English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 95248 Descripciones CVE y
52540 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.69461
Categoría:Mandrake Local Security Checks
Título:Mandriva Security Advisory MDVSA-2011:079 (firefox)
Resumen:Mandriva Security Advisory MDVSA-2011:079 (firefox)
Descripción:Description:
The remote host is missing an update to firefox
announced via advisory MDVSA-2011:079.

Chris Evans of the Chrome Security Team reported that the XSLT
generate-id() function returned a string that revealed a specific valid
address of an object on the memory heap. It is possible that in some
cases this address would be valuable information that could be used
by an attacker while exploiting a different memory corruption but,
in order to make an exploit more reliable or work around mitigation
features in the browser or operating system (CVE-2011-1202).

Security researcher Soroush Dalili reported that the resource:
protocol could be exploited to allow directory traversal on
Windows and the potential loading of resources from non-permitted
locations. The impact would depend on whether interesting files
existed in predictable locations in a useful format. For example,
the existence or non-existence of particular images might indicate
whether certain software was installed (CVE-2011-0071).

David Remahl of Apple Product Security reported that the Java Embedding
Plugin (JEP) shipped with the Mac OS X versions of Firefox could be
exploited to obtain elevated access to resources on a user'
s system
(CVE-2011-0076).

Security researcher Paul Stone reported that a Java applet could be
used to mimic interaction with form autocomplete controls and steal
entries from the form history (CVE-2011-0067).

Security researcher regenrecht reported several dangling pointer
vulnerabilities via TippingPoint'
s Zero Day Initiative (CVE-2011-0065,
CVE-2011-0066, CVE-2011-0073).

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2011-0081,
CVE-2011-0069, CVE-2011-0070, CVE-2011-0080, CVE-2011-0074,
CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0072).

Additionally the sqlite3 packages were upgraded to the 3.7.6.2
version. A new package that provides /usr/bin/lemon was added. The
lemon software was previousely provided with sqlite3 and is used in
some cases when building php.

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:079
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.17

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1202
http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:079
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164
BugTraq ID: 46785
http://www.securityfocus.com/bid/46785
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14244
http://www.vupen.com/english/advisories/2011/0628
XForce ISS Database: google-xslt-info-disclosure(65966)
http://xforce.iss.net/xforce/xfdb/65966
Common Vulnerability Exposure (CVE) ID: CVE-2011-0071
Debian Security Information: DSA-2227 (Google Search)
http://www.debian.org/security/2011/dsa-2227
Debian Security Information: DSA-2228 (Google Search)
http://www.debian.org/security/2011/dsa-2228
Debian Security Information: DSA-2235 (Google Search)
http://www.debian.org/security/2011/dsa-2235
http://www.mandriva.com/security/advisories?name=MDVSA-2011:080
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14058
Common Vulnerability Exposure (CVE) ID: CVE-2011-0076
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14498
Common Vulnerability Exposure (CVE) ID: CVE-2011-0067
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14523
Common Vulnerability Exposure (CVE) ID: CVE-2011-0065
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14142
http://securityreason.com/securityalert/8326
http://securityreason.com/securityalert/8331
http://securityreason.com/securityalert/8340
Common Vulnerability Exposure (CVE) ID: CVE-2011-0066
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13970
Common Vulnerability Exposure (CVE) ID: CVE-2011-0073
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14020
http://securityreason.com/securityalert/8310
Common Vulnerability Exposure (CVE) ID: CVE-2011-0081
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13993
Common Vulnerability Exposure (CVE) ID: CVE-2011-0069
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14065
Common Vulnerability Exposure (CVE) ID: CVE-2011-0070
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14286
Common Vulnerability Exposure (CVE) ID: CVE-2011-0080
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13866
Common Vulnerability Exposure (CVE) ID: CVE-2011-0074
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14317
Common Vulnerability Exposure (CVE) ID: CVE-2011-0075
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14086
Common Vulnerability Exposure (CVE) ID: CVE-2011-0077
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14193
Common Vulnerability Exposure (CVE) ID: CVE-2011-0078
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14246
Common Vulnerability Exposure (CVE) ID: CVE-2011-0072
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14038
CopyrightCopyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 52540 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Developer APIs | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2016 E-Soft Inc. Todos los derechos reservados.