Test ID:	1.3.6.1.4.1.25623.1.0.66605
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-873-1)
Summary:	The remote host is missing an update for the 'firefox-3.0, xulrunner-1.9' package(s) announced via the USN-873-1 advisory.
Description:	Summary: The remote host is missing an update for the 'firefox-3.0, xulrunner-1.9' package(s) announced via the USN-873-1 advisory. Vulnerability Insight: Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986) Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983) Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984) Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-3985) Affected Software/OS: 'firefox-3.0, xulrunner-1.9' package(s) on Ubuntu 8.04, Ubuntu 8.10, Ubuntu 9.04. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3979 BugTraq ID: 37349 http://www.securityfocus.com/bid/37349 BugTraq ID: 37361 http://www.securityfocus.com/bid/37361 Debian Security Information: DSA-1956 (Google Search) http://www.debian.org/security/2009/dsa-1956 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10956 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8487 RedHat Security Advisories: RHSA-2009:1673 https://rhn.redhat.com/errata/RHSA-2009-1673.html RedHat Security Advisories: RHSA-2009:1674 https://rhn.redhat.com/errata/RHSA-2009-1674.html http://www.redhat.com/support/errata/RHSA-2010-0153.html http://www.redhat.com/support/errata/RHSA-2010-0154.html http://securitytracker.com/id?1023333 http://securitytracker.com/id?1023334 http://secunia.com/advisories/37699 http://secunia.com/advisories/37703 http://secunia.com/advisories/37704 http://secunia.com/advisories/37785 http://secunia.com/advisories/37813 http://secunia.com/advisories/37856 http://secunia.com/advisories/37881 SuSE Security Announcement: SUSE-SA:2009:063 (Google Search) http://www.novell.com/linux/security/advisories/2009_63_firefox.html http://www.ubuntu.com/usn/USN-873-1 http://www.ubuntu.com/usn/USN-874-1 http://www.vupen.com/english/advisories/2009/3547 http://www.vupen.com/english/advisories/2010/0650 XForce ISS Database: mozilla-seamonkey-browser-code-exec(54799) https://exchange.xforce.ibmcloud.com/vulnerabilities/54799 Common Vulnerability Exposure (CVE) ID: CVE-2009-3981 BugTraq ID: 37363 http://www.securityfocus.com/bid/37363 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8523 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8584 XForce ISS Database: firefox-browser-engine-code-exec(54801) https://exchange.xforce.ibmcloud.com/vulnerabilities/54801 Common Vulnerability Exposure (CVE) ID: CVE-2009-3983 BugTraq ID: 37366 http://www.securityfocus.com/bid/37366 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8240 http://securitytracker.com/id?1023340 http://securitytracker.com/id?1023341 http://secunia.com/advisories/38977 http://secunia.com/advisories/39001 SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://www.ubuntu.com/usn/USN-915-1 http://www.vupen.com/english/advisories/2010/0648 XForce ISS Database: firefox-ntlm-reflection(54807) https://exchange.xforce.ibmcloud.com/vulnerabilities/54807 Common Vulnerability Exposure (CVE) ID: CVE-2009-3984 BugTraq ID: 37367 http://www.securityfocus.com/bid/37367 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9791 http://securitytracker.com/id?1023342 http://securitytracker.com/id?1023343 XForce ISS Database: firefox-documentlocation-ssl-spoofing(54806) https://exchange.xforce.ibmcloud.com/vulnerabilities/54806 Common Vulnerability Exposure (CVE) ID: CVE-2009-3985 BugTraq ID: 37370 http://www.securityfocus.com/bid/37370 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8480 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9911 XForce ISS Database: firefox-documentlocation-spoofing(54808) https://exchange.xforce.ibmcloud.com/vulnerabilities/54808 Common Vulnerability Exposure (CVE) ID: CVE-2009-3986 BugTraq ID: 37365 http://www.securityfocus.com/bid/37365 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11568 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8489 http://securitytracker.com/id?1023344 http://securitytracker.com/id?1023345 XForce ISS Database: firefox-windowopener-code-execution(54803) https://exchange.xforce.ibmcloud.com/vulnerabilities/54803
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.