 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.842102 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu: Security Advisory (USN-2505-1) |
| Summary: | The remote host is missing an update for the 'firefox' package(s) announced via the USN-2505-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'firefox' package(s) announced via the USN-2505-1 advisory. Vulnerability Insight: Matthew Noorenberghe discovered that Mozilla domains in the allowlist could make UITour API calls from background tabs. If one of these domains were compromised and open in a background tab, an attacker could potentially exploit this to conduct clickjacking attacks. (CVE-2015-0819) Jan de Mooij discovered an issue that affects content using the Caja Compiler. If web content loads specially crafted code, this could be used to bypass sandboxing security measures provided by Caja. (CVE-2015-0820) Armin Razmdjou discovered that opening hyperlinks with specific mouse and key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-0821) Armin Razmdjou discovered that contents of locally readable files could be made available via manipulation of form autocomplete in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0822) Atte Kettunen discovered a use-after-free in the OpenType Sanitiser (OTS) in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash. (CVE-2015-0823) Atte Kettunen discovered a crash when drawing images using Cairo in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2015-0824) Atte Kettunen discovered a buffer underflow during playback of MP3 files in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0825) Atte Kettunen discovered a buffer overflow during CSS restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0826) Abhishek Arya discovered an out-of-bounds read and write when rendering SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0827) A buffer overflow was discovered in libstagefright during video playback in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0829) Daniele Di Proietto discovered that ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'firefox' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 14.10. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-0819 BugTraq ID: 72759 http://www.securityfocus.com/bid/72759 https://security.gentoo.org/glsa/201504-01 http://www.securitytracker.com/id/1031791 SuSE Security Announcement: openSUSE-SU-2015:0404 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html SuSE Security Announcement: openSUSE-SU-2015:0570 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://www.ubuntu.com/usn/USN-2505-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-0820 BugTraq ID: 72757 http://www.securityfocus.com/bid/72757 Common Vulnerability Exposure (CVE) ID: CVE-2015-0821 BugTraq ID: 72758 http://www.securityfocus.com/bid/72758 Common Vulnerability Exposure (CVE) ID: CVE-2015-0822 BugTraq ID: 72756 http://www.securityfocus.com/bid/72756 Debian Security Information: DSA-3174 (Google Search) http://www.debian.org/security/2015/dsa-3174 Debian Security Information: DSA-3179 (Google Search) http://www.debian.org/security/2015/dsa-3179 RedHat Security Advisories: RHSA-2015:0265 http://rhn.redhat.com/errata/RHSA-2015-0265.html RedHat Security Advisories: RHSA-2015:0266 http://rhn.redhat.com/errata/RHSA-2015-0266.html RedHat Security Advisories: RHSA-2015:0642 http://rhn.redhat.com/errata/RHSA-2015-0642.html http://www.securitytracker.com/id/1031792 SuSE Security Announcement: SUSE-SU-2015:0412 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html SuSE Security Announcement: SUSE-SU-2015:0446 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html SuSE Security Announcement: SUSE-SU-2015:0447 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html SuSE Security Announcement: openSUSE-SU-2015:0448 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html SuSE Security Announcement: openSUSE-SU-2015:0567 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.ubuntu.com/usn/USN-2506-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-0823 BugTraq ID: 72754 http://www.securityfocus.com/bid/72754 Common Vulnerability Exposure (CVE) ID: CVE-2015-0824 BugTraq ID: 72753 http://www.securityfocus.com/bid/72753 Common Vulnerability Exposure (CVE) ID: CVE-2015-0825 BugTraq ID: 72751 http://www.securityfocus.com/bid/72751 Common Vulnerability Exposure (CVE) ID: CVE-2015-0826 BugTraq ID: 72750 http://www.securityfocus.com/bid/72750 Common Vulnerability Exposure (CVE) ID: CVE-2015-0827 BugTraq ID: 72755 http://www.securityfocus.com/bid/72755 Common Vulnerability Exposure (CVE) ID: CVE-2015-0829 BugTraq ID: 72741 http://www.securityfocus.com/bid/72741 Common Vulnerability Exposure (CVE) ID: CVE-2015-0830 BugTraq ID: 72745 http://www.securityfocus.com/bid/72745 Common Vulnerability Exposure (CVE) ID: CVE-2015-0831 BugTraq ID: 72746 http://www.securityfocus.com/bid/72746 Common Vulnerability Exposure (CVE) ID: CVE-2015-0832 BugTraq ID: 72752 http://www.securityfocus.com/bid/72752 Common Vulnerability Exposure (CVE) ID: CVE-2015-0834 BugTraq ID: 72743 http://www.securityfocus.com/bid/72743 Common Vulnerability Exposure (CVE) ID: CVE-2015-0835 BugTraq ID: 72748 http://www.securityfocus.com/bid/72748 Common Vulnerability Exposure (CVE) ID: CVE-2015-0836 BugTraq ID: 72742 http://www.securityfocus.com/bid/72742 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |