English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.840285
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-592-1)
Summary:The remote host is missing an update for the 'firefox' package(s) announced via the USN-592-1 advisory.
Description:Summary:
The remote host is missing an update for the 'firefox' package(s) announced via the USN-592-1 advisory.

Vulnerability Insight:
Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws
in Firefox's character encoding handling. If a user were tricked into
opening a malicious web page, an attacker could perform cross-site
scripting attacks. (CVE-2008-0416)

Various flaws were discovered in the JavaScript engine. By tricking
a user into opening a malicious web page, an attacker could escalate
privileges within the browser, perform cross-site scripting attacks
and/or execute arbitrary code with the user's privileges.
(CVE-2008-1233, CVE-2008-1234, CVE-2008-1235)

Several problems were discovered in Firefox which could lead to crashes
and memory corruption. If a user were tricked into opening a malicious
web page, an attacker may be able to execute arbitrary code with the
user's privileges. (CVE-2008-1236, CVE-2008-1237)

Gregory Fleischer discovered Firefox did not properly process HTTP
Referrer headers when they were sent with requests to URLs
containing Basic Authentication credentials with empty usernames. An
attacker could exploit this vulnerability to perform cross-site request
forgery attacks. (CVE-2008-1238)

Peter Brodersen and Alexander Klink reported that default the setting in
Firefox for SSL Client Authentication allowed for users to be tracked
via their client certificate. The default has been changed to prompt
the user each time a website requests a client certificate.
(CVE-2007-4879)

Gregory Fleischer discovered that web content fetched via the jar
protocol could use Java LiveConnect to connect to arbitrary ports on
the user's machine due to improper parsing in the Java plugin. If a
user were tricked into opening malicious web content, an attacker may be
able to access services running on the user's machine. (CVE-2008-1195,
CVE-2008-1240)

Chris Thomas discovered that Firefox would allow an XUL popup from an
unselected tab to display in front of the selected tab. An attacker
could exploit this behavior to spoof a login prompt and steal the user's
credentials. (CVE-2008-1241)

Affected Software/OS:
'firefox' package(s) on Ubuntu 6.06, Ubuntu 6.10, Ubuntu 7.04, Ubuntu 7.10.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-4879
BugTraq ID: 28448
http://www.securityfocus.com/bid/28448
Bugtraq: 20080327 rPSA-2008-0128-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/490196/100/0/threaded
Cert/CC Advisory: TA08-087A
http://www.us-cert.gov/cas/techalerts/TA08-087A.html
Debian Security Information: DSA-1532 (Google Search)
http://www.debian.org/security/2008/dsa-1532
Debian Security Information: DSA-1534 (Google Search)
http://www.debian.org/security/2008/dsa-1534
Debian Security Information: DSA-1535 (Google Search)
http://www.debian.org/security/2008/dsa-1535
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:080
http://0x90.eu/ff_tls_poc.html
http://www.securitytracker.com/id?1019704
http://secunia.com/advisories/29526
http://secunia.com/advisories/29539
http://secunia.com/advisories/29541
http://secunia.com/advisories/29547
http://secunia.com/advisories/29558
http://secunia.com/advisories/29560
http://secunia.com/advisories/29616
http://secunia.com/advisories/29645
http://secunia.com/advisories/30327
http://secunia.com/advisories/30620
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
SuSE Security Announcement: SUSE-SA:2008:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html
http://www.ubuntu.com/usn/usn-592-1
http://www.vupen.com/english/advisories/2008/0998/references
http://www.vupen.com/english/advisories/2008/1793/references
Common Vulnerability Exposure (CVE) ID: CVE-2008-0416
238492
239546
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
28839
http://secunia.com/advisories/28839
28864
http://secunia.com/advisories/28864
28865
http://secunia.com/advisories/28865
28879
http://secunia.com/advisories/28879
29303
http://www.securityfocus.com/bid/29303
29541
30327
30620
31043
http://secunia.com/advisories/31043
ADV-2008-1793
ADV-2008-2091
http://www.vupen.com/english/advisories/2008/2091/references
DSA-1484
http://www.debian.org/security/2008/dsa-1484
DSA-1485
http://www.debian.org/security/2008/dsa-1485
DSA-1489
http://www.debian.org/security/2008/dsa-1489
GLSA-200805-18
JVN#21563357
http://jvn.jp/en/jp/JVN21563357/index.html
JVNDB-2008-000021
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html
TA08-087A
TLSA-2008-9
http://www.turbolinux.com/security/2008/TLSA-2008-9.txt
USN-576-1
https://usn.ubuntu.com/576-1/
USN-592-1
firefox-character-encoding-xss(40488)
https://exchange.xforce.ibmcloud.com/vulnerabilities/40488
http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161
Common Vulnerability Exposure (CVE) ID: CVE-2008-1195
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
Cert/CC Advisory: TA08-066A
http://www.us-cert.gov/cas/techalerts/TA08-066A.html
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9486
http://www.redhat.com/support/errata/RHSA-2008-0186.html
http://www.redhat.com/support/errata/RHSA-2008-0210.html
http://www.redhat.com/support/errata/RHSA-2008-0267.html
http://www.securitytracker.com/id?1019553
http://secunia.com/advisories/29239
http://secunia.com/advisories/29273
http://secunia.com/advisories/29498
http://secunia.com/advisories/29582
http://secunia.com/advisories/29858
http://secunia.com/advisories/29897
http://secunia.com/advisories/30676
http://secunia.com/advisories/30780
http://secunia.com/advisories/31497
http://secunia.com/advisories/32018
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233326-1
SuSE Security Announcement: SUSE-SA:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html
SuSE Security Announcement: SUSE-SA:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
http://www.vupen.com/english/advisories/2008/0770/references
http://www.vupen.com/english/advisories/2008/1856/references
XForce ISS Database: sun-jre-javascript-unauthorized-access(41030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41030
Common Vulnerability Exposure (CVE) ID: CVE-2008-1233
CERT/CC vulnerability note: VU#466521
http://www.kb.cert.org/vuls/id/466521
Debian Security Information: DSA-1574 (Google Search)
http://www.debian.org/security/2008/dsa-1574
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11078
http://www.redhat.com/support/errata/RHSA-2008-0207.html
RedHat Security Advisories: RHSA-2008:0208
http://rhn.redhat.com/errata/RHSA-2008-0208.html
http://www.redhat.com/support/errata/RHSA-2008-0209.html
http://www.securitytracker.com/id?1019694
http://secunia.com/advisories/29391
http://secunia.com/advisories/29548
http://secunia.com/advisories/29550
http://secunia.com/advisories/29607
http://secunia.com/advisories/30016
http://secunia.com/advisories/30094
http://secunia.com/advisories/30105
http://secunia.com/advisories/30192
http://secunia.com/advisories/30370
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313
http://www.ubuntu.com/usn/usn-605-1
http://www.vupen.com/english/advisories/2008/0999/references
XForce ISS Database: mozilla-settimeout-code-execution(41443)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41443
Common Vulnerability Exposure (CVE) ID: CVE-2008-1234
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9551
XForce ISS Database: firefox-eventhandlers-xss(41455)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41455
Common Vulnerability Exposure (CVE) ID: CVE-2008-1235
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10980
XForce ISS Database: mozilla-principal-code-execution(41457)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41457
Common Vulnerability Exposure (CVE) ID: CVE-2008-1236
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11788
http://www.securitytracker.com/id?1019695
XForce ISS Database: mozilla-layoutengine-code-execution(41445)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41445
Common Vulnerability Exposure (CVE) ID: CVE-2008-1237
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9651
SuSE Security Announcement: SUSE-SR:2008:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
XForce ISS Database: firefox-javascript-engine-code-execution(41446)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41446
Common Vulnerability Exposure (CVE) ID: CVE-2008-1238
1019703
http://www.securitytracker.com/id?1019703
20080327 rPSA-2008-0128-1 firefox
28448
29391
29526
29539
29547
29550
29558
29560
29607
29616
29645
ADV-2008-0998
DSA-1532
DSA-1534
DSA-1535
MDVSA-2008:080
RHSA-2008:0207
RHSA-2008:0208
RHSA-2008:0209
SUSE-SA:2008:019
http://sla.ckers.org/forum/read.php?10%2C20033
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128
http://www.mozilla.org/security/announce/2008/mfsa2008-16.html
mozilla-http-referrer-spoofing(41449)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41449
oval:org.mitre.oval:def:9889
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9889
Common Vulnerability Exposure (CVE) ID: CVE-2008-1240
XForce ISS Database: mozilla-liveconnect-unauthorized-access(41458)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41458
Common Vulnerability Exposure (CVE) ID: CVE-2008-1241
1019700
http://www.securitytracker.com/id?1019700
firefox-xul-popup-spoofing(41454)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41454
http://www.mozilla.org/security/announce/2008/mfsa2008-19.html
oval:org.mitre.oval:def:11163
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163
CopyrightCopyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.