English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.840553
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-1019-1)
Summary:The remote host is missing an update for the 'firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2' package(s) announced via the USN-1019-1 advisory.
Description:Summary:
The remote host is missing an update for the 'firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2' package(s) announced via the USN-1019-1 advisory.

Vulnerability Insight:
Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov
discovered several memory issues in the browser engine. An attacker could
exploit these to crash the browser or possibly run arbitrary code as the
user invoking the program. (CVE-2010-3776, CVE-2010-3777, CVE-2010-3778)

It was discovered that Firefox did not properly verify the about:blank
location elements when it was opened via window.open(). An attacker could
exploit this to run arbitrary code with chrome privileges. (CVE-2010-3771)

It was discovered that Firefox did not properly handle <,div>, elements
when processing a XUL tree. If a user were tricked into opening a malicious
web page, an attacker could exploit this to crash the browser or possibly
run arbitrary code as the user invoking the program. (CVE-2010-3772)

Marc Schoenefeld and Christoph Diehl discovered several problems when
handling downloadable fonts. The new OTS font sanitizing library was added
to mitigate these issues. (CVE-2010-3768)

Gregory Fleischer discovered that the Java LiveConnect script could be made
to run in the wrong security context. An attacker could exploit this to
read local files and run arbitrary code as the user invoking the program.
(CVE-2010-3775)

Several problems were discovered in the JavaScript engine. If a user were
tricked into opening a malicious web page, an attacker could exploit this to
crash the browser or possibly run arbitrary code as the user invoking the
program. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3773)

Michal Zalewski discovered that Firefox did not always properly handle
displaying pages from network or certificate errors. An attacker could
exploit this to spoof the location bar, such as in a phishing attack.
(CVE-2010-3774)

Yosuke Hasegawa and Masatoshi Kimura discovered that several character
encodings would have some characters converted to angle brackets. An
attacker could utilize this to perform cross-site scripting attacks.
(CVE-2010-3770)

Affected Software/OS:
'firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2' package(s) on Ubuntu 8.04, Ubuntu 9.10, Ubuntu 10.04, Ubuntu 10.10.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3766
BugTraq ID: 45326
http://www.securityfocus.com/bid/45326
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:251
http://www.zerodayinitiative.com/advisories/ZDI-10-264/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12649
http://www.redhat.com/support/errata/RHSA-2010-0966.html
http://www.securitytracker.com/id?1024848
http://secunia.com/advisories/42716
http://secunia.com/advisories/42818
SuSE Security Announcement: SUSE-SA:2011:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html
http://www.ubuntu.com/usn/USN-1019-1
http://www.vupen.com/english/advisories/2011/0030
Common Vulnerability Exposure (CVE) ID: CVE-2010-3767
Debian Security Information: DSA-2132 (Google Search)
http://www.debian.org/security/2010/dsa-2132
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12610
http://www.redhat.com/support/errata/RHSA-2010-0967.html
http://www.redhat.com/support/errata/RHSA-2010-0968.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-3768
BugTraq ID: 45352
http://www.securityfocus.com/bid/45352
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052220.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:258
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12533
http://www.redhat.com/support/errata/RHSA-2010-0969.html
http://www.securitytracker.com/id?1024846
http://www.ubuntu.com/usn/USN-1020-1
Common Vulnerability Exposure (CVE) ID: CVE-2010-3770
BugTraq ID: 45353
http://www.securityfocus.com/bid/45353
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12348
http://www.securitytracker.com/id?1024851
Common Vulnerability Exposure (CVE) ID: CVE-2010-3771
BugTraq ID: 45346
http://www.securityfocus.com/bid/45346
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12343
Common Vulnerability Exposure (CVE) ID: CVE-2010-3772
BugTraq ID: 45351
http://www.securityfocus.com/bid/45351
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12324
Common Vulnerability Exposure (CVE) ID: CVE-2010-3773
BugTraq ID: 45354
http://www.securityfocus.com/bid/45354
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11960
Common Vulnerability Exposure (CVE) ID: CVE-2010-3774
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12512
http://www.securitytracker.com/id?1024850
Common Vulnerability Exposure (CVE) ID: CVE-2010-3775
BugTraq ID: 45355
http://www.securityfocus.com/bid/45355
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11666
Common Vulnerability Exposure (CVE) ID: CVE-2010-3776
BugTraq ID: 45347
http://www.securityfocus.com/bid/45347
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12389
Common Vulnerability Exposure (CVE) ID: CVE-2010-3777
BugTraq ID: 45348
http://www.securityfocus.com/bid/45348
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12468
Common Vulnerability Exposure (CVE) ID: CVE-2010-3778
BugTraq ID: 45344
http://www.securityfocus.com/bid/45344
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12622
CopyrightCopyright (C) 2010 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.