 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.841914 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-2295-1) |
| Summary: | The remote host is missing an update for the 'firefox' package(s) announced via the USN-2295-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'firefox' package(s) announced via the USN-2295-1 advisory. Vulnerability Insight: Christian Holler, David Keeler, Byron Campen, Gary Kwong, Jesse Ruderman, Andrew McCreight, Alon Zakai, Bobby Holley, Jonathan Watt, Shu-yu Guo, Steve Fink, Terrence Cole, Gijs Kruitbosch and Catalin Badea discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1547, CVE-2014-1548) Atte Kettunen discovered a buffer overflow when interacting with WebAudio buffers. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1549) Atte Kettunen discovered a use-after-free in WebAudio. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1550) David Chan and Gijs Kruitbosch discovered that web content could spoof UI customization events in some circumstances, resulting in a limited ability to move UI icons. (CVE-2014-1561) Jethro Beekman discovered a use-after-free when the FireOnStateChange event is triggered in some circumstances. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1555) Patrick Cozzi discovered a crash when using the Cesium JS library to generate WebGL content. An attacker could potentially exploit this to execute arbitrary code with the privilges of the user invoking Firefox. (CVE-2014-1556) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in CERT_DestroyCertificate. An attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1544) A crash was discovered in Skia when scaling an image, if the scaling operation takes too long. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2014-1557) Christian Holler discovered several issues when parsing certificates with non-standard character encoding, resulting in the inability to use valid SSL certificates in some circumstances. (CVE-2014-1558, CVE-2014-1559, CVE-2014-1560) Boris Zbarsky discovered that network redirects could cause an iframe to escape the confinements defined by its sandbox attribute in some circumstances. An attacker could potentially exploit this to conduct cross-site scripting attacks. (CVE-2014-1552) Affected Software/OS: 'firefox' package(s) on Ubuntu 12.04, Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-1544 BugTraq ID: 68816 http://www.securityfocus.com/bid/68816 Debian Security Information: DSA-2986 (Google Search) http://www.debian.org/security/2014/dsa-2986 Debian Security Information: DSA-2996 (Google Search) http://www.debian.org/security/2014/dsa-2996 https://security.gentoo.org/glsa/201504-01 http://www.securitytracker.com/id/1030617 http://secunia.com/advisories/59591 http://secunia.com/advisories/59719 http://secunia.com/advisories/59760 http://secunia.com/advisories/60083 http://secunia.com/advisories/60486 http://secunia.com/advisories/60621 http://secunia.com/advisories/60628 Common Vulnerability Exposure (CVE) ID: CVE-2014-1547 BugTraq ID: 68811 http://www.securityfocus.com/bid/68811 http://www.securitytracker.com/id/1030619 http://www.securitytracker.com/id/1030620 http://secunia.com/advisories/60306 Common Vulnerability Exposure (CVE) ID: CVE-2014-1548 BugTraq ID: 68818 http://www.securityfocus.com/bid/68818 Common Vulnerability Exposure (CVE) ID: CVE-2014-1549 BugTraq ID: 68820 http://www.securityfocus.com/bid/68820 Common Vulnerability Exposure (CVE) ID: CVE-2014-1550 Common Vulnerability Exposure (CVE) ID: CVE-2014-1552 Common Vulnerability Exposure (CVE) ID: CVE-2014-1555 BugTraq ID: 68814 http://www.securityfocus.com/bid/68814 Common Vulnerability Exposure (CVE) ID: CVE-2014-1556 BugTraq ID: 68822 http://www.securityfocus.com/bid/68822 Common Vulnerability Exposure (CVE) ID: CVE-2014-1557 BugTraq ID: 68824 http://www.securityfocus.com/bid/68824 Common Vulnerability Exposure (CVE) ID: CVE-2014-1558 Common Vulnerability Exposure (CVE) ID: CVE-2014-1559 Common Vulnerability Exposure (CVE) ID: CVE-2014-1560 Common Vulnerability Exposure (CVE) ID: CVE-2014-1561 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |