English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75096 CVE descriptions
and 39644 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.70609
Category:FreeBSD Local Security Checks
Title:FreeBSD Ports: firefox
Summary:FreeBSD Ports: firefox
Description:The remote host is missing an update to the system
as announced in the referenced advisory.

The following packages are affected:
firefox
libxul
linux-firefox
linux-thunderbird
thunderbird

CVE-2011-3647
The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird
before 3.1.6 does not properly handle XPCNativeWrappers during calls
to the loadSubScript method in an add-on, which makes it easier for
remote attackers to gain privileges via a crafted web site that
leverages certain unwrapping behavior, a related issue to
CVE-2011-3004.

CVE-2011-3648
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before
3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0
through 7.0 allows remote attackers to inject arbitrary web script or
HTML via crafted text with Shift JIS encoding.

CVE-2011-3649
Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D)
API is used on Windows in conjunction with the Azure graphics
back-end, allow remote attackers to bypass the Same Origin Policy, and
obtain sensitive image data from a different domain, by inserting this
data into a canvas. NOTE: this issue exists because of a CVE-2011-2986
regression.

CVE-2011-3650
Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird
before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript
files that contain many functions, which allows user-assisted remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly have unspecified other impact via a
crafted file that is accessed by debugging APIs, as demonstrated by
Firebug.

CVE-2011-3651
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors.

CVE-2011-3652
The browser engine in Mozilla Firefox before 8.0 and Thunderbird
before 8.0 does not properly allocate memory, which allows remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unspecified
vectors.

CVE-2011-3653
Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do
not properly interact with the GPU memory behavior of a certain driver
for Intel integrated GPUs, which allows remote attackers to bypass the
Same Origin Policy and read image data via vectors related to WebGL
textures.

CVE-2011-3654
The browser engine in Mozilla Firefox before 8.0 and Thunderbird
before 8.0 does not properly handle links from SVG mpath elements to
non-SVG elements, which allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unspecified vectors.

CVE-2011-3655
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0
perform access control without checking for use of the NoWaiverWrapper
wrapper, which allows remote attackers to gain privileges via a
crafted web site.

Solution:
Update your system with the appropriate patches or
software upgrades.

http://www.mozilla.org/security/announce/2011/mfsa2011-46.html
http://www.mozilla.org/security/announce/2011/mfsa2011-47.html
http://www.mozilla.org/security/announce/2011/mfsa2011-48.html
http://www.mozilla.org/security/announce/2011/mfsa2011-49.html
http://www.mozilla.org/security/announce/2011/mfsa2011-50.html
http://www.mozilla.org/security/announce/2011/mfsa2011-51.html
http://www.mozilla.org/security/announce/2011/mfsa2011-52.html
http://www.vuxml.org/freebsd/6c8ad3e8-0a30-11e1-9580-4061862b8c22.html

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-3647
http://www.redhat.com/support/errata/RHSA-2011-1439.html
SuSE Security Announcement: SUSE-SU-2011:1256 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13550
Common Vulnerability Exposure (CVE) ID: CVE-2011-3648
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14212
Common Vulnerability Exposure (CVE) ID: CVE-2011-3649
BugTraq ID: 50591
http://www.securityfocus.com/bid/50591
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14025
Common Vulnerability Exposure (CVE) ID: CVE-2011-3650
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13870
Common Vulnerability Exposure (CVE) ID: CVE-2011-3651
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14364
http://secunia.com/advisories/49055
Common Vulnerability Exposure (CVE) ID: CVE-2011-3652
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14239
Common Vulnerability Exposure (CVE) ID: CVE-2011-3653
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13347
Common Vulnerability Exposure (CVE) ID: CVE-2011-3654
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13830
Common Vulnerability Exposure (CVE) ID: CVE-2011-3655
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14202
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 39644 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.