English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.840062
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-546-2)
Summary:The remote host is missing an update for the 'firefox' package(s) announced via the USN-546-2 advisory.
Description:Summary:
The remote host is missing an update for the 'firefox' package(s) announced via the USN-546-2 advisory.

Vulnerability Insight:
USN-546-1 fixed vulnerabilities in Firefox. The upstream update included
a faulty patch which caused the drawImage method of the canvas element to
fail. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Firefox incorrectly associated redirected sites
as the origin of 'jar:' contents. A malicious web site could exploit this
to modify or steal confidential data (such as passwords) from other web
sites. (CVE-2007-5947)

Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-5959)

Gregory Fleischer discovered that it was possible to use JavaScript to
manipulate Firefox's Referer header. A malicious web site could exploit
this to conduct cross-site request forgeries against sites that relied
only on Referer headers for protection from such attacks. (CVE-2007-5960)

Affected Software/OS:
'firefox' package(s) on Ubuntu 6.10, Ubuntu 7.04, Ubuntu 7.10.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5947
BugTraq ID: 26385
http://www.securityfocus.com/bid/26385
Bugtraq: 20080212 FLEA-2008-0001-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/488002/100/0/threaded
Bugtraq: 20080229 rPSA-2008-0093-1 thunderbird (Google Search)
http://www.securityfocus.com/archive/1/488971/100/0/threaded
CERT/CC vulnerability note: VU#715737
http://www.kb.cert.org/vuls/id/715737
Debian Security Information: DSA-1424 (Google Search)
http://www.debian.org/security/2007/dsa-1424
Debian Security Information: DSA-1425 (Google Search)
http://www.debian.org/security/2007/dsa-1425
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg01011.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00168.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00135.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00115.html
http://security.gentoo.org/glsa/glsa-200712-21.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:246
http://bugs.gentoo.org/show_bug.cgi?id=198965
http://bugs.gentoo.org/show_bug.cgi?id=200909
http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9873
http://www.redhat.com/support/errata/RHSA-2007-1082.html
http://www.redhat.com/support/errata/RHSA-2007-1083.html
http://www.redhat.com/support/errata/RHSA-2007-1084.html
http://www.securitytracker.com/id?1018928
http://secunia.com/advisories/27605
http://secunia.com/advisories/27793
http://secunia.com/advisories/27796
http://secunia.com/advisories/27797
http://secunia.com/advisories/27800
http://secunia.com/advisories/27816
http://secunia.com/advisories/27838
http://secunia.com/advisories/27845
http://secunia.com/advisories/27855
http://secunia.com/advisories/27944
http://secunia.com/advisories/27955
http://secunia.com/advisories/27957
http://secunia.com/advisories/27979
http://secunia.com/advisories/28001
http://secunia.com/advisories/28016
http://secunia.com/advisories/28171
http://secunia.com/advisories/28277
http://secunia.com/advisories/28398
http://secunia.com/advisories/29164
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374833
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.365006
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018977.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231441-1
SuSE Security Announcement: SUSE-SA:2007:066 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html
https://usn.ubuntu.com/546-1/
http://www.ubuntu.com/usn/usn-546-2
http://www.vupen.com/english/advisories/2007/3818
http://www.vupen.com/english/advisories/2007/4002
http://www.vupen.com/english/advisories/2007/4018
http://www.vupen.com/english/advisories/2008/0083
http://www.vupen.com/english/advisories/2008/0643
XForce ISS Database: firefox-jar-uri-xss(38356)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38356
Common Vulnerability Exposure (CVE) ID: CVE-2007-5959
1018977
1018994
http://securitytracker.com/id?1018994
20080212 FLEA-2008-0001-1 firefox
20080229 rPSA-2008-0093-1 thunderbird
231441
26593
http://www.securityfocus.com/bid/26593
27725
http://secunia.com/advisories/27725
27793
27796
27797
27800
27816
27838
27845
27855
27944
27955
27957
27979
28001
28016
28171
28277
28398
29164
ADV-2007-4002
ADV-2007-4018
ADV-2008-0083
ADV-2008-0643
DSA-1424
DSA-1425
FEDORA-2007-3952
FEDORA-2007-4098
FEDORA-2007-4106
FEDORA-2007-756
GLSA-200712-21
HPSBUX02153
MDKSA-2007:246
RHSA-2007:1082
RHSA-2007:1083
RHSA-2007:1084
SSA:2007-331-01
SSA:2007-333-01
SSRT061181
SUSE-SA:2007:066
USN-546-1
USN-546-2
http://browser.netscape.com/releasenotes/
http://wiki.rpath.com/Advisories:rPSA-2008-0093
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093
http://www.mozilla.org/security/announce/2007/mfsa2007-38.html
https://issues.rpath.com/browse/RPL-1984
https://issues.rpath.com/browse/RPL-1995
mozilla-multiple-memcorrupt-code-execution(38643)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38643
oval:org.mitre.oval:def:11014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11014
Common Vulnerability Exposure (CVE) ID: CVE-2007-5960
1018995
http://securitytracker.com/id?1018995
26589
http://www.securityfocus.com/bid/26589
http://www.mozilla.org/security/announce/2007/mfsa2007-39.html
mozilla-http-referer-spoofing(38644)
https://exchange.xforce.ibmcloud.com/vulnerabilities/38644
oval:org.mitre.oval:def:9794
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9794
CopyrightCopyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.