English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.840464
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-930-4)
Summary:The remote host is missing an update for the 'firefox-3.0, firefox-3.5, xulrunner-1.9.2' package(s) announced via the USN-930-4 advisory.
Description:Summary:
The remote host is missing an update for the 'firefox-3.0, firefox-3.5, xulrunner-1.9.2' package(s) announced via the USN-930-4 advisory.

Vulnerability Insight:
USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update
provides the corresponding updates for Ubuntu 9.04 and 9.10, along with
additional updates affecting Firefox 3.6.6.

Several flaws were discovered in the browser engine of Firefox. If a user
were tricked into viewing a malicious site, a remote attacker could use
this to crash the browser or possibly run arbitrary code as the user
invoking the program. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211,
CVE-2010-1212)

An integer overflow was discovered in how Firefox processed plugin
parameters. An attacker could exploit this to crash the browser or possibly
run arbitrary code as the user invoking the program. (CVE-2010-1214)

A flaw was discovered in the Firefox JavaScript engine. If a user were
tricked into viewing a malicious site, a remote attacker code execute
arbitrary JavaScript with chrome privileges. (CVE-2010-1215)

An integer overflow was discovered in how Firefox processed CSS values. An
attacker could exploit this to crash the browser or possibly run arbitrary
code as the user invoking the program. (CVE-2010-2752)

An integer overflow was discovered in how Firefox interpreted the XUL
element. If a user were tricked into viewing a malicious site, a
remote attacker could use this to crash the browser or possibly run
arbitrary code as the user invoking the program. (CVE-2010-2753)

Aki Helin discovered that libpng did not properly handle certain malformed
PNG images. If a user were tricked into opening a crafted PNG file, an
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2010-1205)

Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin
check in Firefox could be bypassed by utilizing the importScripts Web
Worker method. If a user were tricked into viewing a malicious website, an
attacker could exploit this to read data from other domains.
(CVE-2010-1213, CVE-2010-1207)

O. Andersen that Firefox did not properly map undefined positions within
certain 8 bit encodings. An attacker could utilize this to perform
cross-site scripting attacks. (CVE-2010-1210)

Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no
content) code. An attacker could exploit this to spoof the location bar,
such as in a phishing attack. (CVE-2010-1206)

Jordi Chancel discovered that Firefox did not properly handle when a server
responds to an HTTPS request with plaintext and then processes JavaScript
history events. An attacker could exploit this to spoof the location bar,
such as in a phishing attack. (CVE-2010-2751)

Chris Evans discovered that Firefox did not properly process improper CSS
selectors. If a user were tricked into viewing a malicious website, an
attacker could exploit this to read data from other domains.
(CVE-2010-0654)

Soroush Dalili discovered that Firefox did not properly ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'firefox-3.0, firefox-3.5, xulrunner-1.9.2' package(s) on Ubuntu 9.04, Ubuntu 9.10.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-5913
BugTraq ID: 33276
http://www.securityfocus.com/bid/33276
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:125
http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161
http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html
http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11139
http://www.redhat.com/support/errata/RHSA-2010-0500.html
http://www.redhat.com/support/errata/RHSA-2010-0501.html
http://secunia.com/advisories/40326
http://secunia.com/advisories/40401
http://secunia.com/advisories/40481
SuSE Security Announcement: SUSE-SA:2010:030 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html
http://ubuntu.com/usn/usn-930-1
http://www.ubuntu.com/usn/usn-930-2
http://www.vupen.com/english/advisories/2010/1551
http://www.vupen.com/english/advisories/2010/1557
http://www.vupen.com/english/advisories/2010/1592
http://www.vupen.com/english/advisories/2010/1640
http://www.vupen.com/english/advisories/2010/1773
Common Vulnerability Exposure (CVE) ID: CVE-2010-0654
http://code.google.com/p/chromium/issues/detail?id=9877
http://scarybeastsecurity.blogspot.com/2009/12/generic-cross-browser-cross-domain.html
http://websec.sv.cmu.edu/css/css.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11811
Common Vulnerability Exposure (CVE) ID: CVE-2010-1121
http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010
http://news.cnet.com/8301-27080_3-20001126-245.html
http://twitter.com/thezdi/statuses/11005277222
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10924
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6844
http://www.securitytracker.com/id?1023817
http://secunia.com/advisories/40323
Common Vulnerability Exposure (CVE) ID: CVE-2010-1125
Bugtraq: 20100313 ...because you can't get enough of clickjacking (Google Search)
http://www.securityfocus.com/archive/1/510070/100/0/threaded
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10386
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13962
http://www.securitytracker.com/id?1024138
Common Vulnerability Exposure (CVE) ID: CVE-2010-1196
BugTraq ID: 41050
http://www.securityfocus.com/bid/41050
BugTraq ID: 41087
http://www.securityfocus.com/bid/41087
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11424
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14017
http://www.securitytracker.com/id?1024139
XForce ISS Database: firefox-nsgenericdomdatanode-bo(59665)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59665
Common Vulnerability Exposure (CVE) ID: CVE-2010-1197
BugTraq ID: 41103
http://www.securityfocus.com/bid/41103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10168
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14186
http://www.redhat.com/support/errata/RHSA-2010-0499.html
http://www.vupen.com/english/advisories/2010/1556
XForce ISS Database: firefox-contentdisposition-security-bypass(59667)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59667
Common Vulnerability Exposure (CVE) ID: CVE-2010-1198
BugTraq ID: 41102
http://www.securityfocus.com/bid/41102
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10990
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14176
XForce ISS Database: firefox-plugin-instances-code-exec(59664)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59664
Common Vulnerability Exposure (CVE) ID: CVE-2010-1199
BugTraq ID: 41082
http://www.securityfocus.com/bid/41082
Bugtraq: 20100623 ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511972/100/0/threaded
http://www.exploit-db.com/exploits/14949
http://www.zerodayinitiative.com/advisories/ZDI-10-113
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10885
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13287
XForce ISS Database: firefox-xslt-node-code-execution(59666)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59666
Common Vulnerability Exposure (CVE) ID: CVE-2010-1200
BugTraq ID: 41090
http://www.securityfocus.com/bid/41090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10816
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14326
XForce ISS Database: firefox-seamonkey-browser-code-exec(59659)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59659
Common Vulnerability Exposure (CVE) ID: CVE-2010-1201
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12671
Common Vulnerability Exposure (CVE) ID: CVE-2010-1202
BugTraq ID: 41094
http://www.securityfocus.com/bid/41094
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10889
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14308
XForce ISS Database: firefox-javascript-ce(59661)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59661
Common Vulnerability Exposure (CVE) ID: CVE-2010-1203
BugTraq ID: 41099
http://www.securityfocus.com/bid/41099
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10401
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8317
XForce ISS Database: mozilla-firefox-javascript-ce(59662)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59662
Common Vulnerability Exposure (CVE) ID: CVE-2010-1205
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
BugTraq ID: 41174
http://www.securityfocus.com/bid/41174
Debian Security Information: DSA-2072 (Google Search)
http://www.debian.org/security/2010/dsa-2072
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:133
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851
http://secunia.com/advisories/40302
http://secunia.com/advisories/40336
http://secunia.com/advisories/40472
http://secunia.com/advisories/40547
http://secunia.com/advisories/41574
http://secunia.com/advisories/42314
http://secunia.com/advisories/42317
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://www.ubuntu.com/usn/USN-960-1
http://www.vupen.com/english/advisories/2010/1612
http://www.vupen.com/english/advisories/2010/1637
http://www.vupen.com/english/advisories/2010/1755
http://www.vupen.com/english/advisories/2010/1837
http://www.vupen.com/english/advisories/2010/1846
http://www.vupen.com/english/advisories/2010/1877
http://www.vupen.com/english/advisories/2010/2491
http://www.vupen.com/english/advisories/2010/3045
http://www.vupen.com/english/advisories/2010/3046
XForce ISS Database: libpng-rowdata-bo(59815)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59815
Common Vulnerability Exposure (CVE) ID: CVE-2010-1206
http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8248
http://secunia.com/advisories/40283
Common Vulnerability Exposure (CVE) ID: CVE-2010-1207
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11887
Common Vulnerability Exposure (CVE) ID: CVE-2010-1208
BugTraq ID: 41849
http://www.securityfocus.com/bid/41849
Bugtraq: 20100721 ZDI-10-134: Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512515
http://www.zerodayinitiative.com/advisories/ZDI-10-134/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740
Common Vulnerability Exposure (CVE) ID: CVE-2010-1209
BugTraq ID: 41845
http://www.securityfocus.com/bid/41845
Bugtraq: 20100721 ZDI-10-130: Mozilla Firefox NodeIterator Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512511
http://www.zerodayinitiative.com/advisories/ZDI-10-130/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11055
Common Vulnerability Exposure (CVE) ID: CVE-2010-1210
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11863
Common Vulnerability Exposure (CVE) ID: CVE-2010-1211
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11552
Common Vulnerability Exposure (CVE) ID: CVE-2010-1212
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11771
Common Vulnerability Exposure (CVE) ID: CVE-2010-1213
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11835
Common Vulnerability Exposure (CVE) ID: CVE-2010-1214
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685
Common Vulnerability Exposure (CVE) ID: CVE-2010-1215
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11527
Common Vulnerability Exposure (CVE) ID: CVE-2010-2751
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11688
Common Vulnerability Exposure (CVE) ID: CVE-2010-2752
BugTraq ID: 41852
http://www.securityfocus.com/bid/41852
Bugtraq: 20100721 ZDI-10-133: Mozilla Firefox CSS font-face Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512514
http://www.zerodayinitiative.com/advisories/ZDI-10-133/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11680
Common Vulnerability Exposure (CVE) ID: CVE-2010-2753
BugTraq ID: 41853
http://www.securityfocus.com/bid/41853
Bugtraq: 20100721 ZDI-10-131: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/512510
http://www.zerodayinitiative.com/advisories/ZDI-10-131/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958
SuSE Security Announcement: SUSE-SA:2010:049 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-2754
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11770
CopyrightCopyright (C) 2010 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.