Test ID:	1.3.6.1.4.1.25623.1.0.90014
Category:	General
Title:	Mozilla Firefox, Thunderbird, Seamonkey: Multiple Vulnerabilities (MFSA2008-14) - Linux
Summary:	Mozilla Firefox, Thunderbird and Seamonkey are prone to multiple; vulnerabilities.
Description:	Summary: Mozilla Firefox, Thunderbird and Seamonkey are prone to multiple vulnerabilities. Vulnerability Impact: Mozilla contributors moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported a series of vulnerabilities which allow scripts from page content to run with elevated privileges. moz_bug_r_a4 demonstrated additional variants of MFSA2007-25 and MFSA2007-35 (arbitrary code execution through XPCNativeWrapper pollution). Additional vulnerabilities reported separately by Boris Zbarsky, Johnny Stenback, and moz_bug_r_a4 showed that the browser could be forced to run JavaScript code using the wrong principal leading to universal XSS and arbitrary code execution. Solution: All Users should upgrade to the latest versions of Firefox, Thunderbird or Seamonkey. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1238 1019703 http://www.securitytracker.com/id?1019703 20080327 rPSA-2008-0128-1 firefox http://www.securityfocus.com/archive/1/490196/100/0/threaded 238492 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1 28448 http://www.securityfocus.com/bid/28448 29391 http://secunia.com/advisories/29391 29526 http://secunia.com/advisories/29526 29539 http://secunia.com/advisories/29539 29541 http://secunia.com/advisories/29541 29547 http://secunia.com/advisories/29547 29550 http://secunia.com/advisories/29550 29558 http://secunia.com/advisories/29558 29560 http://secunia.com/advisories/29560 29607 http://secunia.com/advisories/29607 29616 http://secunia.com/advisories/29616 29645 http://secunia.com/advisories/29645 30327 http://secunia.com/advisories/30327 30620 http://secunia.com/advisories/30620 ADV-2008-0998 http://www.vupen.com/english/advisories/2008/0998/references ADV-2008-1793 http://www.vupen.com/english/advisories/2008/1793/references DSA-1532 http://www.debian.org/security/2008/dsa-1532 DSA-1534 http://www.debian.org/security/2008/dsa-1534 DSA-1535 http://www.debian.org/security/2008/dsa-1535 GLSA-200805-18 http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml MDVSA-2008:080 http://www.mandriva.com/security/advisories?name=MDVSA-2008:080 RHSA-2008:0207 http://www.redhat.com/support/errata/RHSA-2008-0207.html RHSA-2008:0208 http://rhn.redhat.com/errata/RHSA-2008-0208.html RHSA-2008:0209 http://www.redhat.com/support/errata/RHSA-2008-0209.html SUSE-SA:2008:019 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html TA08-087A http://www.us-cert.gov/cas/techalerts/TA08-087A.html USN-592-1 http://www.ubuntu.com/usn/usn-592-1 http://sla.ckers.org/forum/read.php?10%2C20033 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128 http://www.mozilla.org/security/announce/2008/mfsa2008-16.html mozilla-http-referrer-spoofing(41449) https://exchange.xforce.ibmcloud.com/vulnerabilities/41449 oval:org.mitre.oval:def:9889 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9889 Common Vulnerability Exposure (CVE) ID: CVE-2008-1240 BugTraq ID: 28448 Bugtraq: 20080327 rPSA-2008-0128-1 firefox (Google Search) Cert/CC Advisory: TA08-087A Debian Security Information: DSA-1532 (Google Search) Debian Security Information: DSA-1534 (Google Search) Debian Security Information: DSA-1535 (Google Search) SuSE Security Announcement: SUSE-SA:2008:019 (Google Search) XForce ISS Database: mozilla-liveconnect-unauthorized-access(41458) https://exchange.xforce.ibmcloud.com/vulnerabilities/41458 Common Vulnerability Exposure (CVE) ID: CVE-2008-1241 1019700 http://www.securitytracker.com/id?1019700 firefox-xul-popup-spoofing(41454) https://exchange.xforce.ibmcloud.com/vulnerabilities/41454 http://www.mozilla.org/security/announce/2008/mfsa2008-19.html oval:org.mitre.oval:def:11163 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163 Common Vulnerability Exposure (CVE) ID: CVE-2008-0412 BugTraq ID: 27683 http://www.securityfocus.com/bid/27683 Bugtraq: 20080209 rPSA-2008-0051-1 firefox (Google Search) http://www.securityfocus.com/archive/1/487826/100/0/threaded Bugtraq: 20080212 FLEA-2008-0001-1 firefox (Google Search) http://www.securityfocus.com/archive/1/488002/100/0/threaded Bugtraq: 20080229 rPSA-2008-0093-1 thunderbird (Google Search) http://www.securityfocus.com/archive/1/488971/100/0/threaded Debian Security Information: DSA-1484 (Google Search) http://www.debian.org/security/2008/dsa-1484 Debian Security Information: DSA-1485 (Google Search) http://www.debian.org/security/2008/dsa-1485 Debian Security Information: DSA-1489 (Google Search) http://www.debian.org/security/2008/dsa-1489 Debian Security Information: DSA-1506 (Google Search) http://www.debian.org/security/2008/dsa-1506 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:048 http://www.mandriva.com/security/advisories?name=MDVSA-2008:062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10573 http://www.redhat.com/support/errata/RHSA-2008-0103.html http://www.redhat.com/support/errata/RHSA-2008-0104.html http://www.redhat.com/support/errata/RHSA-2008-0105.html http://www.securitytracker.com/id?1019320 http://secunia.com/advisories/28754 http://secunia.com/advisories/28758 http://secunia.com/advisories/28766 http://secunia.com/advisories/28808 http://secunia.com/advisories/28815 http://secunia.com/advisories/28818 http://secunia.com/advisories/28839 http://secunia.com/advisories/28864 http://secunia.com/advisories/28865 http://secunia.com/advisories/28877 http://secunia.com/advisories/28879 http://secunia.com/advisories/28924 http://secunia.com/advisories/28939 http://secunia.com/advisories/28958 http://secunia.com/advisories/29049 http://secunia.com/advisories/29086 http://secunia.com/advisories/29098 http://secunia.com/advisories/29164 http://secunia.com/advisories/29167 http://secunia.com/advisories/29211 http://secunia.com/advisories/29567 http://secunia.com/advisories/31043 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1 SuSE Security Announcement: SUSE-SA:2008:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html http://www.ubuntu.com/usn/usn-576-1 http://www.ubuntu.com/usn/usn-582-1 http://www.ubuntu.com/usn/usn-582-2 http://www.vupen.com/english/advisories/2008/0453/references http://www.vupen.com/english/advisories/2008/0454/references http://www.vupen.com/english/advisories/2008/0627/references http://www.vupen.com/english/advisories/2008/2091/references Common Vulnerability Exposure (CVE) ID: CVE-2008-0416 239546 28839 28864 28865 28879 29303 http://www.securityfocus.com/bid/29303 31043 ADV-2008-2091 DSA-1484 DSA-1485 DSA-1489 JVN#21563357 http://jvn.jp/en/jp/JVN21563357/index.html JVNDB-2008-000021 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html TLSA-2008-9 http://www.turbolinux.com/security/2008/TLSA-2008-9.txt USN-576-1 https://usn.ubuntu.com/576-1/ firefox-character-encoding-xss(40488) https://exchange.xforce.ibmcloud.com/vulnerabilities/40488 http://www.mozilla.org/security/announce/2008/mfsa2008-13.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.