English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.840114
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-428-2)
Summary:The remote host is missing an update for the 'firefox' package(s) announced via the USN-428-2 advisory.
Description:Summary:
The remote host is missing an update for the 'firefox' package(s) announced via the USN-428-2 advisory.

Vulnerability Insight:
USN-428-1 fixed vulnerabilities in Firefox 1.5. However, changes to
library paths caused applications depending on libnss3 to fail to start
up. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Several flaws have been found that could be used to perform Cross-site
scripting attacks. A malicious web site could exploit these to modify
the contents or steal confidential data (such as passwords) from other
opened web pages. (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800,
CVE-2007-0981, CVE-2007-0995, CVE-2007-0996)

The SSLv2 protocol support in the NSS library did not sufficiently
check the validity of public keys presented with a SSL certificate. A
malicious SSL web site using SSLv2 could potentially exploit this to
execute arbitrary code with the user's privileges. (CVE-2007-0008)

The SSLv2 protocol support in the NSS library did not sufficiently
verify the validity of client master keys presented in an SSL client
certificate. A remote attacker could exploit this to execute arbitrary
code in a server application that uses the NSS library.
(CVE-2007-0009)

Various flaws have been reported that could allow an attacker to
execute arbitrary code with user privileges by tricking the user into
opening a malicious web page. (CVE-2007-0775, CVE-2007-0776,
CVE-2007-0777, CVE-2007-1092)

Two web pages could collide in the disk cache with the result that
depending on order loaded the end of the longer document could be
appended to the shorter when the shorter one was reloaded from the
cache. It is possible a determined hacker could construct a targeted
attack to steal some sensitive data from a particular web page. The
potential victim would have to be already logged into the targeted
service (or be fooled into doing so) and then visit the malicious
site. (CVE-2007-0778)

David Eckel reported that browser UI elements--such as the host name
and security indicators--could be spoofed by using custom cursor
images and a specially crafted style sheet. (CVE-2007-0779)

Affected Software/OS:
'firefox' package(s) on Ubuntu 6.06.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6077
BugTraq ID: 21240
http://www.securityfocus.com/bid/21240
BugTraq ID: 22694
http://www.securityfocus.com/bid/22694
Bugtraq: 20061122 Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452382/100/0/threaded
Bugtraq: 20061123 Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452431/100/0/threaded
Bugtraq: 20061123 Re: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452440/100/0/threaded
Bugtraq: 20061123 Re: Password Flaw also in Firefox 1.5.08. Was: Big Flaw in Firefox 2: Password Manager Bug Exposes Passwords (Google Search)
http://www.securityfocus.com/archive/1/452463/100/0/threaded
Bugtraq: 20061220 critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/454982/100/0/threaded
Bugtraq: 20061221 Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/455073/100/0/threaded
Bugtraq: 20061222 Re[2]: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip (Google Search)
http://www.securityfocus.com/archive/1/455148/100/0/threaded
Bugtraq: 20070226 rPSA-2007-0040-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/461336/100/0/threaded
Bugtraq: 20070303 rPSA-2007-0040-3 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/461809/100/0/threaded
Debian Security Information: DSA-1336 (Google Search)
http://www.debian.org/security/2007/dsa-1336
http://fedoranews.org/cms/node/2713
http://fedoranews.org/cms/node/2728
http://security.gentoo.org/glsa/glsa-200703-04.xml
http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:050
http://www.info-svc.com/news/11-21-2006/
http://www.info-svc.com/news/11-21-2006/rcsr1/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10031
RedHat Security Advisories: RHSA-2007:0077
http://rhn.redhat.com/errata/RHSA-2007-0077.html
http://www.redhat.com/support/errata/RHSA-2007-0078.html
http://www.redhat.com/support/errata/RHSA-2007-0079.html
http://www.redhat.com/support/errata/RHSA-2007-0097.html
http://www.redhat.com/support/errata/RHSA-2007-0108.html
http://securitytracker.com/id?1017271
http://secunia.com/advisories/23046
http://secunia.com/advisories/23108
http://secunia.com/advisories/24205
http://secunia.com/advisories/24238
http://secunia.com/advisories/24287
http://secunia.com/advisories/24290
http://secunia.com/advisories/24293
http://secunia.com/advisories/24320
http://secunia.com/advisories/24328
http://secunia.com/advisories/24333
http://secunia.com/advisories/24342
http://secunia.com/advisories/24343
http://secunia.com/advisories/24384
http://secunia.com/advisories/24393
http://secunia.com/advisories/24395
http://secunia.com/advisories/24437
http://secunia.com/advisories/24457
http://secunia.com/advisories/24650
http://secunia.com/advisories/25588
SGI Security Advisory: 20070202-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc
SGI Security Advisory: 20070301-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
SuSE Security Announcement: SUSE-SA:2007:019 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html
SuSE Security Announcement: SUSE-SA:2007:022 (Google Search)
http://www.novell.com/linux/security/advisories/2007_22_mozilla.html
http://www.ubuntu.com/usn/usn-428-1
http://www.vupen.com/english/advisories/2006/4662
http://www.vupen.com/english/advisories/2007/0718
XForce ISS Database: firefox-passwordmgr-information-disclosure(30470)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30470
Common Vulnerability Exposure (CVE) ID: CVE-2007-0008
1017696
http://www.securitytracker.com/id?1017696
102856
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102856-1
102945
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102945-1
20070202-01-P
20070223 Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482
20070226 rPSA-2007-0040-1 firefox
20070301-01-P
20070303 rPSA-2007-0040-3 firefox thunderbird
22694
24205
24238
24252
http://secunia.com/advisories/24252
24253
http://secunia.com/advisories/24253
24277
http://secunia.com/advisories/24277
24287
24290
24293
24320
24328
24333
24342
24343
24384
24389
http://secunia.com/advisories/24389
24395
24406
http://secunia.com/advisories/24406
24410
http://secunia.com/advisories/24410
24455
http://secunia.com/advisories/24455
24456
http://secunia.com/advisories/24456
24457
24522
http://secunia.com/advisories/24522
24562
http://secunia.com/advisories/24562
24650
24703
http://secunia.com/advisories/24703
25588
25597
http://secunia.com/advisories/25597
32105
http://www.osvdb.org/32105
64758
http://www.securityfocus.com/bid/64758
ADV-2007-0718
ADV-2007-0719
http://www.vupen.com/english/advisories/2007/0719
ADV-2007-1165
http://www.vupen.com/english/advisories/2007/1165
ADV-2007-2141
http://www.vupen.com/english/advisories/2007/2141
DSA-1336
FEDORA-2007-278
http://fedoranews.org/cms/node/2709
FEDORA-2007-279
http://fedoranews.org/cms/node/2711
FEDORA-2007-281
FEDORA-2007-293
FEDORA-2007-308
http://fedoranews.org/cms/node/2747
FEDORA-2007-309
http://fedoranews.org/cms/node/2749
GLSA-200703-18
http://security.gentoo.org/glsa/glsa-200703-18.xml
GLSA-200703-22
http://www.gentoo.org/security/en/glsa/glsa-200703-22.xml
HPSBUX02153
MDKSA-2007:050
MDKSA-2007:052
http://www.mandriva.com/security/advisories?name=MDKSA-2007:052
RHSA-2007:0077
RHSA-2007:0078
RHSA-2007:0079
RHSA-2007:0097
RHSA-2007:0108
SSA:2007-066-03
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.374851
SSA:2007-066-04
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.363947
SSA:2007-066-05
SSRT061181
SUSE-SA:2007:019
SUSE-SA:2007:022
USN-428-1
USN-431-1
http://www.ubuntu.com/usn/usn-431-1
VU#377812
http://www.kb.cert.org/vuls/id/377812
http://www.mozilla.org/security/announce/2007/mfsa2007-06.html
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
https://bugzilla.mozilla.org/show_bug.cgi?id=364319
https://issues.rpath.com/browse/RPL-1081
https://issues.rpath.com/browse/RPL-1103
nss-mastersecret-bo(32666)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32666
oval:org.mitre.oval:def:10502
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10502
Common Vulnerability Exposure (CVE) ID: CVE-2007-0009
20070223 Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483
32106
http://www.osvdb.org/32106
VU#592796
http://www.kb.cert.org/vuls/id/592796
https://bugzilla.mozilla.org/show_bug.cgi?id=364323
nss-clientmasterkey-bo(32663)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32663
oval:org.mitre.oval:def:10174
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10174
Common Vulnerability Exposure (CVE) ID: CVE-2007-0775
1017698
http://www.securitytracker.com/id?1017698
24393
24437
32114
http://www.osvdb.org/32114
ADV-2008-0083
http://www.vupen.com/english/advisories/2008/0083
GLSA-200703-04
GLSA-200703-08
VU#761756
http://www.kb.cert.org/vuls/id/761756
http://www.mozilla.org/security/announce/2007/mfsa2007-01.html
mozilla-multiple-layout-code-execution(32704)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32704
oval:org.mitre.oval:def:10012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10012
Common Vulnerability Exposure (CVE) ID: CVE-2007-0776
CERT/CC vulnerability note: VU#551436
http://www.kb.cert.org/vuls/id/551436
https://bugzilla.mozilla.org/show_bug.cgi?id=360645
http://www.osvdb.org/32113
XForce ISS Database: firefox-strokewidth-bo(32698)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32698
Common Vulnerability Exposure (CVE) ID: CVE-2007-0777
32115
http://www.osvdb.org/32115
VU#269484
http://www.kb.cert.org/vuls/id/269484
mozilla-multiple-javascript-code-execution(32699)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32699
oval:org.mitre.oval:def:11331
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11331
Common Vulnerability Exposure (CVE) ID: CVE-2007-0778
1017699
http://securitytracker.com/id?1017699
32110
http://www.osvdb.org/32110
http://www.mozilla.org/security/announce/2007/mfsa2007-03.html
https://bugzilla.mozilla.org/show_bug.cgi?id=347852
mozilla-diskcache-information-disclosure(32671)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32671
oval:org.mitre.oval:def:9151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9151
Common Vulnerability Exposure (CVE) ID: CVE-2007-0779
1017700
http://www.securitytracker.com/id?1017700
32109
http://osvdb.org/32109
http://www.mozilla.org/security/announce/2007/mfsa2007-04.html
https://bugzilla.mozilla.org/show_bug.cgi?id=361298
oval:org.mitre.oval:def:8757
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8757
Common Vulnerability Exposure (CVE) ID: CVE-2007-0780
1017702
http://www.securitytracker.com/id?1017702
32107
http://www.osvdb.org/32107
http://www.mozilla.org/security/announce/2007/mfsa2007-05.html
https://bugzilla.mozilla.org/show_bug.cgi?id=354973
mozilla-dataurl-xss(32667)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32667
oval:org.mitre.oval:def:9884
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9884
Common Vulnerability Exposure (CVE) ID: CVE-2007-0800
BugTraq ID: 22396
http://www.securityfocus.com/bid/22396
Bugtraq: 20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search)
http://www.securityfocus.com/archive/1/459162/100/0/threaded
Bugtraq: 20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops (Google Search)
http://www.securityfocus.com/archive/1/459163/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html
http://www.osvdb.org/32108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10654
XForce ISS Database: firefox-popup-security-bypass(32194)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32194
Common Vulnerability Exposure (CVE) ID: CVE-2007-0981
BugTraq ID: 22566
http://www.securityfocus.com/bid/22566
Bugtraq: 20070214 Firefox: serious cookie stealing / same-domain bypass vulnerability (Google Search)
http://www.securityfocus.com/archive/1/460126/100/200/threaded
Bugtraq: 20070215 Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability (Google Search)
http://www.securityfocus.com/archive/1/460217/100/0/threaded
CERT/CC vulnerability note: VU#885753
http://www.kb.cert.org/vuls/id/885753
http://lcamtuf.dione.cc/ffhostname.html
http://www.osvdb.org/32104
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9730
http://securitytracker.com/id?1017654
http://secunia.com/advisories/24175
http://securityreason.com/securityalert/2262
http://www.vupen.com/english/advisories/2007/0624
XForce ISS Database: firefox-locationhostname-security-bypass(32533)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32533
Common Vulnerability Exposure (CVE) ID: CVE-2007-0995
32111
http://www.osvdb.org/32111
32112
http://osvdb.org/32112
http://ha.ckers.org/xss.html#XSS_Non_alpha_non_digit2
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
oval:org.mitre.oval:def:10164
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10164
Common Vulnerability Exposure (CVE) ID: CVE-2007-0996
20070223 Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability
http://www.securityfocus.com/archive/1/461076/100/0/threaded
33812
http://osvdb.org/33812
http://www.hardened-php.net/advisory_032007.142.html
oval:org.mitre.oval:def:10086
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10086
Common Vulnerability Exposure (CVE) ID: CVE-2007-1092
BugTraq ID: 22679
http://www.securityfocus.com/bid/22679
Bugtraq: 20070223 Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) (Google Search)
http://www.securityfocus.com/archive/1/461024/100/0/threaded
CERT/CC vulnerability note: VU#393921
http://www.kb.cert.org/vuls/id/393921
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0525.html
http://osvdb.org/32103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11158
http://www.securitytracker.com/id?1017701
http://securityreason.com/securityalert/2302
XForce ISS Database: ie-mozilla-onunload-dos(32647)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32647
XForce ISS Database: mozilla-onunload-code-execution(32648)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32648
CopyrightCopyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.