English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.90013
Kategorie:General
Titel:Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Windows)
Zusammenfassung:The remote host is affected by the vulnerabilities described in the; referenced advisories.
Beschreibung:Summary:
The remote host is affected by the vulnerabilities described in the
referenced advisories.

Vulnerability Impact:
Mozilla contributors moz_bug_r_a4, Boris Zbarsky, and Johnny Stenback reported
a series of vulnerabilities which allow scripts from page content to run with
elevated privileges. moz_bug_r_a4 demonstrated additional variants of MFSA
2007-25 and MFSA2007-35 (arbitrary code execution through XPCNativeWrapper
pollution). Additional vulnerabilities reported separately by Boris Zbarsky,
Johnny Stenback, and moz_bug_r_a4 showed that the browser could be forced to
run JavaScript code using the wrong principal leading to universal XSS
and arbitrary code execution.

Solution:
All users should upgrade to the latest versions of Firefox, Thunderbird or
Seamonkey.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 28448
Common Vulnerability Exposure (CVE) ID: CVE-2008-1233
http://www.securityfocus.com/bid/28448
Bugtraq: 20080327 rPSA-2008-0128-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/490196/100/0/threaded
Cert/CC Advisory: TA08-087A
http://www.us-cert.gov/cas/techalerts/TA08-087A.html
CERT/CC vulnerability note: VU#466521
http://www.kb.cert.org/vuls/id/466521
Debian Security Information: DSA-1532 (Google Search)
http://www.debian.org/security/2008/dsa-1532
Debian Security Information: DSA-1534 (Google Search)
http://www.debian.org/security/2008/dsa-1534
Debian Security Information: DSA-1535 (Google Search)
http://www.debian.org/security/2008/dsa-1535
Debian Security Information: DSA-1574 (Google Search)
http://www.debian.org/security/2008/dsa-1574
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00058.html
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00074.html
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:080
http://www.mandriva.com/security/advisories?name=MDVSA-2008:155
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11078
http://www.redhat.com/support/errata/RHSA-2008-0207.html
RedHat Security Advisories: RHSA-2008:0208
http://rhn.redhat.com/errata/RHSA-2008-0208.html
http://www.redhat.com/support/errata/RHSA-2008-0209.html
http://www.securitytracker.com/id?1019694
http://secunia.com/advisories/29391
http://secunia.com/advisories/29526
http://secunia.com/advisories/29539
http://secunia.com/advisories/29541
http://secunia.com/advisories/29547
http://secunia.com/advisories/29548
http://secunia.com/advisories/29550
http://secunia.com/advisories/29558
http://secunia.com/advisories/29560
http://secunia.com/advisories/29607
http://secunia.com/advisories/29616
http://secunia.com/advisories/29645
http://secunia.com/advisories/30016
http://secunia.com/advisories/30094
http://secunia.com/advisories/30105
http://secunia.com/advisories/30192
http://secunia.com/advisories/30327
http://secunia.com/advisories/30370
http://secunia.com/advisories/30620
http://secunia.com/advisories/31043
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.447313
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
SuSE Security Announcement: SUSE-SA:2008:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html
http://www.ubuntu.com/usn/usn-592-1
http://www.ubuntu.com/usn/usn-605-1
http://www.vupen.com/english/advisories/2008/0998/references
http://www.vupen.com/english/advisories/2008/0999/references
http://www.vupen.com/english/advisories/2008/1793/references
http://www.vupen.com/english/advisories/2008/2091/references
XForce ISS Database: mozilla-settimeout-code-execution(41443)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41443
Common Vulnerability Exposure (CVE) ID: CVE-2008-1234
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9551
XForce ISS Database: firefox-eventhandlers-xss(41455)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41455
Common Vulnerability Exposure (CVE) ID: CVE-2008-1235
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10980
XForce ISS Database: mozilla-principal-code-execution(41457)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41457
Common Vulnerability Exposure (CVE) ID: CVE-2008-1236
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11788
http://www.securitytracker.com/id?1019695
XForce ISS Database: mozilla-layoutengine-code-execution(41445)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41445
Common Vulnerability Exposure (CVE) ID: CVE-2008-1237
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9651
SuSE Security Announcement: SUSE-SR:2008:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
XForce ISS Database: firefox-javascript-engine-code-execution(41446)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41446
Common Vulnerability Exposure (CVE) ID: CVE-2008-1238
http://sla.ckers.org/forum/read.php?10,20033
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9889
http://www.securitytracker.com/id?1019703
XForce ISS Database: mozilla-http-referrer-spoofing(41449)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41449
Common Vulnerability Exposure (CVE) ID: CVE-2007-4879
http://0x90.eu/ff_tls_poc.html
http://www.securitytracker.com/id?1019704
Common Vulnerability Exposure (CVE) ID: CVE-2008-1195
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
Cert/CC Advisory: TA08-066A
http://www.us-cert.gov/cas/techalerts/TA08-066A.html
http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml
http://security.gentoo.org/glsa/glsa-200804-28.xml
http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9486
http://www.redhat.com/support/errata/RHSA-2008-0186.html
http://www.redhat.com/support/errata/RHSA-2008-0210.html
http://www.redhat.com/support/errata/RHSA-2008-0267.html
http://www.securitytracker.com/id?1019553
http://secunia.com/advisories/29239
http://secunia.com/advisories/29273
http://secunia.com/advisories/29498
http://secunia.com/advisories/29582
http://secunia.com/advisories/29858
http://secunia.com/advisories/29897
http://secunia.com/advisories/30676
http://secunia.com/advisories/30780
http://secunia.com/advisories/31497
http://secunia.com/advisories/32018
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233326-1
SuSE Security Announcement: SUSE-SA:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html
SuSE Security Announcement: SUSE-SA:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
http://www.vupen.com/english/advisories/2008/0770/references
http://www.vupen.com/english/advisories/2008/1856/references
XForce ISS Database: sun-jre-javascript-unauthorized-access(41030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41030
Common Vulnerability Exposure (CVE) ID: CVE-2008-1240
XForce ISS Database: mozilla-liveconnect-unauthorized-access(41458)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41458
Common Vulnerability Exposure (CVE) ID: CVE-2008-1241
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11163
http://www.securitytracker.com/id?1019700
XForce ISS Database: firefox-xul-popup-spoofing(41454)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41454
CopyrightCopyright (C) 2008 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.