English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56489
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2006:036 (mozilla)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to mozilla
announced via advisory MDKSA-2006:036.

Mozilla and Mozilla Firefox allow remote attackers to cause a denial of
service (CPU consumption and delayed application startup) via a web
site with a large title, which is recorded in history.dat but not
processed efficiently during startup. (CVE-2005-4134)

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before
1.5.1 does not properly dereference objects, which allows remote
attackers to cause a denial of service (crash) or execute arbitrary
code via unknown attack vectors related to garbage collection.
(CVE-2006-0292)

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1,
and SeaMonkey before 1.0 does not validate the attribute name, which
allows remote attackers to execute arbitrary Javascript by injecting
RDF data into the user's localstore.rdf file. (CVE-2006-0296)

Updated packages are patched to address these issues.

Affected: Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2006:036

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-4134
BugTraq ID: 15773
http://www.securityfocus.com/bid/15773
BugTraq ID: 16476
http://www.securityfocus.com/bid/16476
Debian Security Information: DSA-1044 (Google Search)
http://www.debian.org/security/2006/dsa-1044
Debian Security Information: DSA-1046 (Google Search)
http://www.debian.org/security/2006/dsa-1046
Debian Security Information: DSA-1051 (Google Search)
http://www.debian.org/security/2006/dsa-1051
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html
http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html
http://www.securityfocus.com/archive/1/425978/100/0/threaded
http://www.securityfocus.com/archive/1/425975/100/0/threaded
http://marc.info/?l=full-disclosure&m=113405896025702&w=2
http://marc.info/?l=full-disclosure&m=113404911919629&w=2
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
HPdes Security Advisory: HPSBUX02122
http://www.securityfocus.com/archive/1/438730/100/0/threaded
HPdes Security Advisory: SSRT061158
http://www.mandriva.com/security/advisories?name=MDKSA-2006:036
http://www.mandriva.com/security/advisories?name=MDKSA-2006:037
http://www.mozilla.org/security/history-title.html
http://www.networksecurity.fi/advisories/netscape-history.html
http://www.osvdb.org/21533
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11382
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1619
http://www.redhat.com/support/errata/RHSA-2006-0199.html
http://www.redhat.com/support/errata/RHSA-2006-0200.html
SCO Security Bulletin: SCOSA-2006.26
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
http://securitytracker.com/id?1015328
http://secunia.com/advisories/17934
http://secunia.com/advisories/17944
http://secunia.com/advisories/17946
http://secunia.com/advisories/18700
http://secunia.com/advisories/18704
http://secunia.com/advisories/18705
http://secunia.com/advisories/18706
http://secunia.com/advisories/18708
http://secunia.com/advisories/18709
http://secunia.com/advisories/19230
http://secunia.com/advisories/19746
http://secunia.com/advisories/19759
http://secunia.com/advisories/19852
http://secunia.com/advisories/19862
http://secunia.com/advisories/19863
http://secunia.com/advisories/19902
http://secunia.com/advisories/19941
http://secunia.com/advisories/21033
http://secunia.com/advisories/21622
SGI Security Advisory: 20060201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
https://usn.ubuntu.com/271-1/
https://usn.ubuntu.com/275-1/
http://www.vupen.com/english/advisories/2005/2805
http://www.vupen.com/english/advisories/2006/0413
http://www.vupen.com/english/advisories/2006/3391
Common Vulnerability Exposure (CVE) ID: CVE-2006-0292
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
HPdes Security Advisory: HPSBUX02156
http://www.securityfocus.com/archive/1/446657/100/200/threaded
HPdes Security Advisory: SSRT061236
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10016
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A670
http://www.redhat.com/support/errata/RHSA-2006-0330.html
http://securitytracker.com/id?1015570
http://secunia.com/advisories/18703
http://secunia.com/advisories/19780
http://secunia.com/advisories/19821
http://secunia.com/advisories/19823
http://secunia.com/advisories/19950
http://secunia.com/advisories/20051
http://secunia.com/advisories/22065
SuSE Security Announcement: SUSE-SA:2006:022 (Google Search)
http://www.novell.com/linux/security/advisories/2006_04_25.html
https://usn.ubuntu.com/276-1/
http://www.vupen.com/english/advisories/2006/3749
XForce ISS Database: mozilla-javascript-memory-corruption(24430)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24430
Common Vulnerability Exposure (CVE) ID: CVE-2006-0296
Cert/CC Advisory: TA06-038A
http://www.us-cert.gov/cas/techalerts/TA06-038A.html
CERT/CC vulnerability note: VU#592425
http://www.kb.cert.org/vuls/id/592425
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11803
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1493
XForce ISS Database: mozilla-xuldocument-command-execution(24434)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24434
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2024 E-Soft Inc. All rights reserved.