Test ID:	1.3.6.1.4.1.25623.1.0.841517
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1924-2)
Summary:	The remote host is missing an update for the 'ubufox, unity-firefox-extension' package(s) announced via the USN-1924-2 advisory.
Description:	Summary: The remote host is missing an update for the 'ubufox, unity-firefox-extension' package(s) announced via the USN-1924-2 advisory. Vulnerability Insight: USN-1924-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubufox and Unity Firefox Extension. Original advisory details: Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1701, CVE-2013-1702) A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1704) A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1705) Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. (CVE-2013-1708) It was discovered that a document's URI could be set to the URI of a different document. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1709) A flaw was discovered when generating a CRMF request in certain circumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1710) Bobby Holley discovered that XBL scopes could be used to circumvent XrayWrappers in certain circumstances. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks or cause undefined behaviour. (CVE-2013-1711) Cody Crews discovered that some Javascript components performed security checks against the wrong URI, potentially bypassing same-origin policy restrictions. An attacker could exploit this to conduct cross-site scripting (XSS) attacks or install addons from a malicious site. (CVE-2013-1713) Federico Lanusse discovered that web workers could bypass cross-origin checks when using XMLHttpRequest. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1714) Georgi Guninski and John Schoenick discovered that Java applets could access local files under certain circumstances. An attacker could potentially exploit this to steal confidential data. (CVE-2013-1717) Affected Software/OS: 'ubufox, unity-firefox-extension' package(s) on Ubuntu 12.04, Ubuntu 12.10, Ubuntu 13.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1701 BugTraq ID: 61874 http://www.securityfocus.com/bid/61874 Debian Security Information: DSA-2735 (Google Search) http://www.debian.org/security/2013/dsa-2735 Debian Security Information: DSA-2746 (Google Search) http://www.debian.org/security/2013/dsa-2746 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18514 Common Vulnerability Exposure (CVE) ID: CVE-2013-1702 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18876 Common Vulnerability Exposure (CVE) ID: CVE-2013-1704 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18945 Common Vulnerability Exposure (CVE) ID: CVE-2013-1705 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18935 SuSE Security Announcement: openSUSE-SU-2013:1496 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00060.html SuSE Security Announcement: openSUSE-SU-2013:1633 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1708 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18803 Common Vulnerability Exposure (CVE) ID: CVE-2013-1709 BugTraq ID: 61867 http://www.securityfocus.com/bid/61867 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18531 Common Vulnerability Exposure (CVE) ID: CVE-2013-1710 BugTraq ID: 61900 http://www.securityfocus.com/bid/61900 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18773 Common Vulnerability Exposure (CVE) ID: CVE-2013-1711 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18830 Common Vulnerability Exposure (CVE) ID: CVE-2013-1713 BugTraq ID: 61876 http://www.securityfocus.com/bid/61876 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18884 Common Vulnerability Exposure (CVE) ID: CVE-2013-1714 BugTraq ID: 61882 http://www.securityfocus.com/bid/61882 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18002 Common Vulnerability Exposure (CVE) ID: CVE-2013-1717 BugTraq ID: 61896 http://www.securityfocus.com/bid/61896 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18367
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.