Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870792
Category:Red Hat Local Security Checks
Title:RedHat Update for firefox RHSA-2012:1088-01
Summary:The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'firefox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

A web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953,
CVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967)

A malicious web page could bypass same-compartment security wrappers (SCSW)
and execute arbitrary code with chrome privileges. (CVE-2012-1959)

A flaw in the context menu functionality in Firefox could allow a malicious
website to bypass intended restrictions and allow a cross-site scripting
attack. (CVE-2012-1966)

A page different to that in the address bar could be displayed when
dragging and dropping to the address bar, possibly making it easier for a
malicious site or user to perform a phishing attack. (CVE-2012-1950)

A flaw in the way Firefox called history.forward and history.back could
allow an attacker to conceal a malicious URL, possibly tricking a user
into believing they are viewing a trusted site. (CVE-2012-1955)

A flaw in a parser utility class used by Firefox to parse feeds (such as
RSS) could allow an attacker to execute arbitrary JavaScript with the
privileges of the user running Firefox. This issue could have affected
other browser components or add-ons that assume the class returns
sanitized input. (CVE-2012-1957)

A flaw in the way Firefox handled X-Frame-Options headers could allow a
malicious website to perform a clickjacking attack. (CVE-2012-1961)

A flaw in the way Content Security Policy (CSP) reports were generated by
Firefox could allow a malicious web page to steal a victim's OAuth 2.0
access tokens and OpenID credentials. (CVE-2012-1963)

A flaw in the way Firefox handled certificate warnings could allow a
man-in-the-middle attacker to create a crafted warning, possibly tricking
a user into accepting an arbitrary certificate as trusted. (CVE-2012-1964)

A flaw in the way Firefox handled feed:javascript URLs could allow output
filtering to be bypassed, possibly leading to a cross-site scripting
attack. (CVE-2012-1965)

The nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6
introduced a mitigation for the CVE-2011-3389 flaw. For compatibility
reasons, it remains disabled by default in the nss packages. This update
...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
firefox on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-1948
BugTraq ID: 54580
http://www.securityfocus.com/bid/54580
Debian Security Information: DSA-2514 (Google Search)
http://www.debian.org/security/2012/dsa-2514
Debian Security Information: DSA-2528 (Google Search)
http://www.debian.org/security/2012/dsa-2528
http://osvdb.org/84007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16744
RedHat Security Advisories: RHSA-2012:1088
http://rhn.redhat.com/errata/RHSA-2012-1088.html
http://www.securitytracker.com/id?1027256
http://www.securitytracker.com/id?1027257
http://www.securitytracker.com/id?1027258
http://secunia.com/advisories/49963
http://secunia.com/advisories/49964
http://secunia.com/advisories/49965
http://secunia.com/advisories/49968
http://secunia.com/advisories/49972
http://secunia.com/advisories/49977
http://secunia.com/advisories/49979
http://secunia.com/advisories/49992
http://secunia.com/advisories/49993
http://secunia.com/advisories/49994
SuSE Security Announcement: SUSE-SU-2012:0895 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html
SuSE Security Announcement: SUSE-SU-2012:0896 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html
SuSE Security Announcement: openSUSE-SU-2012:0899 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html
SuSE Security Announcement: openSUSE-SU-2012:0917 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html
http://www.ubuntu.com/usn/USN-1509-1
http://www.ubuntu.com/usn/USN-1509-2
http://www.ubuntu.com/usn/USN-1510-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-1950
http://osvdb.org/84008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16970
Common Vulnerability Exposure (CVE) ID: CVE-2012-1951
BugTraq ID: 54578
http://www.securityfocus.com/bid/54578
http://osvdb.org/83997
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16077
Common Vulnerability Exposure (CVE) ID: CVE-2012-1952
http://osvdb.org/83999
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16942
Common Vulnerability Exposure (CVE) ID: CVE-2012-1953
http://osvdb.org/83998
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16894
Common Vulnerability Exposure (CVE) ID: CVE-2012-1954
http://osvdb.org/83995
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16984
Common Vulnerability Exposure (CVE) ID: CVE-2012-1955
BugTraq ID: 54586
http://www.securityfocus.com/bid/54586
http://osvdb.org/83996
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17004
Common Vulnerability Exposure (CVE) ID: CVE-2012-1957
BugTraq ID: 54583
http://www.securityfocus.com/bid/54583
http://osvdb.org/84000
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16844
Common Vulnerability Exposure (CVE) ID: CVE-2012-1958
BugTraq ID: 54574
http://www.securityfocus.com/bid/54574
http://osvdb.org/84001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16434
Common Vulnerability Exposure (CVE) ID: CVE-2012-1959
BugTraq ID: 54576
http://www.securityfocus.com/bid/54576
http://osvdb.org/84002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16920
Common Vulnerability Exposure (CVE) ID: CVE-2012-1961
BugTraq ID: 54584
http://www.securityfocus.com/bid/54584
http://osvdb.org/84003
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16993
Common Vulnerability Exposure (CVE) ID: CVE-2012-1962
BugTraq ID: 54575
http://www.securityfocus.com/bid/54575
http://osvdb.org/84004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16729
Common Vulnerability Exposure (CVE) ID: CVE-2012-1963
BugTraq ID: 54582
http://www.securityfocus.com/bid/54582
http://osvdb.org/84005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17056
Common Vulnerability Exposure (CVE) ID: CVE-2012-1964
BugTraq ID: 54581
http://www.securityfocus.com/bid/54581
http://osvdb.org/84011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16783
Common Vulnerability Exposure (CVE) ID: CVE-2012-1965
BugTraq ID: 54579
http://www.securityfocus.com/bid/54579
http://osvdb.org/84012
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17001
Common Vulnerability Exposure (CVE) ID: CVE-2012-1966
BugTraq ID: 54577
http://www.securityfocus.com/bid/54577
http://osvdb.org/84009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17037
Common Vulnerability Exposure (CVE) ID: CVE-2012-1967
BugTraq ID: 54573
http://www.securityfocus.com/bid/54573
http://osvdb.org/84013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17025
Common Vulnerability Exposure (CVE) ID: CVE-2011-3389
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
BugTraq ID: 49388
http://www.securityfocus.com/bid/49388
BugTraq ID: 49778
http://www.securityfocus.com/bid/49778
Cert/CC Advisory: TA12-010A
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
CERT/CC vulnerability note: VU#864643
http://www.kb.cert.org/vuls/id/864643
Debian Security Information: DSA-2398 (Google Search)
http://www.debian.org/security/2012/dsa-2398
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
HPdes Security Advisory: HPSBMU02742
http://marc.info/?l=bugtraq&m=132872385320240&w=2
HPdes Security Advisory: HPSBMU02797
http://marc.info/?l=bugtraq&m=134254957702612&w=2
HPdes Security Advisory: HPSBMU02799
http://marc.info/?l=bugtraq&m=134254866602253&w=2
HPdes Security Advisory: HPSBMU02900
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
HPdes Security Advisory: HPSBUX02730
http://marc.info/?l=bugtraq&m=132750579901589&w=2
HPdes Security Advisory: HPSBUX02760
http://marc.info/?l=bugtraq&m=133365109612558&w=2
HPdes Security Advisory: HPSBUX02777
http://marc.info/?l=bugtraq&m=133728004526190&w=2
HPdes Security Advisory: SSRT100710
HPdes Security Advisory: SSRT100740
HPdes Security Advisory: SSRT100805
HPdes Security Advisory: SSRT100854
HPdes Security Advisory: SSRT100867
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.insecure.cl/Beast-SSL.rar
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Microsoft Security Bulletin: MS12-006
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
http://osvdb.org/74829
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.redhat.com/support/errata/RHSA-2012-0006.html
RedHat Security Advisories: RHSA-2012:0508
http://rhn.redhat.com/errata/RHSA-2012-0508.html
RedHat Security Advisories: RHSA-2013:1455
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://www.securitytracker.com/id?1025997
http://www.securitytracker.com/id?1026103
http://www.securitytracker.com/id?1026704
http://www.securitytracker.com/id/1029190
http://secunia.com/advisories/45791
http://secunia.com/advisories/47998
http://secunia.com/advisories/48256
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/49198
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
SuSE Security Announcement: SUSE-SU-2012:0114 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
SuSE Security Announcement: SUSE-SU-2012:0122 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
SuSE Security Announcement: SUSE-SU-2012:0602 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
SuSE Security Announcement: openSUSE-SU-2012:0030 (Google Search)
https://hermes.opensuse.org/messages/13154861
SuSE Security Announcement: openSUSE-SU-2012:0063 (Google Search)
https://hermes.opensuse.org/messages/13155432
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://www.ubuntu.com/usn/USN-1263-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-1949
http://osvdb.org/84006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17027
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.