English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.841757
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-2150-1)
Summary:The remote host is missing an update for the 'firefox' package(s) announced via the USN-2150-1 advisory.
Description:Summary:
The remote host is missing an update for the 'firefox' package(s) announced via the USN-2150-1 advisory.

Vulnerability Insight:
Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan
Gohman, Christoph Diehl, Gregor Wagner, Gary Kwong, Luke Wagner, Rob
Fletcher and Makoto Kato discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2014-1493, CVE-2014-1494)

Atte Kettunen discovered an out-of-bounds read during WAV file decoding.
An attacker could potentially exploit this to cause a denial of service
via application crash. (CVE-2014-1497)

David Keeler discovered that crypto.generateCRFMRequest did not correctly
validate all arguments. An attacker could potentially exploit this to
cause a denial of service via application crash. (CVE-2014-1498)

Ehsan Akhgari discovered that the WebRTC permission dialog can display
the wrong originating site information under some circumstances. An
attacker could potentially exploit this by tricking a user in order to
gain access to their webcam or microphone. (CVE-2014-1499)

Tim Philipp Schafers and Sebastian Neef discovered that onbeforeunload
events used with page navigations could make the browser unresponsive
in some circumstances. An attacker could potentially exploit this to
cause a denial of service. (CVE-2014-1500)

Jeff Gilbert discovered that WebGL content could manipulate content from
another sites WebGL context. An attacker could potentially exploit this
to conduct spoofing attacks. (CVE-2014-1502)

Nicolas Golubovic discovered that CSP could be bypassed for data:
documents during session restore. An attacker could potentially exploit
this to conduct cross-site scripting attacks. (CVE-2014-1504)

Robert O'Callahan discovered a mechanism for timing attacks involving
SVG filters and displacements input to feDisplacementMap. An attacker
could potentially exploit this to steal confidential information across
domains. (CVE-2014-1505)

Tyson Smith and Jesse Schwartzentruber discovered an out-of-bounds read
during polygon rendering in MathML. An attacker could potentially exploit
this to steal confidential information across domains. (CVE-2014-1508)

John Thomson discovered a memory corruption bug in the Cairo graphics
library. If a user had a malicious extension installed, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2014-1509)

Mariusz Mlynski discovered that web content could open a chrome privileged
page and bypass the popup blocker in some circumstances. An attacker could
potentially exploit this to execute arbitrary code with the privileges
of the user invoking Firefox. (CVE-2014-1510, CVE-2014-1511)

It was discovered that memory pressure during garbage collection ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'firefox' package(s) on Ubuntu 12.04, Ubuntu 12.10, Ubuntu 13.10.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-1493
BugTraq ID: 66412
http://www.securityfocus.com/bid/66412
Debian Security Information: DSA-2881 (Google Search)
http://www.debian.org/security/2014/dsa-2881
Debian Security Information: DSA-2911 (Google Search)
http://www.debian.org/security/2014/dsa-2911
https://security.gentoo.org/glsa/201504-01
RedHat Security Advisories: RHSA-2014:0310
http://rhn.redhat.com/errata/RHSA-2014-0310.html
RedHat Security Advisories: RHSA-2014:0316
http://rhn.redhat.com/errata/RHSA-2014-0316.html
SuSE Security Announcement: SUSE-SU-2014:0418 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html
SuSE Security Announcement: openSUSE-SU-2014:0419 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html
SuSE Security Announcement: openSUSE-SU-2014:0448 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html
SuSE Security Announcement: openSUSE-SU-2014:0584 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html
http://www.ubuntu.com/usn/USN-2151-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-1494
Common Vulnerability Exposure (CVE) ID: CVE-2014-1497
BugTraq ID: 66423
http://www.securityfocus.com/bid/66423
Common Vulnerability Exposure (CVE) ID: CVE-2014-1498
Common Vulnerability Exposure (CVE) ID: CVE-2014-1499
Common Vulnerability Exposure (CVE) ID: CVE-2014-1500
Common Vulnerability Exposure (CVE) ID: CVE-2014-1502
Common Vulnerability Exposure (CVE) ID: CVE-2014-1504
Common Vulnerability Exposure (CVE) ID: CVE-2014-1505
BugTraq ID: 66418
http://www.securityfocus.com/bid/66418
Common Vulnerability Exposure (CVE) ID: CVE-2014-1508
BugTraq ID: 66426
http://www.securityfocus.com/bid/66426
Common Vulnerability Exposure (CVE) ID: CVE-2014-1509
BugTraq ID: 66425
http://www.securityfocus.com/bid/66425
Common Vulnerability Exposure (CVE) ID: CVE-2014-1510
BugTraq ID: 66206
http://www.securityfocus.com/bid/66206
Common Vulnerability Exposure (CVE) ID: CVE-2014-1511
BugTraq ID: 66207
http://www.securityfocus.com/bid/66207
Common Vulnerability Exposure (CVE) ID: CVE-2014-1512
BugTraq ID: 66209
http://www.securityfocus.com/bid/66209
Bugtraq: 20140326 VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own) (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2014-03/0145.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-1513
BugTraq ID: 66203
http://www.securityfocus.com/bid/66203
Common Vulnerability Exposure (CVE) ID: CVE-2014-1514
BugTraq ID: 66240
http://www.securityfocus.com/bid/66240
CopyrightCopyright (C) 2014 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.