Fedora Local Security Checks : Fedora Core 13 FEDORA-2010-10361 (gnome-web-photo)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.67616
Category:	Fedora Local Security Checks
Title:	Fedora Core 13 FEDORA-2010-10361 (gnome-web-photo)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gnome-web-photo announced via advisory FEDORA-2010-10361. ChangeLog: * Wed Jun 23 2010 Jan Horak - 0.9-9 - Rebuild against newer gecko References: [ 1 ] Bug #590804 - CVE-2010-1200 Mozilla Crashes with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=590804 [ 2 ] Bug #590810 - CVE-2010-1202 Mozilla Crashes with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=590810 [ 3 ] Bug #590816 - CVE-2010-1203 Mozilla Crashes with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=590816 [ 4 ] Bug #590828 - CVE-2010-1198 Mozilla Freed object reuse across plugin instances https://bugzilla.redhat.com/show_bug.cgi?id=590828 [ 5 ] Bug #590830 - CVE-2010-1196 Mozilla Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal https://bugzilla.redhat.com/show_bug.cgi?id=590830 [ 6 ] Bug #590833 - CVE-2010-1199 Mozilla Integer Overflow in XSLT Node Sorting https://bugzilla.redhat.com/show_bug.cgi?id=590833 [ 7 ] Bug #577584 - CVE-2010-1125 firefox: keystrokes sent to hidden frame rather than visible frame due to javascript flaw https://bugzilla.redhat.com/show_bug.cgi?id=577584 [ 8 ] Bug #590850 - CVE-2010-1197 Mozilla Content-Disposition: attachment ignored if Content-Type: multipart also present https://bugzilla.redhat.com/show_bug.cgi?id=590850 [ 9 ] Bug #480938 - CVE-2008-5913 mozilla: in-session phishing attack https://bugzilla.redhat.com/show_bug.cgi?id=480938 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update gnome-web-photo' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2010-10361 Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1200 BugTraq ID: 41050 http://www.securityfocus.com/bid/41050 BugTraq ID: 41090 http://www.securityfocus.com/bid/41090 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:125 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10816 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14326 http://www.redhat.com/support/errata/RHSA-2010-0499.html http://www.redhat.com/support/errata/RHSA-2010-0500.html http://www.redhat.com/support/errata/RHSA-2010-0501.html http://www.securitytracker.com/id?1024138 http://www.securitytracker.com/id?1024139 http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 SuSE Security Announcement: SUSE-SA:2010:030 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://ubuntu.com/usn/usn-930-1 http://www.ubuntu.com/usn/usn-930-2 http://www.vupen.com/english/advisories/2010/1551 http://www.vupen.com/english/advisories/2010/1556 http://www.vupen.com/english/advisories/2010/1557 http://www.vupen.com/english/advisories/2010/1592 http://www.vupen.com/english/advisories/2010/1640 http://www.vupen.com/english/advisories/2010/1773 XForce ISS Database: firefox-seamonkey-browser-code-exec(59659) https://exchange.xforce.ibmcloud.com/vulnerabilities/59659 Common Vulnerability Exposure (CVE) ID: CVE-2010-1202 BugTraq ID: 41094 http://www.securityfocus.com/bid/41094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10889 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14308 XForce ISS Database: firefox-javascript-ce(59661) https://exchange.xforce.ibmcloud.com/vulnerabilities/59661 Common Vulnerability Exposure (CVE) ID: CVE-2010-1203 BugTraq ID: 41099 http://www.securityfocus.com/bid/41099 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10401 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8317 XForce ISS Database: mozilla-firefox-javascript-ce(59662) https://exchange.xforce.ibmcloud.com/vulnerabilities/59662 Common Vulnerability Exposure (CVE) ID: CVE-2010-1198 BugTraq ID: 41102 http://www.securityfocus.com/bid/41102 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10990 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14176 XForce ISS Database: firefox-plugin-instances-code-exec(59664) https://exchange.xforce.ibmcloud.com/vulnerabilities/59664 Common Vulnerability Exposure (CVE) ID: CVE-2010-1196 BugTraq ID: 41087 http://www.securityfocus.com/bid/41087 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14017 XForce ISS Database: firefox-nsgenericdomdatanode-bo(59665) https://exchange.xforce.ibmcloud.com/vulnerabilities/59665 Common Vulnerability Exposure (CVE) ID: CVE-2010-1199 BugTraq ID: 41082 http://www.securityfocus.com/bid/41082 Bugtraq: 20100623 ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511972/100/0/threaded http://www.exploit-db.com/exploits/14949 http://www.zerodayinitiative.com/advisories/ZDI-10-113 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10885 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13287 XForce ISS Database: firefox-xslt-node-code-execution(59666) https://exchange.xforce.ibmcloud.com/vulnerabilities/59666 Common Vulnerability Exposure (CVE) ID: CVE-2010-1125 Bugtraq: 20100313 ...because you can't get enough of clickjacking (Google Search) http://www.securityfocus.com/archive/1/510070/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10386 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13962 Common Vulnerability Exposure (CVE) ID: CVE-2010-1197 BugTraq ID: 41103 http://www.securityfocus.com/bid/41103 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10168 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14186 XForce ISS Database: firefox-contentdisposition-security-bypass(59667) https://exchange.xforce.ibmcloud.com/vulnerabilities/59667 Common Vulnerability Exposure (CVE) ID: CVE-2008-5913 BugTraq ID: 33276 http://www.securityfocus.com/bid/33276 http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161 http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11139
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com