1337
http://www.debian.org/security/2007/dsa-1337
DSA-1338
http://www.debian.org/security/2007/dsa-1338
DSA-1339
http://www.debian.org/security/2007/dsa-1339
DSA-1391
http://www.debian.org/security/2007/dsa-1391
GLSA-200708-09
http://www.gentoo.org/security/en/glsa/glsa-200708-09.xml
HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPSBUX02156
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579
MDKSA-2007:152
http://www.mandriva.com/security/advisories?name=MDKSA-2007:152
MDVSA-2007:047
http://www.mandriva.com/security/advisories?name=MDVSA-2007:047
MDVSA-2008:047
http://www.mandriva.com/security/advisories?name=MDVSA-2008:047
RHSA-2007:0722
http://www.redhat.com/support/errata/RHSA-2007-0722.html
RHSA-2007:0723
http://www.redhat.com/support/errata/RHSA-2007-0723.html
RHSA-2007:0724
http://www.redhat.com/support/errata/RHSA-2007-0724.html
SSRT061181
SSRT061236
SUSE-SA:2007:049
http://www.novell.com/linux/security/advisories/2007_49_mozilla.html
USN-490-1
http://www.ubuntu.com/usn/usn-490-1
USN-503-1
http://www.ubuntu.com/usn/usn-503-1
ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt
http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html
http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
mozilla-browser-engine-code-execution(35458)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35458
oval:org.mitre.oval:def:10108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10108
Common Vulnerability Exposure (CVE) ID: CVE-2007-3735
mozilla-javascript-eng-code-execution(35459)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35459
oval:org.mitre.oval:def:11066
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11066
Common Vulnerability Exposure (CVE) ID: CVE-2007-3736
1018410
http://www.securitytracker.com/id?1018410
http://www.mozilla.org/security/announce/2007/mfsa2007-19.html
mozilla-addeventlistener-settimeout-xss(35462)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35462
oval:org.mitre.oval:def:11749
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11749
Common Vulnerability Exposure (CVE) ID: CVE-2007-3089
BugTraq ID: 24286
http://www.securityfocus.com/bid/24286
Bugtraq: 20070604 Assorted browser vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/470446/100/0/threaded
Bugtraq: 20070720 rPSA-2007-0148-1 firefox thunderbird (Google Search)
Bugtraq: 20070724 FLEA-2007-0033-1: firefox thunderbird (Google Search)
Cert/CC Advisory: TA07-199A
http://www.us-cert.gov/cas/techalerts/TA07-199A.html
CERT/CC vulnerability note: VU#143297
http://www.kb.cert.org/vuls/id/143297
Debian Security Information: DSA-1337 (Google Search)
Debian Security Information: DSA-1338 (Google Search)
Debian Security Information: DSA-1339 (Google Search)
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html
HPdes Security Advisory: HPSBUX02153
HPdes Security Advisory: SSRT061181
http://lcamtuf.coredump.cx/ifsnatch/
https://bugzilla.mozilla.org/show_bug.cgi?id=381300
https://bugzilla.mozilla.org/show_bug.cgi?id=382686
http://osvdb.org/38024
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11122
http://www.securitytracker.com/id?1018412
SGI Security Advisory: 20070701-01-P
http://securityreason.com/securityalert/2781
SuSE Security Announcement: SUSE-SA:2007:049 (Google Search)
XForce ISS Database: firefox-iframe-security-bypass(34701)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34701
Common Vulnerability Exposure (CVE) ID: CVE-2007-3737
1018409
http://www.securitytracker.com/id?1018409
firefox-eventhandler-code-execution(35461)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35461
http://www.mozilla.org/security/announce/2007/mfsa2007-21.html
oval:org.mitre.oval:def:10009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10009
Common Vulnerability Exposure (CVE) ID: CVE-2007-3656
BugTraq ID: 24831
http://www.securityfocus.com/bid/24831
Bugtraq: 20070709 Firefox wyciwyg:// cache zone bypass (Google Search)
http://www.securityfocus.com/archive/1/473191/100/0/threaded
http://lcamtuf.coredump.cx/ffcache/
http://osvdb.org/38028
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9105
http://www.securitytracker.com/id?1018411
http://secunia.com/advisories/25990
http://securityreason.com/securityalert/2872
XForce ISS Database: mozilla-wyciwyg-security-bypass(35298)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35298
Common Vulnerability Exposure (CVE) ID: CVE-2007-3738
1018414
http://www.securitytracker.com/id?1018414
SUSE-SA:2007:057
http://www.novell.com/linux/security/advisories/2007_57_mozilla.html
firefox-xpcnativewrapper-code-execution(35460)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35460
http://www.mozilla.org/security/announce/2007/mfsa2007-25.html
oval:org.mitre.oval:def:9875
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9875
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.