Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.72533
Kategorie:Debian Local Security Checks
Titel:Debian Security Advisory DSA 2565-1 (iceweasel)
Zusammenfassung:The remote host is missing an update to iceweasel;announced via advisory DSA 2565-1.
Beschreibung:Summary:
The remote host is missing an update to iceweasel
announced via advisory DSA 2565-1.

Vulnerability Insight:
Multiple vulnerabilities have been discovered in Iceweasel, Debian's
version of the Mozilla Firefox web browser. The Common
Vulnerabilities and Exposures project identifies the following
problems:

CVE-2012-3982
Multiple unspecified vulnerabilities in the browser engine
allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute
arbitrary code via unknown vectors.

CVE-2012-3986
Iceweasel does not properly restrict calls to DOMWindowUtils
methods, which allows remote attackers to bypass intended
access restrictions via crafted JavaScript code.

CVE-2012-3990
A Use-after-free vulnerability in the IME State Manager
implementation allows remote attackers to execute arbitrary
code via unspecified vectors, related to the
nsIContent::GetNameSpaceID function.

CVE-2012-3991
Iceweasel does not properly restrict JSAPI access to the
GetProperty function, which allows remote attackers to bypass
the Same Origin Policy and possibly have unspecified other
impact via a crafted web site.

CVE-2012-4179
A use-after-free vulnerability in the
nsHTMLCSSUtils::CreateCSSPropertyTxn function allows remote
attackers to execute arbitrary code or cause a denial of
service (heap memory corruption) via unspecified vectors.

CVE-2012-4180
A heap-based buffer overflow in the
nsHTMLEditor::IsPrevCharInNodeWhitespace function allows
remote attackers to execute arbitrary code via unspecified
vectors.

CVE-2012-4182
A use-after-free vulnerability in the
nsTextEditRules::WillInsert function allows remote attackers
to execute arbitrary code or cause a denial of service (heap
memory corruption) via unspecified vectors.

CVE-2012-4186
A heap-based buffer overflow in the
nsWav-eReader::DecodeAudioData function allows remote attackers
to execute arbitrary code via unspecified vectors.

CVE-2012-4188
A heap-based buffer overflow in the Convolve3x3 function
allows remote attackers to execute arbitrary code via
unspecified vectors.

For the stable distribution (squeeze), these problems have been fixed
in version 3.5.16-19.

For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 10.0.8esr-1.

Solution:
We recommend that you upgrade your iceweasel packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-3982
BugTraq ID: 55924
http://www.securityfocus.com/bid/55924
Debian Security Information: DSA-2565 (Google Search)
http://www.debian.org/security/2012/dsa-2565
Debian Security Information: DSA-2569 (Google Search)
http://www.debian.org/security/2012/dsa-2569
Debian Security Information: DSA-2572 (Google Search)
http://www.debian.org/security/2012/dsa-2572
http://www.mandriva.com/security/advisories?name=MDVSA-2012:163
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16612
RedHat Security Advisories: RHSA-2012:1351
http://rhn.redhat.com/errata/RHSA-2012-1351.html
http://secunia.com/advisories/50856
http://secunia.com/advisories/50892
http://secunia.com/advisories/50904
http://secunia.com/advisories/50935
http://secunia.com/advisories/50936
http://secunia.com/advisories/50984
http://secunia.com/advisories/51181
http://secunia.com/advisories/55318
SuSE Security Announcement: SUSE-SU-2012:1351 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html
http://www.ubuntu.com/usn/USN-1611-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-3986
BugTraq ID: 55922
http://www.securityfocus.com/bid/55922
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16834
Common Vulnerability Exposure (CVE) ID: CVE-2012-3990
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16642
XForce ISS Database: firefox-nsicontent-code-exec(79172)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79172
Common Vulnerability Exposure (CVE) ID: CVE-2012-3991
BugTraq ID: 55930
http://www.securityfocus.com/bid/55930
http://osvdb.org/86098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16646
Common Vulnerability Exposure (CVE) ID: CVE-2012-4179
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16882
XForce ISS Database: firefox-createcsspropertytxn-code-exec(79157)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79157
Common Vulnerability Exposure (CVE) ID: CVE-2012-4180
http://osvdb.org/86099
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16428
XForce ISS Database: firefox-isprevcharinnode-bo(79158)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79158
Common Vulnerability Exposure (CVE) ID: CVE-2012-4182
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16191
XForce ISS Database: firefox-nstexteditrules-code-exec(79160)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79160
Common Vulnerability Exposure (CVE) ID: CVE-2012-4186
http://osvdb.org/86117
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16193
XForce ISS Database: firefox-nswavereader-bo(79163)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79163
Common Vulnerability Exposure (CVE) ID: CVE-2012-4188
http://osvdb.org/86096
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16964
XForce ISS Database: firefox-convolve3x3-bo(79165)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79165
CopyrightCopyright (C) 2012 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.