English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63019
Category:Fedora Local Security Checks
Title:Fedora Core 9 FEDORA-2008-11598 (xulrunner)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to xulrunner
announced via advisory FEDORA-2008-11598.

Update Information:

Update to the new upstream Firefox 3.0.5 / XULRunner 1.9.0.5 fixing multiple
security issues: http://www.mozilla.org/security/known-
vulnerabilities/firefox30.html#firefox3.0.5 This update also contains new
builds of all applications depending on Gecko libraries, built against thenew
version. Note: after the updated packages are installed, Firefox must be
restarted for the update to take effect.

ChangeLog:

* Tue Dec 16 2008 Christopher Aillon 1.9.0.5-1
- Update to 1.9.0.5
* Wed Nov 12 2008 Christopher Aillon 1.9.0.4-1
- Update to 1.9.0.4
* Tue Sep 23 2008 Christopher Aillon 1.9.0.2-1
- Update to 1.9.0.2
* Wed Jul 16 2008 Christopher Aillon 1.9.0.1-1
- Update to 1.9.0.1
* Mon Jun 30 2008 Dennis Gilmore 1.9-1.1
- handle sparc arches
* Tue Jun 17 2008 Christopher Aillon 1.9-1
- Update to 1.9 final
* Thu May 29 2008 Christopher Aillon 1.9-0.63
- Simplify PS/PDF operators
* Thu May 22 2008 Christopher Aillon 1.9-0.62
- Upstream patch to fsync() less
* Thu May 8 2008 Colin Walters 1.9-0.61
- Ensure we enable startup notification
add BR and modify config
(bug #445543)

References:

[ 1 ] Bug #476267 - CVE-2008-5501 Layout engine crash - Firefox 3 only
https://bugzilla.redhat.com/show_bug.cgi?id=476267
[ 2 ] Bug #476287 - CVE-2008-5512 Firefox JavaScript privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=476287
[ 3 ] Bug #476278 - CVE-2008-5506 Firefox XMLHttpRequest 302 response disclosure
https://bugzilla.redhat.com/show_bug.cgi?id=476278
[ 4 ] Bug #476283 - CVE-2008-5510 Firefox null characters ignored by CSS parser
https://bugzilla.redhat.com/show_bug.cgi?id=476283
[ 5 ] Bug #476289 - CVE-2008-5513 Firefox XSS vulnerabilities in SessionStore
https://bugzilla.redhat.com/show_bug.cgi?id=476289
[ 6 ] Bug #476280 - CVE-2008-5507 Firefox Cross-domain data theft via script redirect error message
https://bugzilla.redhat.com/show_bug.cgi?id=476280
[ 7 ] Bug #476266 - CVE-2008-5500 Layout engine crashes - Firefox 2 and 3
https://bugzilla.redhat.com/show_bug.cgi?id=476266
[ 8 ] Bug #476285 - CVE-2008-5511 Firefox XSS via XBL bindings to unloaded document
https://bugzilla.redhat.com/show_bug.cgi?id=476285
[ 9 ] Bug #476274 - CVE-2008-5505 Firefox 3 User tracking via XUL persist attribute
https://bugzilla.redhat.com/show_bug.cgi?id=476274
[ 10 ] Bug #476269 - CVE-2008-5502 JavaScript engine crash - Firefox 3 only
https://bugzilla.redhat.com/show_bug.cgi?id=476269
[ 11 ] Bug #476281 - CVE-2008-5508 Firefox errors parsing URLs with control characters
https://bugzilla.redhat.com/show_bug.cgi?id=476281

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update xulrunner' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-11598

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-5501
1021417
http://www.securitytracker.com/id?1021417
256408
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
32882
http://www.securityfocus.com/bid/32882
33188
http://secunia.com/advisories/33188
33189
http://secunia.com/advisories/33189
33203
http://secunia.com/advisories/33203
33216
http://secunia.com/advisories/33216
33421
http://secunia.com/advisories/33421
34501
http://secunia.com/advisories/34501
ADV-2009-0977
http://www.vupen.com/english/advisories/2009/0977
MDVSA-2008:245
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
RHSA-2008:1036
http://www.redhat.com/support/errata/RHSA-2008-1036.html
RHSA-2008:1037
http://www.redhat.com/support/errata/RHSA-2008-1037.html
RHSA-2009:0002
http://www.redhat.com/support/errata/RHSA-2009-0002.html
USN-690-1
https://usn.ubuntu.com/690-1/
http://www.mozilla.org/security/announce/2008/mfsa2008-60.html
https://bugzilla.mozilla.org/show_bug.cgi?id=395623
mozilla-layout-code-execution-var4(47407)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47407
oval:org.mitre.oval:def:10257
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10257
Common Vulnerability Exposure (CVE) ID: CVE-2008-5512
1021418
http://www.securitytracker.com/id?1021418
258748
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1
33184
http://secunia.com/advisories/33184
33204
http://secunia.com/advisories/33204
33205
http://secunia.com/advisories/33205
33231
http://secunia.com/advisories/33231
33232
http://secunia.com/advisories/33232
33408
http://secunia.com/advisories/33408
33415
http://secunia.com/advisories/33415
33433
http://secunia.com/advisories/33433
33434
http://secunia.com/advisories/33434
33523
http://secunia.com/advisories/33523
33547
http://secunia.com/advisories/33547
35080
http://secunia.com/advisories/35080
DSA-1696
http://www.debian.org/security/2009/dsa-1696
DSA-1697
http://www.debian.org/security/2009/dsa-1697
DSA-1704
http://www.debian.org/security/2009/dsa-1704
DSA-1707
http://www.debian.org/security/2009/dsa-1707
MDVSA-2008:244
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244
MDVSA-2009:012
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012
USN-690-2
http://www.ubuntu.com/usn/usn-690-2
USN-690-3
https://usn.ubuntu.com/690-3/
USN-701-1
http://www.ubuntu.com/usn/usn-701-1
USN-701-2
http://www.ubuntu.com/usn/usn-701-2
http://www.mozilla.org/security/announce/2008/mfsa2008-68.html
https://bugzilla.mozilla.org/show_bug.cgi?id=451680
https://bugzilla.mozilla.org/show_bug.cgi?id=464174
mozilla-xpcnativewrappers-code-execution(47416)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47416
oval:org.mitre.oval:def:9814
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9814
Common Vulnerability Exposure (CVE) ID: CVE-2008-5506
1021427
http://www.securitytracker.com/id?1021427
http://www.mozilla.org/security/announce/2008/mfsa2008-64.html
https://bugzilla.mozilla.org/show_bug.cgi?id=458248
mozilla-xmlhttprequest-302-info-disclosure(47412)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47412
oval:org.mitre.oval:def:10512
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512
Common Vulnerability Exposure (CVE) ID: CVE-2008-5510
1021425
http://www.securitytracker.com/id?1021425
http://www.mozilla.org/security/announce/2008/mfsa2008-67.html
https://bugzilla.mozilla.org/show_bug.cgi?id=228856
mozilla-cssparser-security-bypass(47415)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47415
oval:org.mitre.oval:def:9662
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9662
Common Vulnerability Exposure (CVE) ID: CVE-2008-5513
1021421
http://www.securitytracker.com/id?1021421
firefox-sessionrestore-security-bypass(47418)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47418
http://www.mozilla.org/security/announce/2008/mfsa2008-69.html
oval:org.mitre.oval:def:10389
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10389
Common Vulnerability Exposure (CVE) ID: CVE-2008-5507
1021423
http://www.securitytracker.com/id?1021423
20081218 Firefox cross-domain text theft (CESA-2008-011)
http://www.securityfocus.com/archive/1/499353/100/0/threaded
http://scary.beasts.org/security/CESA-2008-011.html
http://www.mozilla.org/security/announce/2008/mfsa2008-65.html
https://bugzilla.mozilla.org/show_bug.cgi?id=461735
mozilla-javascripturl-infor-disclosure(47413)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47413
oval:org.mitre.oval:def:9376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376
Common Vulnerability Exposure (CVE) ID: CVE-2008-5500
https://bugzilla.mozilla.org/show_bug.cgi?id=460803
https://bugzilla.mozilla.org/show_bug.cgi?id=464998
mozilla-layout-code-execution-var3(47406)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47406
oval:org.mitre.oval:def:11053
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11053
Common Vulnerability Exposure (CVE) ID: CVE-2008-5511
mozilla-xbl-security-bypass(47417)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47417
oval:org.mitre.oval:def:11881
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11881
Common Vulnerability Exposure (CVE) ID: CVE-2008-5505
1021428
http://www.securitytracker.com/id?1021428
firefox-xul-weak-security(47411)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47411
http://www.mozilla.org/security/announce/2008/mfsa2008-63.html
https://bugzilla.mozilla.org/show_bug.cgi?id=295994
oval:org.mitre.oval:def:10443
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10443
Common Vulnerability Exposure (CVE) ID: CVE-2008-5502
firefox-js-deflatestring-code-execution(47408)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47408
https://bugzilla.mozilla.org/show_bug.cgi?id=458679
oval:org.mitre.oval:def:10001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10001
Common Vulnerability Exposure (CVE) ID: CVE-2008-5508
1021426
http://www.securitytracker.com/id?1021426
http://www.mozilla.org/security/announce/2008/mfsa2008-66.html
https://bugzilla.mozilla.org/show_bug.cgi?id=425046
mozilla-urlparsing-weak-security(47414)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47414
oval:org.mitre.oval:def:11040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11040
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.