English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 72151 CVE descriptions
and 38907 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68365
Category:Fedora Local Security Checks
Title:Fedora Core 12 FEDORA-2010-16885 (firefox)
Summary:Fedora Core 12 FEDORA-2010-16885 (firefox)
Description:The remote host is missing an update to firefox
announced via advisory FEDORA-2010-16885.

Update Information:

Update to new upstream Firefox version 3.5.15, fixing multiple security issues detailed in the upstream advisories:

* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.14
* http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.15

Update also includes packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.

References:

[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
[ 9 ] Bug #646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)
https://bugzilla.redhat.com/show_bug.cgi?id=646997

Solution: Apply the appropriate updates.

This update can be installed with the yum update program. Use
su -c 'yum update firefox' at the command line.
For more information, refer to Managing Software with yum,
available at http://docs.fedoraproject.org/yum/.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2010-16885

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3175
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:210
http://www.mandriva.com/security/advisories?name=MDVSA-2010:211
http://www.redhat.com/support/errata/RHSA-2010-0782.html
http://www.redhat.com/support/errata/RHSA-2010-0861.html
http://www.redhat.com/support/errata/RHSA-2010-0896.html
http://www.ubuntu.com/usn/USN-997-1
http://www.ubuntu.com/usn/USN-998-1
BugTraq ID: 44245
http://www.securityfocus.com/bid/44245
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11943
http://secunia.com/advisories/42867
http://www.vupen.com/english/advisories/2011/0061
Common Vulnerability Exposure (CVE) ID: CVE-2010-3176
Debian Security Information: DSA-2124 (Google Search)
http://www.debian.org/security/2010/dsa-2124
http://www.redhat.com/support/errata/RHSA-2010-0781.html
http://www.redhat.com/support/errata/RHSA-2010-0780.html
BugTraq ID: 44243
http://www.securityfocus.com/bid/44243
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12132
Common Vulnerability Exposure (CVE) ID: CVE-2010-3179
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11675
Common Vulnerability Exposure (CVE) ID: CVE-2010-3180
BugTraq ID: 44248
http://www.securityfocus.com/bid/44248
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12158
Common Vulnerability Exposure (CVE) ID: CVE-2010-3183
http://www.zerodayinitiative.com/advisories/ZDI-10-219/
BugTraq ID: 44249
http://www.securityfocus.com/bid/44249
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11891
Common Vulnerability Exposure (CVE) ID: CVE-2010-3177
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12202
Common Vulnerability Exposure (CVE) ID: CVE-2010-3178
BugTraq ID: 44252
http://www.securityfocus.com/bid/44252
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12120
Common Vulnerability Exposure (CVE) ID: CVE-2010-3182
BugTraq ID: 44251
http://www.securityfocus.com/bid/44251
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13844
Common Vulnerability Exposure (CVE) ID: CVE-2010-3765
http://www.exploit-db.com/exploits/15341
http://www.exploit-db.com/exploits/15342
http://www.exploit-db.com/exploits/15352
http://isc.sans.edu/diary.html?storyid=9817
http://www.norman.com/about_norman/press_center/news_archive/2010/129223/
http://www.norman.com/security_center/virus_description_archive/129146/
https://bugzilla.mozilla.org/show_bug.cgi?id=607222#c53
http://norman.com/about_norman/press_center/news_archive/2010/129223/en?utm_source=twitterfeed&utm_medium=twitter
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:213
http://www.mandriva.com/security/advisories?name=MDVSA-2010:219
http://www.redhat.com/support/errata/RHSA-2010-0809.html
http://www.redhat.com/support/errata/RHSA-2010-0810.html
http://www.redhat.com/support/errata/RHSA-2010-0808.html
RedHat Security Advisories: RHSA-2010:0812
https://rhn.redhat.com/errata/RHSA-2010-0812.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.556706
http://www.ubuntu.com/usn/USN-1011-3
http://www.ubuntu.com/usn/usn-1011-1
http://www.ubuntu.com/usn/USN-1011-2
BugTraq ID: 44425
http://www.securityfocus.com/bid/44425
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12108
http://www.securitytracker.com/id?1024650
http://www.securitytracker.com/id?1024651
http://www.securitytracker.com/id?1024645
http://secunia.com/advisories/41966
http://secunia.com/advisories/41969
http://secunia.com/advisories/42008
http://secunia.com/advisories/42043
http://secunia.com/advisories/41761
http://secunia.com/advisories/41965
http://secunia.com/advisories/41975
http://secunia.com/advisories/42003
http://www.vupen.com/english/advisories/2010/2871
http://www.vupen.com/english/advisories/2010/2837
http://www.vupen.com/english/advisories/2010/2857
http://www.vupen.com/english/advisories/2010/2864
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.