Test ID:	1.3.6.1.4.1.25623.1.0.67857
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-930-6 (xulrunner-1.9.2)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to xulrunner-1.9.2 announced via advisory USN-930-6. Ubuntu 9.04 Ubuntu 9.10 Details follow: USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. (CVE-2010-2755) This update fixes the problem. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.04: abrowser 3.6.8+build1+nobinonly-0ubuntu0.9.04.1 firefox-3.0 3.6.8+build1+nobinonly-0ubuntu0.9.04.1 xulrunner-1.9.2 1.9.2.8+build1+nobinonly-0ubuntu0.9.04.1 Ubuntu 9.10: abrowser 3.6.8+build1+nobinonly-0ubuntu0.9.10.1 firefox-3.5 3.6.8+build1+nobinonly-0ubuntu0.9.10.1 xulrunner-1.9.2 1.9.2.8+build1+nobinonly-0ubuntu0.9.10.1 After a standard system upgrade you need to restart Firefox and any applications that use Xulrunner to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-930-6 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2755 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11961 Common Vulnerability Exposure (CVE) ID: CVE-2010-1214 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685 Common Vulnerability Exposure (CVE) ID: CVE-2010-1121 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://news.cnet.com/8301-27080_3-20001126-245.html http://twitter.com/thezdi/statuses/11005277222 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10924 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6844 http://www.redhat.com/support/errata/RHSA-2010-0500.html http://www.redhat.com/support/errata/RHSA-2010-0501.html http://www.securitytracker.com/id?1023817 http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 SuSE Security Announcement: SUSE-SA:2010:030 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://ubuntu.com/usn/usn-930-1 http://www.ubuntu.com/usn/usn-930-2 http://www.vupen.com/english/advisories/2010/1557 http://www.vupen.com/english/advisories/2010/1592 http://www.vupen.com/english/advisories/2010/1640 http://www.vupen.com/english/advisories/2010/1773 Common Vulnerability Exposure (CVE) ID: CVE-2010-1200 BugTraq ID: 41050 http://www.securityfocus.com/bid/41050 BugTraq ID: 41090 http://www.securityfocus.com/bid/41090 http://www.mandriva.com/security/advisories?name=MDVSA-2010:125 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10816 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14326 http://www.redhat.com/support/errata/RHSA-2010-0499.html http://www.securitytracker.com/id?1024138 http://www.securitytracker.com/id?1024139 http://www.vupen.com/english/advisories/2010/1551 http://www.vupen.com/english/advisories/2010/1556 XForce ISS Database: firefox-seamonkey-browser-code-exec(59659) https://exchange.xforce.ibmcloud.com/vulnerabilities/59659 Common Vulnerability Exposure (CVE) ID: CVE-2010-1201 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12671 Common Vulnerability Exposure (CVE) ID: CVE-2010-1202 BugTraq ID: 41094 http://www.securityfocus.com/bid/41094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10889 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14308 XForce ISS Database: firefox-javascript-ce(59661) https://exchange.xforce.ibmcloud.com/vulnerabilities/59661 Common Vulnerability Exposure (CVE) ID: CVE-2010-1203 BugTraq ID: 41099 http://www.securityfocus.com/bid/41099 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10401 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8317 XForce ISS Database: mozilla-firefox-javascript-ce(59662) https://exchange.xforce.ibmcloud.com/vulnerabilities/59662 Common Vulnerability Exposure (CVE) ID: CVE-2010-1198 BugTraq ID: 41102 http://www.securityfocus.com/bid/41102 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10990 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14176 XForce ISS Database: firefox-plugin-instances-code-exec(59664) https://exchange.xforce.ibmcloud.com/vulnerabilities/59664 Common Vulnerability Exposure (CVE) ID: CVE-2010-1196 BugTraq ID: 41087 http://www.securityfocus.com/bid/41087 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11424 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14017 XForce ISS Database: firefox-nsgenericdomdatanode-bo(59665) https://exchange.xforce.ibmcloud.com/vulnerabilities/59665 Common Vulnerability Exposure (CVE) ID: CVE-2010-1199 BugTraq ID: 41082 http://www.securityfocus.com/bid/41082 Bugtraq: 20100623 ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511972/100/0/threaded http://www.exploit-db.com/exploits/14949 http://www.zerodayinitiative.com/advisories/ZDI-10-113 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10885 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13287 XForce ISS Database: firefox-xslt-node-code-execution(59666) https://exchange.xforce.ibmcloud.com/vulnerabilities/59666 Common Vulnerability Exposure (CVE) ID: CVE-2010-1125 Bugtraq: 20100313 ...because you can't get enough of clickjacking (Google Search) http://www.securityfocus.com/archive/1/510070/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10386 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13962 Common Vulnerability Exposure (CVE) ID: CVE-2010-1197 BugTraq ID: 41103 http://www.securityfocus.com/bid/41103 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10168 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14186 XForce ISS Database: firefox-contentdisposition-security-bypass(59667) https://exchange.xforce.ibmcloud.com/vulnerabilities/59667 Common Vulnerability Exposure (CVE) ID: CVE-2008-5913 BugTraq ID: 33276 http://www.securityfocus.com/bid/33276 http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161 http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11139
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.