English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75803 CVE descriptions
and 40037 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66956
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-895-1 (xulrunner-1.9)
Summary:Ubuntu USN-895-1 (xulrunner-1.9)
Description:The remote host is missing an update to xulrunner-1.9
announced via advisory USN-895-1.

Details follow:

Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious website, a remote attacker could
cause a denial of service or possibly execute arbitrary code with the
privileges of the user invoking the program. (CVE-2010-0159)

Orlando Barrera II discovered a flaw in the Web Workers implementation of
Firefox. If a user were tricked into posting to a malicious website, an
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-0160)

Alin Rad Pop discovered that Firefox's HTML parser would incorrectly free
memory under certain circumstances. If the browser could be made to access
these freed memory objects, an attacker could exploit this to execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-1571)

Hidetake Jo discovered that the showModalDialog in Firefox did not always
honor the same-origin policy. An attacker could exploit this to run
untrusted JavaScript from other domains. (CVE-2009-3988)

Georgi Guninski discovered that the same-origin check in Firefox could be
bypassed by utilizing a crafted SVG image. If a user were tricked into
viewing a malicious website, an attacker could exploit this to read data
from other domains. (CVE-2010-0162)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
firefox-3.0 3.0.18+build1+nobinonly-0ubuntu0.8.04.1
xulrunner-1.9 1.9.0.18+build1+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10:
abrowser 3.0.18+build1+nobinonly-0ubuntu0.8.10.1
firefox-3.0 3.0.18+build1+nobinonly-0ubuntu0.8.10.1
xulrunner-1.9 1.9.0.18+build1+nobinonly-0ubuntu0.8.10.1

Ubuntu 9.04:
abrowser 3.0.18+build1+nobinonly-0ubuntu0.9.04.1
firefox-3.0 3.0.18+build1+nobinonly-0ubuntu0.9.04.1
xulrunner-1.9 1.9.0.18+build1+nobinonly-0ubuntu0.9.04.1

After a standard system upgrade you need to restart Firefox and any
applications that use xulrunner to effect the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-895-1

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1571
Bugtraq: 20100218 Secunia Research: Mozilla Firefox Memory Corruption Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/509585/100/0/threaded
http://secunia.com/secunia_research/2009-45/
Debian Security Information: DSA-1999 (Google Search)
http://www.debian.org/security/2010/dsa-1999
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
http://www.mandriva.com/security/advisories?name=MDVSA-2010:051
http://www.redhat.com/support/errata/RHSA-2010-0112.html
http://www.redhat.com/support/errata/RHSA-2010-0113.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
SuSE Security Announcement: SUSE-SA:2010:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
http://www.ubuntu.com/usn/USN-895-1
http://www.ubuntu.com/usn/USN-896-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11227
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8615
http://secunia.com/advisories/37242
http://secunia.com/advisories/38770
http://secunia.com/advisories/38772
http://secunia.com/advisories/38847
http://www.vupen.com/english/advisories/2010/0405
http://www.vupen.com/english/advisories/2010/0650
XForce ISS Database: mozilla-htmlparser-code-exec(56361)
http://xforce.iss.net/xforce/xfdb/56361
Common Vulnerability Exposure (CVE) ID: CVE-2009-3988
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8355
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9384
XForce ISS Database: mozilla-showmodaldialog-xss(56362)
http://xforce.iss.net/xforce/xfdb/56362
Common Vulnerability Exposure (CVE) ID: CVE-2010-0159
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8485
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9590
XForce ISS Database: mozilla-browsereng-code-execution(56359)
http://xforce.iss.net/xforce/xfdb/56359
Common Vulnerability Exposure (CVE) ID: CVE-2010-0160
Bugtraq: 20100402 ZDI-10-046: Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/510533/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-10-046
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11166
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8465
XForce ISS Database: mozilla-webworkers-code-execution(56360)
http://xforce.iss.net/xforce/xfdb/56360
Common Vulnerability Exposure (CVE) ID: CVE-2010-0162
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10697
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8631
XForce ISS Database: mozilla-svg-xss(56363)
http://xforce.iss.net/xforce/xfdb/56363
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.