Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-874-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.66606
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-874-1)
Summary:	The remote host is missing an update for the 'firefox-3.5, xulrunner-1.9.1' package(s) announced via the USN-874-1 advisory.
Description:	Summary: The remote host is missing an update for the 'firefox-3.5, xulrunner-1.9.1' package(s) announced via the USN-874-1 advisory. Vulnerability Insight: Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3979, CVE-2009-3980, CVE-2009-3982, CVE-2009-3986) Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983) Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984) Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-3985) David Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third party media libraries. If a user were tricked into opening a crafted media file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3388, CVE-2009-3389) Affected Software/OS: 'firefox-3.5, xulrunner-1.9.1' package(s) on Ubuntu 9.10. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3388 BugTraq ID: 37349 http://www.securityfocus.com/bid/37349 BugTraq ID: 37369 http://www.securityfocus.com/bid/37369 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8009 http://securitytracker.com/id?1023335 http://securitytracker.com/id?1023336 http://secunia.com/advisories/37699 http://secunia.com/advisories/37785 http://secunia.com/advisories/37856 http://secunia.com/advisories/37881 SuSE Security Announcement: SUSE-SA:2009:063 (Google Search) http://www.novell.com/linux/security/advisories/2009_63_firefox.html http://www.ubuntu.com/usn/USN-874-1 http://www.vupen.com/english/advisories/2009/3547 XForce ISS Database: mozilla-liboggplay-code-execution(54804) https://exchange.xforce.ibmcloud.com/vulnerabilities/54804 Common Vulnerability Exposure (CVE) ID: CVE-2009-3389 BugTraq ID: 37368 http://www.securityfocus.com/bid/37368 http://www.mandriva.com/security/advisories?name=MDVSA-2010:043 http://www.theora.org/news/#libtheora-1.1.0 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7967 http://secunia.com/advisories/39317 SuSE Security Announcement: SUSE-SR:2010:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html SuSE Security Announcement: SUSE-SR:2010:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html XForce ISS Database: mozilla-theora-bo(54805) https://exchange.xforce.ibmcloud.com/vulnerabilities/54805 Common Vulnerability Exposure (CVE) ID: CVE-2009-3979 BugTraq ID: 37361 http://www.securityfocus.com/bid/37361 Debian Security Information: DSA-1956 (Google Search) http://www.debian.org/security/2009/dsa-1956 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10956 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8487 RedHat Security Advisories: RHSA-2009:1673 https://rhn.redhat.com/errata/RHSA-2009-1673.html RedHat Security Advisories: RHSA-2009:1674 https://rhn.redhat.com/errata/RHSA-2009-1674.html http://www.redhat.com/support/errata/RHSA-2010-0153.html http://www.redhat.com/support/errata/RHSA-2010-0154.html http://securitytracker.com/id?1023333 http://securitytracker.com/id?1023334 http://secunia.com/advisories/37703 http://secunia.com/advisories/37704 http://secunia.com/advisories/37813 http://www.ubuntu.com/usn/USN-873-1 http://www.vupen.com/english/advisories/2010/0650 XForce ISS Database: mozilla-seamonkey-browser-code-exec(54799) https://exchange.xforce.ibmcloud.com/vulnerabilities/54799 Common Vulnerability Exposure (CVE) ID: CVE-2009-3980 BugTraq ID: 37362 http://www.securityfocus.com/bid/37362 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8503 XForce ISS Database: firefox-browser-eng-code-exec(54800) https://exchange.xforce.ibmcloud.com/vulnerabilities/54800 Common Vulnerability Exposure (CVE) ID: CVE-2009-3982 BugTraq ID: 37364 http://www.securityfocus.com/bid/37364 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8434 http://secunia.com/advisories/37783 http://www.vupen.com/english/advisories/2009/3558 XForce ISS Database: firefox-javascript-eng-code-exec(54802) https://exchange.xforce.ibmcloud.com/vulnerabilities/54802 Common Vulnerability Exposure (CVE) ID: CVE-2009-3983 BugTraq ID: 37366 http://www.securityfocus.com/bid/37366 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8240 http://securitytracker.com/id?1023340 http://securitytracker.com/id?1023341 http://secunia.com/advisories/38977 http://secunia.com/advisories/39001 http://www.ubuntu.com/usn/USN-915-1 http://www.vupen.com/english/advisories/2010/0648 XForce ISS Database: firefox-ntlm-reflection(54807) https://exchange.xforce.ibmcloud.com/vulnerabilities/54807 Common Vulnerability Exposure (CVE) ID: CVE-2009-3984 BugTraq ID: 37367 http://www.securityfocus.com/bid/37367 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8379 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9791 http://securitytracker.com/id?1023342 http://securitytracker.com/id?1023343 XForce ISS Database: firefox-documentlocation-ssl-spoofing(54806) https://exchange.xforce.ibmcloud.com/vulnerabilities/54806 Common Vulnerability Exposure (CVE) ID: CVE-2009-3985 BugTraq ID: 37370 http://www.securityfocus.com/bid/37370 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8480 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9911 XForce ISS Database: firefox-documentlocation-spoofing(54808) https://exchange.xforce.ibmcloud.com/vulnerabilities/54808 Common Vulnerability Exposure (CVE) ID: CVE-2009-3986 BugTraq ID: 37365 http://www.securityfocus.com/bid/37365 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11568 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8489 http://securitytracker.com/id?1023344 http://securitytracker.com/id?1023345 XForce ISS Database: firefox-windowopener-code-execution(54803) https://exchange.xforce.ibmcloud.com/vulnerabilities/54803
Copyright	Copyright (C) 2009 Greenbone AG