English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.831344
Category:Mandrake Local Security Checks
Title:Mandriva Update for firefox MDVSA-2011:041 (firefox)
Summary:The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'firefox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox
before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12,
allows remote attackers to hijack the authentication of arbitrary
users for requests that were initiated by a plugin and received a
307 redirect to a page on a different web site. (CVE-2011-0059)

Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird
before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers
to execute arbitrary code or cause a denial of service (application
crash) via a crafted JPEG image. (CVE-2011-0061)

The nsIScriptableUnescapeHTML.parseFragment method in the
ParanoidFragmentSink protection mechanism in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey
before 2.0.12 does not properly sanitize HTML in a chrome document,
which makes it easier for remote attackers to execute arbitrary
JavaScript with chrome privileges via a javascript: URI in input to
an extension, as demonstrated by a javascript:alert sequence in (1)
the HREF attribute of an A element or (2) the ACTION attribute of a
FORM element. (CVE-2010-1585)

Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before
3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote
attackers to execute arbitrary code or cause a denial of service
(memory corruption) via a long string that triggers construction of
a long text run. (CVE-2011-0058)

Use-after-free vulnerability in the Web Workers implementation
in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14,
and SeaMonkey before 2.0.12, allows remote attackers to execute
arbitrary code via vectors related to a JavaScript Worker and garbage
collection. (CVE-2011-0057)

Buffer overflow in the JavaScript engine in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might
allow remote attackers to execute arbitrary code via vectors involving
exception timing and a large number of string values, aka an atom
map issue. (CVE-2011-0056)

Buffer overflow in the JavaScript engine in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might
allow remote attackers to execute arbitrary code via vectors involving
non-local JavaScript variables, aka an upvarMap issue. (CVE-2011-0054)

Use-after-free v ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
firefox on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-0059
BugTraq ID: 46652
http://www.securityfocus.com/bid/46652
http://www.mandriva.com/security/advisories?name=MDVSA-2011:041
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14473
http://www.redhat.com/support/errata/RHSA-2011-0313.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-0061
BugTraq ID: 46651
http://www.securityfocus.com/bid/46651
http://www.mandriva.com/security/advisories?name=MDVSA-2011:042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14486
Common Vulnerability Exposure (CVE) ID: CVE-2010-1585
Bugtraq: 20100421 Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox & Exploiting Cross Context Scripting vulnerabilities in Firefox (Google Search)
http://www.securityfocus.com/archive/1/510883/100/0/threaded
http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12532
Common Vulnerability Exposure (CVE) ID: CVE-2011-0058
BugTraq ID: 46660
http://www.securityfocus.com/bid/46660
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14254
Common Vulnerability Exposure (CVE) ID: CVE-2011-0057
BugTraq ID: 46663
http://www.securityfocus.com/bid/46663
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14200
Common Vulnerability Exposure (CVE) ID: CVE-2011-0056
BugTraq ID: 46650
http://www.securityfocus.com/bid/46650
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14013
Common Vulnerability Exposure (CVE) ID: CVE-2011-0054
BugTraq ID: 46648
http://www.securityfocus.com/bid/46648
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14018
Common Vulnerability Exposure (CVE) ID: CVE-2011-0055
BugTraq ID: 46661
http://www.securityfocus.com/bid/46661
Bugtraq: 20110302 ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/516802
http://www.zerodayinitiative.com/advisories/ZDI-11-103/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14476
Common Vulnerability Exposure (CVE) ID: CVE-2011-0051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211
http://www.redhat.com/support/errata/RHSA-2011-0312.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-0062
BugTraq ID: 46647
http://www.securityfocus.com/bid/46647
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14409
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.