Test ID:	1.3.6.1.4.1.25623.1.0.831535
Category:	Mandrake Local Security Checks
Title:	Mandriva Update for mozilla MDVSA-2012:013 (mozilla)
Summary:	The remote host is missing an update for the 'mozilla'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'mozilla' package(s) announced via the referenced advisory. Vulnerability Insight: Security issues were identified and fixed in mozilla firefox and thunderbird: Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes (CVE-2011-3659). Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages (CVE-2011-3670). Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: mozilla on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1 Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3659 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14697 SuSE Security Announcement: SUSE-SU-2012:0198 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html SuSE Security Announcement: SUSE-SU-2012:0221 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html SuSE Security Announcement: openSUSE-SU-2012:0234 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2011-3670 Debian Security Information: DSA-2400 (Google Search) http://www.debian.org/security/2012/dsa-2400 Debian Security Information: DSA-2402 (Google Search) http://www.debian.org/security/2012/dsa-2402 Debian Security Information: DSA-2406 (Google Search) http://www.debian.org/security/2012/dsa-2406 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14814 Common Vulnerability Exposure (CVE) ID: CVE-2012-0442 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14678 Common Vulnerability Exposure (CVE) ID: CVE-2012-0443 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14444 Common Vulnerability Exposure (CVE) ID: CVE-2012-0444 BugTraq ID: 51753 http://www.securityfocus.com/bid/51753 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464 http://secunia.com/advisories/48043 http://secunia.com/advisories/48095 http://www.ubuntu.com/usn/USN-1370-1 XForce ISS Database: mozilla-nschildview-code-exec(72858) https://exchange.xforce.ibmcloud.com/vulnerabilities/72858 Common Vulnerability Exposure (CVE) ID: CVE-2012-0445 BugTraq ID: 51765 http://www.securityfocus.com/bid/51765 http://osvdb.org/78735 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14907 http://secunia.com/advisories/49055 XForce ISS Database: mozilla-iframeelement-security-bypass(72835) https://exchange.xforce.ibmcloud.com/vulnerabilities/72835 Common Vulnerability Exposure (CVE) ID: CVE-2012-0446 BugTraq ID: 51752 http://www.securityfocus.com/bid/51752 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14304 XForce ISS Database: mozilla-xpconnect-xss(72837) https://exchange.xforce.ibmcloud.com/vulnerabilities/72837 Common Vulnerability Exposure (CVE) ID: CVE-2012-0447 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14912 XForce ISS Database: mozilla-mimagebuffersize-info-disclosure(72856) https://exchange.xforce.ibmcloud.com/vulnerabilities/72856 Common Vulnerability Exposure (CVE) ID: CVE-2012-0449 BugTraq ID: 51754 http://www.securityfocus.com/bid/51754 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14618 XForce ISS Database: mozilla-xsltstylesheets-code-execution(72868) https://exchange.xforce.ibmcloud.com/vulnerabilities/72868 Common Vulnerability Exposure (CVE) ID: CVE-2012-0450 http://osvdb.org/78741 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14670 XForce ISS Database: mozilla-keyhtml-info-disclosure(72869) https://exchange.xforce.ibmcloud.com/vulnerabilities/72869
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.