Test ID:	1.3.6.1.4.1.25623.1.0.841181
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1600-1)
Summary:	The remote host is missing an update for the 'firefox' package(s) announced via the USN-1600-1 advisory.
Description:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the USN-1600-1 advisory. Vulnerability Insight: Henrik Skupin, Jesse Ruderman, Christian Holler, Soroush Dalili and others discovered several memory corruption flaws in Firefox. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. (CVE-2012-3982, CVE-2012-3983, CVE-2012-3988, CVE-2012-3989) David Bloom and Jordi Chancel discovered that Firefox did not always properly handle the element. A remote attacker could exploit this to conduct URL spoofing and clickjacking attacks. (CVE-2012-3984) Collin Jackson discovered that Firefox did not properly follow the HTML5 specification for document.domain behavior. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks via javascript execution. (CVE-2012-3985) Johnny Stenback discovered that Firefox did not properly perform security checks on test methods for DOMWindowUtils. (CVE-2012-3986) Alice White discovered that the security checks for GetProperty could be bypassed when using JSAPI. If a user were tricked into opening a specially crafted web page, a remote attacker could exploit this to execute arbitrary code as the user invoking the program. (CVE-2012-3991) Mariusz Mlynski discovered a history state error in Firefox. A remote attacker could exploit this to spoof the location property to inject script or intercept posted data. (CVE-2012-3992) Mariusz Mlynski and others discovered several flaws in Firefox that allowed a remote attacker to conduct cross-site scripting (XSS) attacks. (CVE-2012-3993, CVE-2012-3994, CVE-2012-4184) Abhishek Arya, Atte Kettunen and others discovered several memory flaws in Firefox when using the Address Sanitizer tool. If a user were tricked into opening a specially crafted web page, a remote attacker could cause Firefox to crash or potentially execute arbitrary code as the user invoking the program. (CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188) Affected Software/OS: 'firefox' package(s) on Ubuntu 10.04, Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3982 BugTraq ID: 55924 http://www.securityfocus.com/bid/55924 Debian Security Information: DSA-2565 (Google Search) http://www.debian.org/security/2012/dsa-2565 Debian Security Information: DSA-2569 (Google Search) http://www.debian.org/security/2012/dsa-2569 Debian Security Information: DSA-2572 (Google Search) http://www.debian.org/security/2012/dsa-2572 http://www.mandriva.com/security/advisories?name=MDVSA-2012:163 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16612 RedHat Security Advisories: RHSA-2012:1351 http://rhn.redhat.com/errata/RHSA-2012-1351.html http://secunia.com/advisories/50856 http://secunia.com/advisories/50892 http://secunia.com/advisories/50904 http://secunia.com/advisories/50935 http://secunia.com/advisories/50936 http://secunia.com/advisories/50984 http://secunia.com/advisories/51181 http://secunia.com/advisories/55318 SuSE Security Announcement: SUSE-SU-2012:1351 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html http://www.ubuntu.com/usn/USN-1611-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-3983 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16901 Common Vulnerability Exposure (CVE) ID: CVE-2012-3984 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16184 Common Vulnerability Exposure (CVE) ID: CVE-2012-3985 http://osvdb.org/86106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16108 Common Vulnerability Exposure (CVE) ID: CVE-2012-3986 BugTraq ID: 55922 http://www.securityfocus.com/bid/55922 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834 Common Vulnerability Exposure (CVE) ID: CVE-2012-3988 http://osvdb.org/86109 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16334 XForce ISS Database: firefox-full-screen-code-exec(79149) https://exchange.xforce.ibmcloud.com/vulnerabilities/79149 Common Vulnerability Exposure (CVE) ID: CVE-2012-3989 http://osvdb.org/86097 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16814 Common Vulnerability Exposure (CVE) ID: CVE-2012-3990 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16642 XForce ISS Database: firefox-nsicontent-code-exec(79172) https://exchange.xforce.ibmcloud.com/vulnerabilities/79172 Common Vulnerability Exposure (CVE) ID: CVE-2012-3991 BugTraq ID: 55930 http://www.securityfocus.com/bid/55930 http://osvdb.org/86098 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16646 Common Vulnerability Exposure (CVE) ID: CVE-2012-3992 BugTraq ID: 56128 http://www.securityfocus.com/bid/56128 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16987 Common Vulnerability Exposure (CVE) ID: CVE-2012-3993 BugTraq ID: 56119 http://www.securityfocus.com/bid/56119 http://osvdb.org/86111 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16718 XForce ISS Database: firefox-cow-privilege-escalation(79153) https://exchange.xforce.ibmcloud.com/vulnerabilities/79153 Common Vulnerability Exposure (CVE) ID: CVE-2012-3994 BugTraq ID: 56118 http://www.securityfocus.com/bid/56118 http://osvdb.org/86110 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16798 Common Vulnerability Exposure (CVE) ID: CVE-2012-3995 BugTraq ID: 56136 http://www.securityfocus.com/bid/56136 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16808 XForce ISS Database: firefox-iscsswordspacingspace-code-exec(79156) https://exchange.xforce.ibmcloud.com/vulnerabilities/79156 Common Vulnerability Exposure (CVE) ID: CVE-2012-4179 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16882 XForce ISS Database: firefox-createcsspropertytxn-code-exec(79157) https://exchange.xforce.ibmcloud.com/vulnerabilities/79157 Common Vulnerability Exposure (CVE) ID: CVE-2012-4180 http://osvdb.org/86099 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16428 XForce ISS Database: firefox-isprevcharinnode-bo(79158) https://exchange.xforce.ibmcloud.com/vulnerabilities/79158 Common Vulnerability Exposure (CVE) ID: CVE-2012-4181 BugTraq ID: 56130 http://www.securityfocus.com/bid/56130 http://osvdb.org/86100 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16523 XForce ISS Database: firefox-nssmilanimationcontroller-code-exec(79159) https://exchange.xforce.ibmcloud.com/vulnerabilities/79159 Common Vulnerability Exposure (CVE) ID: CVE-2012-4182 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16191 XForce ISS Database: firefox-nstexteditrules-code-exec(79160) https://exchange.xforce.ibmcloud.com/vulnerabilities/79160 Common Vulnerability Exposure (CVE) ID: CVE-2012-4183 BugTraq ID: 56140 http://www.securityfocus.com/bid/56140 http://osvdb.org/86095 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16850 XForce ISS Database: firefox-domsvgtests-code-exec(79161) https://exchange.xforce.ibmcloud.com/vulnerabilities/79161 Common Vulnerability Exposure (CVE) ID: CVE-2012-4184 BugTraq ID: 56120 http://www.securityfocus.com/bid/56120 http://osvdb.org/86113 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16946 XForce ISS Database: firefox-cow-xss(79154) https://exchange.xforce.ibmcloud.com/vulnerabilities/79154 Common Vulnerability Exposure (CVE) ID: CVE-2012-4185 BugTraq ID: 56127 http://www.securityfocus.com/bid/56127 http://osvdb.org/86116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16009 XForce ISS Database: firefox-nschartraitslength-bo(79162) https://exchange.xforce.ibmcloud.com/vulnerabilities/79162 Common Vulnerability Exposure (CVE) ID: CVE-2012-4186 http://osvdb.org/86117 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16193 XForce ISS Database: firefox-nswavereader-bo(79163) https://exchange.xforce.ibmcloud.com/vulnerabilities/79163 Common Vulnerability Exposure (CVE) ID: CVE-2012-4187 BugTraq ID: 56125 http://www.securityfocus.com/bid/56125 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16425 Common Vulnerability Exposure (CVE) ID: CVE-2012-4188 http://osvdb.org/86096 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16964 XForce ISS Database: firefox-convolve3x3-bo(79165) https://exchange.xforce.ibmcloud.com/vulnerabilities/79165
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.