English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
146377 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.831344
Categoría:Mandrake Local Security Checks
Título:Mandriva Update for firefox MDVSA-2011:041 (firefox)
Resumen:The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'firefox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox
before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12,
allows remote attackers to hijack the authentication of arbitrary
users for requests that were initiated by a plugin and received a
307 redirect to a page on a different web site. (CVE-2011-0059)

Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird
before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers
to execute arbitrary code or cause a denial of service (application
crash) via a crafted JPEG image. (CVE-2011-0061)

The nsIScriptableUnescapeHTML.parseFragment method in the
ParanoidFragmentSink protection mechanism in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey
before 2.0.12 does not properly sanitize HTML in a chrome document,
which makes it easier for remote attackers to execute arbitrary
JavaScript with chrome privileges via a javascript: URI in input to
an extension, as demonstrated by a javascript:alert sequence in (1)
the HREF attribute of an A element or (2) the ACTION attribute of a
FORM element. (CVE-2010-1585)

Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before
3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote
attackers to execute arbitrary code or cause a denial of service
(memory corruption) via a long string that triggers construction of
a long text run. (CVE-2011-0058)

Use-after-free vulnerability in the Web Workers implementation
in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14,
and SeaMonkey before 2.0.12, allows remote attackers to execute
arbitrary code via vectors related to a JavaScript Worker and garbage
collection. (CVE-2011-0057)

Buffer overflow in the JavaScript engine in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might
allow remote attackers to execute arbitrary code via vectors involving
exception timing and a large number of string values, aka an atom
map issue. (CVE-2011-0056)

Buffer overflow in the JavaScript engine in Mozilla Firefox before
3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might
allow remote attackers to execute arbitrary code via vectors involving
non-local JavaScript variables, aka an upvarMap issue. (CVE-2011-0054)

Use-after-free v ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
firefox on Mandriva Linux 2009.0,
Mandriva Linux 2009.0/X86_64,
Mandriva Linux 2010.0,
Mandriva Linux 2010.0/X86_64,
Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0059
BugTraq ID: 46652
http://www.securityfocus.com/bid/46652
http://www.mandriva.com/security/advisories?name=MDVSA-2011:041
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14473
http://www.redhat.com/support/errata/RHSA-2011-0313.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-0061
BugTraq ID: 46651
http://www.securityfocus.com/bid/46651
http://www.mandriva.com/security/advisories?name=MDVSA-2011:042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14486
Common Vulnerability Exposure (CVE) ID: CVE-2010-1585
Bugtraq: 20100421 Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox & Exploiting Cross Context Scripting vulnerabilities in Firefox (Google Search)
http://www.securityfocus.com/archive/1/510883/100/0/threaded
http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12532
Common Vulnerability Exposure (CVE) ID: CVE-2011-0058
BugTraq ID: 46660
http://www.securityfocus.com/bid/46660
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14254
Common Vulnerability Exposure (CVE) ID: CVE-2011-0057
BugTraq ID: 46663
http://www.securityfocus.com/bid/46663
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14200
Common Vulnerability Exposure (CVE) ID: CVE-2011-0056
BugTraq ID: 46650
http://www.securityfocus.com/bid/46650
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14013
Common Vulnerability Exposure (CVE) ID: CVE-2011-0054
BugTraq ID: 46648
http://www.securityfocus.com/bid/46648
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14018
Common Vulnerability Exposure (CVE) ID: CVE-2011-0055
BugTraq ID: 46661
http://www.securityfocus.com/bid/46661
Bugtraq: 20110302 ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/516802
http://www.zerodayinitiative.com/advisories/ZDI-11-103/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14476
Common Vulnerability Exposure (CVE) ID: CVE-2011-0051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14211
http://www.redhat.com/support/errata/RHSA-2011-0312.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-0062
BugTraq ID: 46647
http://www.securityfocus.com/bid/46647
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14409
CopyrightCopyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.