Test ID:	1.3.6.1.4.1.25623.1.0.840162
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-398-2)
Summary:	The remote host is missing an update for the 'firefox' package(s) announced via the USN-398-2 advisory.
Description:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the USN-398-2 advisory. Vulnerability Insight: USN-398-1 fixed vulnerabilities in Firefox 2.0. This update provides the corresponding updates for Firefox 1.5. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG. (CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6504) Various flaws have been reported that allow an attacker to bypass Firefox's internal XSS protections by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-6503) Affected Software/OS: 'firefox' package(s) on Ubuntu 5.10, Ubuntu 6.06. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-6497 1017398 http://securitytracker.com/id?1017398 1017405 http://securitytracker.com/id?1017405 1017406 http://securitytracker.com/id?1017406 102885 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102885-1 20061202-01-P ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc 20061222 rPSA-2006-0234-1 firefox http://www.securityfocus.com/archive/1/455145/100/0/threaded 20070102 rPSA-2006-0234-2 firefox thunderbird http://www.securityfocus.com/archive/1/455728/100/200/threaded 21668 http://www.securityfocus.com/bid/21668 23282 http://secunia.com/advisories/23282 23420 http://secunia.com/advisories/23420 23422 http://secunia.com/advisories/23422 23433 http://secunia.com/advisories/23433 23439 http://secunia.com/advisories/23439 23440 http://secunia.com/advisories/23440 23468 http://secunia.com/advisories/23468 23514 http://secunia.com/advisories/23514 23545 http://secunia.com/advisories/23545 23589 http://secunia.com/advisories/23589 23591 http://secunia.com/advisories/23591 23598 http://secunia.com/advisories/23598 23601 http://secunia.com/advisories/23601 23614 http://secunia.com/advisories/23614 23618 http://secunia.com/advisories/23618 23672 http://secunia.com/advisories/23672 23692 http://secunia.com/advisories/23692 23988 http://secunia.com/advisories/23988 24078 http://secunia.com/advisories/24078 24390 http://secunia.com/advisories/24390 24948 http://secunia.com/advisories/24948 ADV-2006-5068 http://www.vupen.com/english/advisories/2006/5068 ADV-2007-1463 http://www.vupen.com/english/advisories/2007/1463 ADV-2008-0083 http://www.vupen.com/english/advisories/2008/0083 DSA-1253 http://www.debian.org/security/2007/dsa-1253 DSA-1258 http://www.debian.org/security/2007/dsa-1258 DSA-1265 http://www.debian.org/security/2007/dsa-1265 FEDORA-2006-1491 http://fedoranews.org/cms/node/2297 FEDORA-2007-004 http://fedoranews.org/cms/node/2338 GLSA-200701-02 http://security.gentoo.org/glsa/glsa-200701-02.xml GLSA-200701-03 http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml GLSA-200701-04 http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml HPSBUX02153 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 MDKSA-2007:010 http://www.mandriva.com/security/advisories?name=MDKSA-2007:010 MDKSA-2007:011 http://www.mandriva.com/security/advisories?name=MDKSA-2007:011 RHSA-2006:0758 http://rhn.redhat.com/errata/RHSA-2006-0758.html RHSA-2006:0759 http://rhn.redhat.com/errata/RHSA-2006-0759.html RHSA-2006:0760 http://rhn.redhat.com/errata/RHSA-2006-0760.html SSRT061181 SUSE-SA:2006:080 http://www.novell.com/linux/security/advisories/2006_80_mozilla.html SUSE-SA:2007:006 http://www.novell.com/linux/security/advisories/2007_06_mozilla.html TA06-354A http://www.us-cert.gov/cas/techalerts/TA06-354A.html USN-398-1 http://www.ubuntu.com/usn/usn-398-1 USN-398-2 http://www.ubuntu.com/usn/usn-398-2 USN-400-1 http://www.ubuntu.com/usn/usn-400-1 VU#427972 http://www.kb.cert.org/vuls/id/427972 VU#606260 http://www.kb.cert.org/vuls/id/606260 http://www.mozilla.org/security/announce/2006/mfsa2006-68.html https://issues.rpath.com/browse/RPL-883 oval:org.mitre.oval:def:11691 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11691 Common Vulnerability Exposure (CVE) ID: CVE-2006-6498 102955 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1 25556 http://secunia.com/advisories/25556 ADV-2007-2106 http://www.vupen.com/english/advisories/2007/2106 VU#447772 http://www.kb.cert.org/vuls/id/447772 oval:org.mitre.oval:def:10661 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661 Common Vulnerability Exposure (CVE) ID: CVE-2006-6499 BugTraq ID: 21668 Cert/CC Advisory: TA06-354A CERT/CC vulnerability note: VU#427972 Debian Security Information: DSA-1253 (Google Search) Debian Security Information: DSA-1258 (Google Search) Debian Security Information: DSA-1265 (Google Search) HPdes Security Advisory: HPSBUX02153 HPdes Security Advisory: SSRT061181 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1 SuSE Security Announcement: SUSE-SA:2006:080 (Google Search) SuSE Security Announcement: SUSE-SA:2007:006 (Google Search) http://www.vupen.com/english/advisories/2007/1124 Common Vulnerability Exposure (CVE) ID: CVE-2006-6501 1017403 http://securitytracker.com/id?1017403 1017404 http://securitytracker.com/id?1017404 1017407 http://securitytracker.com/id?1017407 VU#263412 http://www.kb.cert.org/vuls/id/263412 http://www.mozilla.org/security/announce/2006/mfsa2006-70.html oval:org.mitre.oval:def:9746 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9746 Common Vulnerability Exposure (CVE) ID: CVE-2006-6502 1017411 http://securitytracker.com/id?1017411 1017412 http://securitytracker.com/id?1017412 1017413 http://securitytracker.com/id?1017413 VU#428500 http://www.kb.cert.org/vuls/id/428500 http://www.mozilla.org/security/announce/2006/mfsa2006-71.html oval:org.mitre.oval:def:9626 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9626 Common Vulnerability Exposure (CVE) ID: CVE-2006-6503 1017414 http://securitytracker.com/id?1017414 1017415 http://securitytracker.com/id?1017415 1017416 http://securitytracker.com/id?1017416 VU#405092 http://www.kb.cert.org/vuls/id/405092 http://www.mozilla.org/security/announce/2006/mfsa2006-72.html oval:org.mitre.oval:def:10895 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10895 Common Vulnerability Exposure (CVE) ID: CVE-2006-6504 1017417 http://securitytracker.com/id?1017417 1017418 http://securitytracker.com/id?1017418 20061220 ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability http://www.securityfocus.com/archive/1/454939/100/0/threaded VU#928956 http://www.kb.cert.org/vuls/id/928956 http://www.mozilla.org/security/announce/2006/mfsa2006-73.html http://www.zerodayinitiative.com/advisories/ZDI-06-051.html oval:org.mitre.oval:def:11077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.