English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.72588
Categoría:Mandrake Local Security Checks
Título:Mandriva Security Advisory MDVSA-2012:173 (firefox)
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing an update to firefox
announced via advisory MDVSA-2012:173.

Multiple security issue were identified and fixed in mozilla firefox:

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2012-5842).

Security researcher Atte Kettunen from OUSPG used the Address
Sanitizer tool to discover a buffer overflow while rendering GIF
format images. This issue is potentially exploitable and could lead
to arbitrary code execution (CVE-2012-4202).

Mozilla security researcher moz_bug_r_a4 reported that if code executed
by the evalInSandbox function sets location.href, it can get the wrong
subject principal for the URL check, ignoring the sandbox'
s Javascript
context and gaining the context of evalInSandbox object. This can
lead to malicious web content being able to perform a cross-site
scripting (XSS) attack or stealing a copy of a local file if the user
has installed an add-on vulnerable to this attack (CVE-2012-4201).

Mozilla developer Bobby Holley reported that security wrappers filter
at the time of property access, but once a function is returned, the
caller can use this function without further security checks. This
affects cross-origin wrappers, allowing for write actions on objects
when only read actions should be properly allowed. This can lead to
cross-site scripting (XSS) attacks (CVE-2012-5841).

Security researcher Masato Kinugawa found when HZ-GB-2312 charset
encoding is used for text, the ~
character will destroy another
character near the chunk delimiter. This can lead to a cross-site
scripting (XSS) attack in pages encoded in HZ-GB-2312 (CVE-2012-4207).

Security researcher Mariusz Mlynski reported that the location property
can be accessed by binary plugins through top.location with a frame
whose name attribute'
s value is set to top. This can allow for possible
cross-site scripting (XSS) attacks through plugins (CVE-2012-4209).

Security researcher Mariusz Mlynski reported that when a maliciously
crafted stylesheet is inspected in the Style Inspector, HTML and CSS
can run in a chrome privileged context without being properly sanitized
first. This can lead to arbitrary code execution (CVE-2012-4210).

Security researcher Abhishek Arya (Inferno) of the Google Chrome
Security Team discovered a series critically rated of use-after-free
and buffer overflow issues using the Address Sanitizer tool in
shipped software. These issues are potentially exploitable, allowing
for remote code execution. We would also like to thank Abhishek for
reporting five additional use-after-free, out of bounds read, and
buffer overflow flaws introduced during Firefox development that
were fixed before general release (CVE-2012-4214, CVE-2012-4215,
CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840).

Security researcher miaubiz used the Address Sanitizer tool to
discover a series critically rated of use-after-free, buffer overflow,
and memory corruption issues in shipped software. These issues are
potentially exploitable, allowing for remote code execution. We would
also like to thank miaubiz for reporting two additional use-after-free
and memory corruption issues introduced during Firefox development
that were fixed before general release (CVE-2012-5833, CVE-2012-5835).

The mozilla firefox packages has been upgraded to the latest version
which is unaffected by these security flaws.

Affected: Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:173
http://www.mozilla.org/security/announce/2012/mfsa2012-91.html
http://www.mozilla.org/security/announce/2012/mfsa2012-92.html
http://www.mozilla.org/security/announce/2012/mfsa2012-93.html
http://www.mozilla.org/security/announce/2012/mfsa2012-100.html
http://www.mozilla.org/security/announce/2012/mfsa2012-101.html
http://www.mozilla.org/security/announce/2012/mfsa2012-103.html
http://www.mozilla.org/security/announce/2012/mfsa2012-104.html
http://www.mozilla.org/security/announce/2012/mfsa2012-105.html
http://www.mozilla.org/security/announce/2012/mfsa2012-106.html

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-5842
BugTraq ID: 56611
http://www.securityfocus.com/bid/56611
Debian Security Information: DSA-2583 (Google Search)
http://www.debian.org/security/2012/dsa-2583
Debian Security Information: DSA-2584 (Google Search)
http://www.debian.org/security/2012/dsa-2584
Debian Security Information: DSA-2588 (Google Search)
http://www.debian.org/security/2012/dsa-2588
http://www.mandriva.com/security/advisories?name=MDVSA-2012:173
http://osvdb.org/87596
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16573
RedHat Security Advisories: RHSA-2012:1482
http://rhn.redhat.com/errata/RHSA-2012-1482.html
RedHat Security Advisories: RHSA-2012:1483
http://rhn.redhat.com/errata/RHSA-2012-1483.html
http://secunia.com/advisories/51359
http://secunia.com/advisories/51360
http://secunia.com/advisories/51369
http://secunia.com/advisories/51370
http://secunia.com/advisories/51381
http://secunia.com/advisories/51434
http://secunia.com/advisories/51439
http://secunia.com/advisories/51440
SuSE Security Announcement: SUSE-SU-2012:1592 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html
SuSE Security Announcement: openSUSE-SU-2012:1583 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html
SuSE Security Announcement: openSUSE-SU-2012:1585 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html
SuSE Security Announcement: openSUSE-SU-2012:1586 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html
SuSE Security Announcement: openSUSE-SU-2013:0175 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html
http://www.ubuntu.com/usn/USN-1636-1
http://www.ubuntu.com/usn/USN-1638-1
http://www.ubuntu.com/usn/USN-1638-2
http://www.ubuntu.com/usn/USN-1638-3
XForce ISS Database: firefox-seamonkey-code-exec(80169)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80169
Common Vulnerability Exposure (CVE) ID: CVE-2012-4202
BugTraq ID: 56614
http://www.securityfocus.com/bid/56614
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16739
XForce ISS Database: mozilla-firefox-gif-bo(80170)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80170
Common Vulnerability Exposure (CVE) ID: CVE-2012-4201
BugTraq ID: 56618
http://www.securityfocus.com/bid/56618
http://osvdb.org/87594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15995
XForce ISS Database: firefox-evalinsandbox-sec-bypass(80171)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80171
Common Vulnerability Exposure (CVE) ID: CVE-2012-5841
BugTraq ID: 56631
http://www.securityfocus.com/bid/56631
http://osvdb.org/87588
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16590
XForce ISS Database: mozilla-wrappers-security-bypass(80178)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80178
Common Vulnerability Exposure (CVE) ID: CVE-2012-4207
BugTraq ID: 56632
http://www.securityfocus.com/bid/56632
http://osvdb.org/87587
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16955
XForce ISS Database: firefox-hzgb2312-xss(80179)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80179
Common Vulnerability Exposure (CVE) ID: CVE-2012-4209
BugTraq ID: 56629
http://www.securityfocus.com/bid/56629
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880
XForce ISS Database: firefox-toplocation-xss(80181)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80181
Common Vulnerability Exposure (CVE) ID: CVE-2012-4210
BugTraq ID: 56646
http://www.securityfocus.com/bid/56646
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16833
XForce ISS Database: firefox-style-inspector-priv-esc(80182)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80182
Common Vulnerability Exposure (CVE) ID: CVE-2012-4214
BugTraq ID: 56628
http://www.securityfocus.com/bid/56628
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16884
XForce ISS Database: firefox-nstexteditorstate-code-exec(80187)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80187
Common Vulnerability Exposure (CVE) ID: CVE-2012-4215
BugTraq ID: 56633
http://www.securityfocus.com/bid/56633
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16690
XForce ISS Database: firefox-fireclipboard-code-exec(80188)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80188
Common Vulnerability Exposure (CVE) ID: CVE-2012-4216
BugTraq ID: 56634
http://www.securityfocus.com/bid/56634
http://osvdb.org/87609
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16902
XForce ISS Database: firefox-getfontentry-code-exec(80189)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80189
Common Vulnerability Exposure (CVE) ID: CVE-2012-5829
BugTraq ID: 56636
http://www.securityfocus.com/bid/56636
http://osvdb.org/87608
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16849
SuSE Security Announcement: SUSE-SU-2013:0048 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html
SuSE Security Announcement: SUSE-SU-2013:0049 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html
SuSE Security Announcement: openSUSE-SU-2013:0131 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html
SuSE Security Announcement: openSUSE-SU-2013:0149 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html
http://www.ubuntu.com/usn/USN-1681-1
http://www.ubuntu.com/usn/USN-1681-2
http://www.ubuntu.com/usn/USN-1681-4
XForce ISS Database: firefox-onexposeevent-bo(80195)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80195
Common Vulnerability Exposure (CVE) ID: CVE-2012-5839
BugTraq ID: 56637
http://www.securityfocus.com/bid/56637
http://osvdb.org/87607
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16968
XForce ISS Database: firefox-gfxshapedword-bo(80196)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80196
Common Vulnerability Exposure (CVE) ID: CVE-2012-5840
BugTraq ID: 56635
http://www.securityfocus.com/bid/56635
http://osvdb.org/87606
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16904
XForce ISS Database: mozilla-prepareeditor-code-exec(80190)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80190
Common Vulnerability Exposure (CVE) ID: CVE-2012-5833
BugTraq ID: 56642
http://www.securityfocus.com/bid/56642
http://osvdb.org/87581
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16748
XForce ISS Database: firefox-teximage2d-calls-code-exec(80184)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80184
Common Vulnerability Exposure (CVE) ID: CVE-2012-5835
BugTraq ID: 56643
http://www.securityfocus.com/bid/56643
http://osvdb.org/87601
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16603
XForce ISS Database: firefox-webgl-bufferdata-overflow(80185)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80185
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.