English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64261
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-779-1)
Summary:The remote host is missing an update for the 'firefox-3.0, xulrunner-1.9' package(s) announced via the USN-779-1 advisory.
Description:Summary:
The remote host is missing an update for the 'firefox-3.0, xulrunner-1.9' package(s) announced via the USN-779-1 advisory.

Vulnerability Insight:
Several flaws were discovered in the browser and JavaScript engines of
Firefox. If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2009-1392,
CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838)

Pavel Cvrcek discovered that Firefox would sometimes display certain
invalid Unicode characters as whitespace. An attacker could exploit this to
spoof the location bar, such as in a phishing attack. (CVE-2009-1834)

Gregory Fleischer, Adam Barth and Collin Jackson discovered that Firefox
would allow access to local files from resources loaded via the file:
protocol. If a user were tricked into downloading then opening a malicious
file, an attacker could steal potentially sensitive information.
(CVE-2009-1835, CVE-2009-1839)

Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Firefox
did not properly handle error responses when connecting to a proxy server.
If a remote attacker were able to perform a machine-in-the-middle attack, this
flaw could be exploited to view sensitive information. (CVE-2009-1836)

Wladimir Palant discovered Firefox did not check content-loading policies
when loading external script files into XUL documents. As a result, Firefox
might load malicious content under certain circumstances. (CVE-2009-1840)

It was discovered that Firefox could be made to run scripts with elevated
privileges. If a user were tricked into viewing a malicious website, an
attacker could cause a chrome privileged object, such as the browser
sidebar, to run arbitrary code via interactions with the attacker
controlled website. (CVE-2009-1841)

Affected Software/OS:
'firefox-3.0, xulrunner-1.9' package(s) on Ubuntu 8.04, Ubuntu 8.10, Ubuntu 9.04.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1392
1020800
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1
1022376
http://securitytracker.com/id?1022376
1022397
http://www.securitytracker.com/id?1022397
265068
http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1
35326
http://www.securityfocus.com/bid/35326
35331
http://secunia.com/advisories/35331
35370
http://www.securityfocus.com/bid/35370
35415
http://secunia.com/advisories/35415
35428
http://secunia.com/advisories/35428
35431
http://secunia.com/advisories/35431
35439
http://secunia.com/advisories/35439
35440
http://secunia.com/advisories/35440
35468
http://secunia.com/advisories/35468
35536
http://secunia.com/advisories/35536
35561
http://secunia.com/advisories/35561
35602
http://secunia.com/advisories/35602
55144
http://osvdb.org/55144
55145
http://osvdb.org/55145
55146
http://osvdb.org/55146
55147
http://osvdb.org/55147
ADV-2009-1572
http://www.vupen.com/english/advisories/2009/1572
ADV-2009-2152
http://www.vupen.com/english/advisories/2009/2152
DSA-1820
http://www.debian.org/security/2009/dsa-1820
DSA-1830
http://www.debian.org/security/2009/dsa-1830
FEDORA-2009-6366
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html
FEDORA-2009-6411
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html
MDVSA-2009:141
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
RHSA-2009:1095
https://rhn.redhat.com/errata/RHSA-2009-1095.html
RHSA-2009:1096
http://rhn.redhat.com/errata/RHSA-2009-1096.html
RHSA-2009:1125
http://www.redhat.com/support/errata/RHSA-2009-1125.html
RHSA-2009:1126
http://www.redhat.com/support/errata/RHSA-2009-1126.html
SSA:2009-167-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468
SSA:2009-176-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408
SSA:2009-178-01
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275
USN-782-1
http://www.ubuntu.com/usn/usn-782-1
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
https://bugzilla.mozilla.org/show_bug.cgi?id=380359
https://bugzilla.mozilla.org/show_bug.cgi?id=429969
https://bugzilla.mozilla.org/show_bug.cgi?id=431086
https://bugzilla.mozilla.org/show_bug.cgi?id=432068
https://bugzilla.mozilla.org/show_bug.cgi?id=451341
https://bugzilla.mozilla.org/show_bug.cgi?id=472776
https://bugzilla.mozilla.org/show_bug.cgi?id=486398
https://bugzilla.mozilla.org/show_bug.cgi?id=489041
https://bugzilla.mozilla.org/show_bug.cgi?id=490410
https://bugzilla.mozilla.org/show_bug.cgi?id=490425
https://bugzilla.mozilla.org/show_bug.cgi?id=490513
https://bugzilla.redhat.com/show_bug.cgi?id=503568
oval:org.mitre.oval:def:9501
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9501
Common Vulnerability Exposure (CVE) ID: CVE-2009-1832
35371
http://www.securityfocus.com/bid/35371
35882
http://secunia.com/advisories/35882
55148
http://osvdb.org/55148
FEDORA-2009-7567
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html
FEDORA-2009-7614
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html
https://bugzilla.mozilla.org/show_bug.cgi?id=484031
https://bugzilla.redhat.com/show_bug.cgi?id=503569
oval:org.mitre.oval:def:10237
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10237
Common Vulnerability Exposure (CVE) ID: CVE-2009-1833
35372
http://www.securityfocus.com/bid/35372
55152
http://osvdb.org/55152
55153
http://osvdb.org/55153
55154
http://osvdb.org/55154
https://bugzilla.mozilla.org/show_bug.cgi?id=369696
https://bugzilla.mozilla.org/show_bug.cgi?id=426520
https://bugzilla.mozilla.org/show_bug.cgi?id=427196
https://bugzilla.mozilla.org/show_bug.cgi?id=487204
https://bugzilla.redhat.com/show_bug.cgi?id=503570
oval:org.mitre.oval:def:11487
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11487
Common Vulnerability Exposure (CVE) ID: CVE-2009-1834
264308
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
35388
http://www.securityfocus.com/bid/35388
55162
http://osvdb.org/55162
http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
https://bugzilla.mozilla.org/show_bug.cgi?id=479413
https://bugzilla.redhat.com/show_bug.cgi?id=503573
oval:org.mitre.oval:def:10436
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10436
Common Vulnerability Exposure (CVE) ID: CVE-2009-1835
35391
http://www.securityfocus.com/bid/35391
55161
http://osvdb.org/55161
http://www.mozilla.org/security/announce/2009/mfsa2009-26.html
https://bugzilla.mozilla.org/show_bug.cgi?id=491801
https://bugzilla.redhat.com/show_bug.cgi?id=503576
oval:org.mitre.oval:def:9803
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9803
Common Vulnerability Exposure (CVE) ID: CVE-2009-1836
1022396
http://www.securitytracker.com/id?1022396
35380
http://www.securityfocus.com/bid/35380
55160
http://osvdb.org/55160
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
https://bugzilla.mozilla.org/show_bug.cgi?id=479880
https://bugzilla.redhat.com/show_bug.cgi?id=503578
oval:org.mitre.oval:def:11764
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11764
Common Vulnerability Exposure (CVE) ID: CVE-2009-1837
1022386
http://www.securitytracker.com/id?1022386
20090612 Secunia Research: Mozilla Firefox Java Applet Loading Vulnerability
http://www.securityfocus.com/archive/1/504260/100/0/threaded
34241
http://secunia.com/advisories/34241
35360
http://www.securityfocus.com/bid/35360
http://secunia.com/secunia_research/2009-19/
http://www.mozilla.org/security/announce/2009/mfsa2009-28.html
https://bugzilla.mozilla.org/show_bug.cgi?id=486269
https://bugzilla.redhat.com/show_bug.cgi?id=503579
oval:org.mitre.oval:def:10628
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10628
Common Vulnerability Exposure (CVE) ID: CVE-2009-1838
35383
http://www.securityfocus.com/bid/35383
55157
http://osvdb.org/55157
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
https://bugzilla.mozilla.org/show_bug.cgi?id=489131
https://bugzilla.redhat.com/show_bug.cgi?id=503580
oval:org.mitre.oval:def:11080
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080
Common Vulnerability Exposure (CVE) ID: CVE-2009-1839
35386
http://www.securityfocus.com/bid/35386
55163
http://osvdb.org/55163
http://www.mozilla.org/security/announce/2009/mfsa2009-30.html
https://bugzilla.mozilla.org/show_bug.cgi?id=479943
https://bugzilla.redhat.com/show_bug.cgi?id=503581
oval:org.mitre.oval:def:9256
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9256
Common Vulnerability Exposure (CVE) ID: CVE-2009-1840
1022379
http://www.securitytracker.com/id?1022379
55158
http://osvdb.org/55158
firefox-xul-security-bypass(51076)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51076
http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
https://bugzilla.mozilla.org/show_bug.cgi?id=477979
https://bugzilla.redhat.com/show_bug.cgi?id=503582
oval:org.mitre.oval:def:9448
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9448
Common Vulnerability Exposure (CVE) ID: CVE-2009-1841
35373
http://www.securityfocus.com/bid/35373
55159
http://osvdb.org/55159
http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
https://bugzilla.mozilla.org/show_bug.cgi?id=479560
https://bugzilla.redhat.com/show_bug.cgi?id=503583
oval:org.mitre.oval:def:9815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9815
CopyrightCopyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.