English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64219
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDVSA-2009:134 (firefox)
Summary:The remote host is missing an update to firefox;announced via advisory MDVSA-2009:134.
Description:Summary:
The remote host is missing an update to firefox
announced via advisory MDVSA-2009:134.

Vulnerability Insight:
Security vulnerabilities have been discovered and corrected in Mozilla
Firefox 3.x:

CVE-2009-1392: Firefox browser engine crashes
CVE-2009-1832: Firefox double frame construction flaw
CVE-2009-1833: Firefox JavaScript engine crashes
CVE-2009-1834: Firefox URL spoofing with invalid unicode characters
CVE-2009-1835: Firefox Arbitrary domain cookie access by local file:
resources
CVE-2009-1836: Firefox SSL tampering via non-200 responses to proxy
CONNECT requests
CVE-2009-1837: Firefox Race condition while accessing the private
data of a NPObject JS wrapper class object
CVE-2009-1838: Firefox arbitrary code execution flaw
CVE-2009-1839: Firefox information disclosure flaw
CVE-2009-1840: Firefox XUL scripts skip some security checks
CVE-2009-1841: Firefox JavaScript arbitrary code execution
CVE-2009-2043: firefox - remote TinyMCE denial of service
CVE-2009-2044: firefox - remote GIF denial of service
CVE-2009-2061: firefox - man-in-the-middle exploit
CVE-2009-2065: firefox - man-in-the-middle exploit

This update provides the latest Mozilla Firefox 3.x to correct
these issues.

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

Affected: 2009.0, 2009.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1392
1020800
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1
1022376
http://securitytracker.com/id?1022376
1022397
http://www.securitytracker.com/id?1022397
265068
http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1
35326
http://www.securityfocus.com/bid/35326
35331
http://secunia.com/advisories/35331
35370
http://www.securityfocus.com/bid/35370
35415
http://secunia.com/advisories/35415
35428
http://secunia.com/advisories/35428
35431
http://secunia.com/advisories/35431
35439
http://secunia.com/advisories/35439
35440
http://secunia.com/advisories/35440
35468
http://secunia.com/advisories/35468
35536
http://secunia.com/advisories/35536
35561
http://secunia.com/advisories/35561
35602
http://secunia.com/advisories/35602
55144
http://osvdb.org/55144
55145
http://osvdb.org/55145
55146
http://osvdb.org/55146
55147
http://osvdb.org/55147
ADV-2009-1572
http://www.vupen.com/english/advisories/2009/1572
ADV-2009-2152
http://www.vupen.com/english/advisories/2009/2152
DSA-1820
http://www.debian.org/security/2009/dsa-1820
DSA-1830
http://www.debian.org/security/2009/dsa-1830
FEDORA-2009-6366
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
FEDORA-2009-6411
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
MDVSA-2009:141
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
RHSA-2009:1095
https://rhn.redhat.com/errata/RHSA-2009-1095.html
RHSA-2009:1096
http://rhn.redhat.com/errata/RHSA-2009-1096.html
RHSA-2009:1125
http://www.redhat.com/support/errata/RHSA-2009-1125.html
RHSA-2009:1126
http://www.redhat.com/support/errata/RHSA-2009-1126.html
SSA:2009-167-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
SSA:2009-176-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
SSA:2009-178-01
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
USN-782-1
http://www.ubuntu.com/usn/usn-782-1
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
https://bugzilla.mozilla.org/show_bug.cgi?id=380359
https://bugzilla.mozilla.org/show_bug.cgi?id=429969
https://bugzilla.mozilla.org/show_bug.cgi?id=431086
https://bugzilla.mozilla.org/show_bug.cgi?id=432068
https://bugzilla.mozilla.org/show_bug.cgi?id=451341
https://bugzilla.mozilla.org/show_bug.cgi?id=472776
https://bugzilla.mozilla.org/show_bug.cgi?id=486398
https://bugzilla.mozilla.org/show_bug.cgi?id=489041
https://bugzilla.mozilla.org/show_bug.cgi?id=490410
https://bugzilla.mozilla.org/show_bug.cgi?id=490425
https://bugzilla.mozilla.org/show_bug.cgi?id=490513
https://bugzilla.redhat.com/show_bug.cgi?id=503568
oval:org.mitre.oval:def:9501
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9501
Common Vulnerability Exposure (CVE) ID: CVE-2009-1832
35371
http://www.securityfocus.com/bid/35371
35882
http://secunia.com/advisories/35882
55148
http://osvdb.org/55148
FEDORA-2009-7567
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
FEDORA-2009-7614
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
https://bugzilla.mozilla.org/show_bug.cgi?id=484031
https://bugzilla.redhat.com/show_bug.cgi?id=503569
oval:org.mitre.oval:def:10237
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10237
Common Vulnerability Exposure (CVE) ID: CVE-2009-1833
35372
http://www.securityfocus.com/bid/35372
55152
http://osvdb.org/55152
55153
http://osvdb.org/55153
55154
http://osvdb.org/55154
https://bugzilla.mozilla.org/show_bug.cgi?id=369696
https://bugzilla.mozilla.org/show_bug.cgi?id=426520
https://bugzilla.mozilla.org/show_bug.cgi?id=427196
https://bugzilla.mozilla.org/show_bug.cgi?id=487204
https://bugzilla.redhat.com/show_bug.cgi?id=503570
oval:org.mitre.oval:def:11487
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11487
Common Vulnerability Exposure (CVE) ID: CVE-2009-1834
264308
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
35388
http://www.securityfocus.com/bid/35388
55162
http://osvdb.org/55162
http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
https://bugzilla.mozilla.org/show_bug.cgi?id=479413
https://bugzilla.redhat.com/show_bug.cgi?id=503573
oval:org.mitre.oval:def:10436
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10436
Common Vulnerability Exposure (CVE) ID: CVE-2009-1835
35391
http://www.securityfocus.com/bid/35391
55161
http://osvdb.org/55161
http://www.mozilla.org/security/announce/2009/mfsa2009-26.html
https://bugzilla.mozilla.org/show_bug.cgi?id=491801
https://bugzilla.redhat.com/show_bug.cgi?id=503576
oval:org.mitre.oval:def:9803
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9803
Common Vulnerability Exposure (CVE) ID: CVE-2009-1836
1022396
http://www.securitytracker.com/id?1022396
35380
http://www.securityfocus.com/bid/35380
55160
http://osvdb.org/55160
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
https://bugzilla.mozilla.org/show_bug.cgi?id=479880
https://bugzilla.redhat.com/show_bug.cgi?id=503578
oval:org.mitre.oval:def:11764
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11764
Common Vulnerability Exposure (CVE) ID: CVE-2009-1837
1022386
http://www.securitytracker.com/id?1022386
20090612 Secunia Research: Mozilla Firefox Java Applet Loading Vulnerability
http://www.securityfocus.com/archive/1/504260/100/0/threaded
34241
http://secunia.com/advisories/34241
35360
http://www.securityfocus.com/bid/35360
http://secunia.com/secunia_research/2009-19/
http://www.mozilla.org/security/announce/2009/mfsa2009-28.html
https://bugzilla.mozilla.org/show_bug.cgi?id=486269
https://bugzilla.redhat.com/show_bug.cgi?id=503579
oval:org.mitre.oval:def:10628
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10628
Common Vulnerability Exposure (CVE) ID: CVE-2009-1838
35383
http://www.securityfocus.com/bid/35383
55157
http://osvdb.org/55157
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
https://bugzilla.mozilla.org/show_bug.cgi?id=489131
https://bugzilla.redhat.com/show_bug.cgi?id=503580
oval:org.mitre.oval:def:11080
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080
Common Vulnerability Exposure (CVE) ID: CVE-2009-1839
35386
http://www.securityfocus.com/bid/35386
55163
http://osvdb.org/55163
http://www.mozilla.org/security/announce/2009/mfsa2009-30.html
https://bugzilla.mozilla.org/show_bug.cgi?id=479943
https://bugzilla.redhat.com/show_bug.cgi?id=503581
oval:org.mitre.oval:def:9256
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9256
Common Vulnerability Exposure (CVE) ID: CVE-2009-1840
1022379
http://www.securitytracker.com/id?1022379
55158
http://osvdb.org/55158
firefox-xul-security-bypass(51076)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51076
http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
https://bugzilla.mozilla.org/show_bug.cgi?id=477979
https://bugzilla.redhat.com/show_bug.cgi?id=503582
oval:org.mitre.oval:def:9448
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9448
Common Vulnerability Exposure (CVE) ID: CVE-2009-1841
35373
http://www.securityfocus.com/bid/35373
55159
http://osvdb.org/55159
http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
https://bugzilla.mozilla.org/show_bug.cgi?id=479560
https://bugzilla.redhat.com/show_bug.cgi?id=503583
oval:org.mitre.oval:def:9815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9815
Common Vulnerability Exposure (CVE) ID: CVE-2009-2043
BugTraq ID: 35413
http://www.securityfocus.com/bid/35413
RedHat Security Advisories: RHSA-2009:1095
XForce ISS Database: firefox-nsviewmanager-dos(51197)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51197
Common Vulnerability Exposure (CVE) ID: CVE-2009-2044
BugTraq ID: 35280
http://www.securityfocus.com/bid/35280
Bugtraq: 20090610 [ECHO_ADV_110$2009] Firefox (GNU/Linux version) <= 3.0.10 Denial Of Services (Google Search)
http://www.securityfocus.com/archive/1/504214
http://e-rdc.org/v1/news.php?readmore=137
https://bugzilla.mozilla.org/show_bug.cgi?id=496265
XForce ISS Database: mozilla-firefox-gif-dos(51037)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51037
Common Vulnerability Exposure (CVE) ID: CVE-2009-2061
BugTraq ID: 35412
http://www.securityfocus.com/bid/35412
XForce ISS Database: firefox-httpconnect-code-execution(51203)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51203
Common Vulnerability Exposure (CVE) ID: CVE-2009-2065
BugTraq ID: 35403
http://www.securityfocus.com/bid/35403
XForce ISS Database: firefox-https-security-bypass(51189)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51189
CopyrightCopyright (C) 2009 E-Soft Inc.

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.