English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68726
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2010:251-2 (firefox)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to firefox
announced via advisory MDVSA-2010:251-2.

Security issues were identified and fixed in firefox:

Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that
the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are
vulnerable to XSS attacks due to some characters being converted to
angle brackets when displayed by the rendering engine. Sites using
these character encodings would thus be potentially vulnerable to
script injection attacks if their script filtering code fails to
strip out these specific characters (CVE-2010-3770).

Google security researcher Michal Zalewski reported that when a
window was opened to a site resulting in a network or certificate
error page, the opening site could access the document inside the
opened window and inject arbitrary content. An attacker could use
this bug to spoof the location bar and trick a user into thinking
they were on a different site than they actually were (CVE-2010-3774).

Mozilla security researcher moz_bug_r_a4 reported that the fix for
CVE-2010-0179 could be circumvented permitting the execution of
arbitrary JavaScript with chrome privileges (CVE-2010-3773).

Security researcher regenrecht reported via TippingPoint's Zero
Day Initiative that JavaScript arrays were vulnerable to an integer
overflow vulnerability. The report demonstrated that an array could
be constructed containing a very large number of items such that when
memory was allocated to store the array items, the integer value used
to calculate the buffer size would overflow resulting in too small a
buffer being allocated. Subsequent use of the array object could then
result in data being written past the end of the buffer and causing
memory corruption (CVE-2010-3767).

Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that a nsDOMAttribute node can be modified without informing
the iterator object responsible for various DOM traversals. This
flaw could lead to a inconsistent state where the iterator points
to an object it believes is part of the DOM but actually points to
some other object. If such an object had been deleted and its memory
reclaimed by the system, then the iterator could be used to call into
attacker-controlled memory (CVE-2010-3766).

Security researcher Gregory Fleischer reported that when a Java
LiveConnect script was loaded via a data: URL which redirects via a
meta refresh, then the resulting plugin object was created with the
wrong security principal and thus received elevated privileges such
as the abilities to read local files, launch processes, and create
network connections (CVE-2010-3775).

Mozilla added the OTS font sanitizing library to prevent downloadable
fonts from exposing vulnerabilities in the underlying OS font
code. This library mitigates against several issues independently
reported by Red Hat Security Response Team member Marc Schoenefeld
and Mozilla security researcher Christoph Diehl (CVE-2010-3768).

Security researcher wushi of team509 reported that when a XUL
tree had an HTML \ element nested inside a \
element then code attempting to display content in the XUL tree would
incorrectly treat the \ element as a parent node to tree content
underneath it resulting in incorrect indexes being calculated for the
child content. These incorrect indexes were used in subsequent array
operations which resulted in writing data past the end of an allocated
buffer. An attacker could use this issue to crash a victim's browser
and run arbitrary code on their machine (CVE-2010-3772).

Security researcher echo reported that a web page could open a window
with an about:blank location and then inject an \ element
into that page which upon submission would redirect to a chrome:
document. The effect of this defect was that the original page would
wind up with a reference to a chrome-privileged object, the opened
window, which could be leveraged for privilege escalation attacks
(CVE-2010-3771).

Dirk Heinrich reported that on Windows platforms when document.write()
was called with a very long string a buffer overflow was caused in line
breaking routines attempting to process the string for display. Such
cases triggered an invalid read past the end of an array causing a
crash which an attacker could potentially use to run arbitrary code
on a victim's computer (CVE-2010-3769).

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort
at least some of these could be exploited to run arbitrary code
(CVE-2010-3776, CVE-2010-3777).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

Update:

A mistake was done with the MDVSA-2010:251 and the MDVSA-2010:251-1
advisories where the localization files for firefox software was NOT
updated to the 3.6.13 version. The secteam wishes to apologise for
the unfortunate mistake and also wishes everyone a great christmas.

Regards // Santa Claus

Affected: 2010.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:251-2
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.13

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3770
BugTraq ID: 45353
http://www.securityfocus.com/bid/45353
Debian Security Information: DSA-2132 (Google Search)
http://www.debian.org/security/2010/dsa-2132
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:251
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12348
http://www.redhat.com/support/errata/RHSA-2010-0966.html
http://www.securitytracker.com/id?1024851
http://secunia.com/advisories/42716
http://secunia.com/advisories/42818
SuSE Security Announcement: SUSE-SA:2011:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html
http://www.ubuntu.com/usn/USN-1019-1
http://www.vupen.com/english/advisories/2011/0030
Common Vulnerability Exposure (CVE) ID: CVE-2010-3774
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12512
http://www.securitytracker.com/id?1024850
Common Vulnerability Exposure (CVE) ID: CVE-2010-0179
BugTraq ID: 39124
http://www.securityfocus.com/bid/39124
Debian Security Information: DSA-2027 (Google Search)
http://www.debian.org/security/2010/dsa-2027
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6971
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9446
http://www.redhat.com/support/errata/RHSA-2010-0332.html
http://securitytracker.com/id?1023783
http://secunia.com/advisories/3924
http://secunia.com/advisories/39243
http://secunia.com/advisories/39308
http://secunia.com/advisories/39397
SuSE Security Announcement: SUSE-SR:2010:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://ubuntu.com/usn/usn-921-1
http://www.vupen.com/english/advisories/2010/0748
http://www.vupen.com/english/advisories/2010/0764
http://www.vupen.com/english/advisories/2010/0781
http://www.vupen.com/english/advisories/2010/0849
XForce ISS Database: firefox-firebug-code-execution(57394)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57394
Common Vulnerability Exposure (CVE) ID: CVE-2010-3773
BugTraq ID: 45354
http://www.securityfocus.com/bid/45354
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11960
Common Vulnerability Exposure (CVE) ID: CVE-2010-3767
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12610
http://www.redhat.com/support/errata/RHSA-2010-0967.html
http://www.redhat.com/support/errata/RHSA-2010-0968.html
http://www.securitytracker.com/id?1024848
Common Vulnerability Exposure (CVE) ID: CVE-2010-3766
BugTraq ID: 45326
http://www.securityfocus.com/bid/45326
http://www.zerodayinitiative.com/advisories/ZDI-10-264/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12649
Common Vulnerability Exposure (CVE) ID: CVE-2010-3775
BugTraq ID: 45355
http://www.securityfocus.com/bid/45355
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11666
Common Vulnerability Exposure (CVE) ID: CVE-2010-3768
BugTraq ID: 45352
http://www.securityfocus.com/bid/45352
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:258
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12533
http://www.redhat.com/support/errata/RHSA-2010-0969.html
http://www.securitytracker.com/id?1024846
http://www.ubuntu.com/usn/USN-1020-1
Common Vulnerability Exposure (CVE) ID: CVE-2010-3772
BugTraq ID: 45351
http://www.securityfocus.com/bid/45351
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12324
Common Vulnerability Exposure (CVE) ID: CVE-2010-3771
BugTraq ID: 45346
http://www.securityfocus.com/bid/45346
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12343
Common Vulnerability Exposure (CVE) ID: CVE-2010-3769
BugTraq ID: 45345
http://www.securityfocus.com/bid/45345
http://osvdb.org/69771
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12342
Common Vulnerability Exposure (CVE) ID: CVE-2010-3776
BugTraq ID: 45347
http://www.securityfocus.com/bid/45347
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12389
Common Vulnerability Exposure (CVE) ID: CVE-2010-3777
BugTraq ID: 45348
http://www.securityfocus.com/bid/45348
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12468
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.