 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.841388 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-1786-1) |
| Summary: | The remote host is missing an update for the 'firefox' package(s) announced via the USN-1786-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'firefox' package(s) announced via the USN-1786-1 advisory. Vulnerability Insight: Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, Joe Drew, Andrew McCreight, Randell Jesup, Gary Kwong and Mats Palmgren discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0788, CVE-2013-0789) Ambroz Bizjak discovered an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) library when decoding certain certificates. An attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2013-0791) Tobias Schula discovered an information leak in Firefox when the gfx.color_management.enablev4 preference is enabled. If the user were tricked into opening a specially crafted image, an attacker could potentially exploit this to steal confidential data. By default, the gfx.color_management.enablev4 preference is not enabled in Ubuntu. (CVE-2013-0792) Mariusz Mlynski discovered that timed history navigations could be used to load arbitrary websites with the wrong URL displayed in the addressbar. An attacker could exploit this to conduct cross-site scripting (XSS) or phishing attacks. (CVE-2013-0793) It was discovered that the origin indication on tab-modal dialog boxes could be removed, which could allow an attacker's dialog to be displayed over another sites content. An attacker could exploit this to conduct phishing attacks. (CVE-2013-0794) Cody Crews discovered that the cloneNode method could be used to bypass System Only Wrappers (SOW) to clone a protected node and bypass same-origin policy checks. An attacker could potentially exploit this to steal confidential data or execute code with the privileges of the user invoking Firefox. (CVE-2013-0795) A crash in WebGL rendering was discovered in Firefox. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. This issue only affects users with Intel graphics drivers. (CVE-2013-0796) Abhishek Arya discovered an out-of-bounds write in the Cairo graphics library. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0800) Affected Software/OS: 'firefox' package(s) on Ubuntu 10.04, Ubuntu 11.10, Ubuntu 12.04, Ubuntu 12.10. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-0788 Debian Security Information: DSA-2699 (Google Search) http://www.debian.org/security/2013/dsa-2699 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16629 RedHat Security Advisories: RHSA-2013:0696 http://rhn.redhat.com/errata/RHSA-2013-0696.html RedHat Security Advisories: RHSA-2013:0697 http://rhn.redhat.com/errata/RHSA-2013-0697.html SuSE Security Announcement: SUSE-SU-2013:0645 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html SuSE Security Announcement: SUSE-SU-2013:0850 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html SuSE Security Announcement: openSUSE-SU-2013:0630 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html SuSE Security Announcement: openSUSE-SU-2013:0631 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html SuSE Security Announcement: openSUSE-SU-2013:0875 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html http://www.ubuntu.com/usn/USN-1791-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-0789 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17079 Common Vulnerability Exposure (CVE) ID: CVE-2013-0791 BugTraq ID: 58826 http://www.securityfocus.com/bid/58826 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17150 RedHat Security Advisories: RHSA-2013:1135 http://rhn.redhat.com/errata/RHSA-2013-1135.html RedHat Security Advisories: RHSA-2013:1144 http://rhn.redhat.com/errata/RHSA-2013-1144.html Common Vulnerability Exposure (CVE) ID: CVE-2013-0792 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17021 Common Vulnerability Exposure (CVE) ID: CVE-2013-0793 BugTraq ID: 58837 http://www.securityfocus.com/bid/58837 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16928 Common Vulnerability Exposure (CVE) ID: CVE-2013-0794 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17065 Common Vulnerability Exposure (CVE) ID: CVE-2013-0795 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16842 Common Vulnerability Exposure (CVE) ID: CVE-2013-0796 Common Vulnerability Exposure (CVE) ID: CVE-2013-0800 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16909 |
| Copyright | Copyright (C) 2013 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |