English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 95248 CVE descriptions
and 52540 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56566
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0328
Summary:Redhat Security Advisory RHSA-2006:0328
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2006:0328.

Mozilla Firefox is an open source Web browser.

Several bugs were found in the way Firefox processes malformed javascript.
A malicious web page could modify the content of a different open web page,
possibly stealing sensitive information or conducting a cross-site
scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741)

Several bugs were found in the way Firefox processes certain javascript
actions. A malicious web page could execute arbitrary javascript
instructions with the permissions of chrome, allowing the page to steal
sensitive information or install browser malware. (CVE-2006-1727,
CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742)

Several bugs were found in the way Firefox processes malformed web pages.
A carefully crafted malicious web page could cause the execution of
arbitrary code as the user running Firefox. (CVE-2006-0749, CVE-2006-1724,
CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739)

A bug was found in the way Firefox displays the secure site icon. If a
browser is configured to display the non-default secure site modal warning
dialog, it may be possible to trick a user into believing they are viewing
a secure site. (CVE-2006-1740)

A bug was found in the way Firefox allows javascript mutation events on
input form elements. A malicious web page could be created in such a way
that when a user submits a form, an arbitrary file could be uploaded to the
attacker. (CVE-2006-1729)

Users of Firefox are advised to upgrade to these updated packages
containing Firefox version 1.0.8 which corrects these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0328.html
http://www.mozilla.com/firefox/releases/1.0.8.html
http://www.redhat.com/security/updates/classification/#critical

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-0749
Bugtraq: 20060417 ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/431126/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-06-009.html
Debian Security Information: DSA-1044 (Google Search)
http://www.debian.org/security/2006/dsa-1044
Debian Security Information: DSA-1046 (Google Search)
http://www.debian.org/security/2006/dsa-1046
Debian Security Information: DSA-1051 (Google Search)
http://www.debian.org/security/2006/dsa-1051
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00153.html
http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00154.html
http://www.securityfocus.com/archive/1/archive/1/436296/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/436338/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
HPdes Security Advisory: HPSBTU02118
http://www.securityfocus.com/archive/1/archive/1/434524/100/0/threaded
HPdes Security Advisory: SSRT061145
HPdes Security Advisory: HPSBUX02122
http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded
HPdes Security Advisory: SSRT061158
http://www.mandriva.com/security/advisories?name=MDKSA-2006:075
http://www.mandriva.com/security/advisories?name=MDKSA-2006:076
http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
http://www.redhat.com/support/errata/RHSA-2006-0328.html
http://www.redhat.com/support/errata/RHSA-2006-0329.html
http://www.redhat.com/support/errata/RHSA-2006-0330.html
SCO Security Bulletin: SCOSA-2006.26
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
SGI Security Advisory: 20060404-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-228526-1
SuSE Security Announcement: SUSE-SA:2006:022 (Google Search)
http://www.novell.com/linux/security/advisories/2006_04_25.html
SuSE Security Announcement: SUSE-SA:2006:021 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html
SuSE Security Announcement: SUSE-SA:2006:004 (Google Search)
http://www.ubuntulinux.org/support/documentation/usn/usn-275-1
http://www.ubuntulinux.org/support/documentation/usn/usn-276-1
http://www.ubuntulinux.org/support/documentation/usn/usn-271-1
Cert/CC Advisory: TA06-107A
http://www.us-cert.gov/cas/techalerts/TA06-107A.html
CERT/CC vulnerability note: VU#736934
http://www.kb.cert.org/vuls/id/736934
BugTraq ID: 17516
http://www.securityfocus.com/bid/17516
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11704
http://www.vupen.com/english/advisories/2006/1356
http://www.vupen.com/english/advisories/2006/3391
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1848
http://secunia.com/advisories/19631
http://secunia.com/advisories/19759
http://secunia.com/advisories/19794
http://secunia.com/advisories/19821
http://secunia.com/advisories/19811
http://secunia.com/advisories/19823
http://secunia.com/advisories/19852
http://secunia.com/advisories/19862
http://secunia.com/advisories/19863
http://secunia.com/advisories/19902
http://secunia.com/advisories/19950
http://secunia.com/advisories/19941
http://secunia.com/advisories/19714
http://secunia.com/advisories/19721
http://secunia.com/advisories/19746
http://secunia.com/advisories/21033
http://secunia.com/advisories/21622
http://secunia.com/advisories/19696
http://secunia.com/advisories/19729
http://secunia.com/advisories/19780
http://secunia.com/advisories/20051
http://securityreason.com/securityalert/729
XForce ISS Database: mozilla-nshtmlcontentsink-memory-corruption(25819)
http://xforce.iss.net/xforce/xfdb/25819
Common Vulnerability Exposure (CVE) ID: CVE-2006-1724
https://bugzilla.mozilla.org/show_bug.cgi?id=282105
HPdes Security Advisory: HPSBUX02153
http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded
HPdes Security Advisory: SSRT061181
HPdes Security Advisory: HPSBUX02156
http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
HPdes Security Advisory: SSRT061236
CERT/CC vulnerability note: VU#350262
http://www.kb.cert.org/vuls/id/350262
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10243
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/3749
http://www.vupen.com/english/advisories/2008/0083
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1901
http://securitytracker.com/id?1015919
http://securitytracker.com/id?1015921
http://securitytracker.com/id?1015920
http://secunia.com/advisories/19649
http://secunia.com/advisories/22065
http://secunia.com/advisories/22066
Common Vulnerability Exposure (CVE) ID: CVE-2006-1727
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10364
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1649
http://securitytracker.com/id?1015926
http://securitytracker.com/id?1015927
http://securitytracker.com/id?1015928
http://securitytracker.com/id?1015929
XForce ISS Database: mozilla-printpreview-privilege-escalation(25824)
http://xforce.iss.net/xforce/xfdb/25824
Common Vulnerability Exposure (CVE) ID: CVE-2006-1728
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1
CERT/CC vulnerability note: VU#932734
http://www.kb.cert.org/vuls/id/932734
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10508
http://www.vupen.com/english/advisories/2007/0058
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1698
http://securitytracker.com/id?1015922
http://securitytracker.com/id?1015923
http://securitytracker.com/id?1015924
http://securitytracker.com/id?1015925
XForce ISS Database: mozilla-generatecrmfrequest-code-execution(25812)
http://xforce.iss.net/xforce/xfdb/25812
Common Vulnerability Exposure (CVE) ID: CVE-2006-1729
SuSE Security Announcement: SUSE-SA:2006:035 (Google Search)
http://www.novell.com/linux/security/advisories/2006_35_mozilla.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10922
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1929
XForce ISS Database: mozilla-textbox-file-access(25823)
http://xforce.iss.net/xforce/xfdb/25823
Common Vulnerability Exposure (CVE) ID: CVE-2006-1730
Bugtraq: 20060415 ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/431060/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-06-010.html
CERT/CC vulnerability note: VU#179014
http://www.kb.cert.org/vuls/id/179014
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10055
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1614
http://securitytracker.com/id?1015915
http://securitytracker.com/id?1015916
http://securitytracker.com/id?1015917
http://securitytracker.com/id?1015918
http://securityreason.com/securityalert/720
XForce ISS Database: mozilla-css-letterspacing-overflow(25826)
http://xforce.iss.net/xforce/xfdb/25826
Common Vulnerability Exposure (CVE) ID: CVE-2006-1731
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9604
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1955
XForce ISS Database: mozilla-valueof-xss(25820)
http://xforce.iss.net/xforce/xfdb/25820
Common Vulnerability Exposure (CVE) ID: CVE-2006-1732
https://bugzilla.mozilla.org/show_bug.cgi?id=313373
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10232
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1887
XForce ISS Database: mozilla-windows-controllers-xss(25818)
http://xforce.iss.net/xforce/xfdb/25818
Common Vulnerability Exposure (CVE) ID: CVE-2006-1733
CERT/CC vulnerability note: VU#488774
http://www.kb.cert.org/vuls/id/488774
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10815
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2020
XForce ISS Database: mozilla-valueof-code-execution(25817)
http://xforce.iss.net/xforce/xfdb/25817
Common Vulnerability Exposure (CVE) ID: CVE-2006-1734
CERT/CC vulnerability note: VU#842094
http://www.kb.cert.org/vuls/id/842094
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10755
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1247
XForce ISS Database: mozilla-cloneparent-code-execution(25816)
http://xforce.iss.net/xforce/xfdb/25816
Common Vulnerability Exposure (CVE) ID: CVE-2006-1735
CERT/CC vulnerability note: VU#813230
http://www.kb.cert.org/vuls/id/813230
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10930
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1037
XForce ISS Database: mozilla-xbl-code-execution(25815)
http://xforce.iss.net/xforce/xfdb/25815
Common Vulnerability Exposure (CVE) ID: CVE-2006-1737
CERT/CC vulnerability note: VU#329500
http://www.kb.cert.org/vuls/id/329500
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10817
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1829
XForce ISS Database: mozilla-javascript-regexpr-memory-corruption(25808)
http://xforce.iss.net/xforce/xfdb/25808
Common Vulnerability Exposure (CVE) ID: CVE-2006-1738
CERT/CC vulnerability note: VU#252324
http://www.kb.cert.org/vuls/id/252324
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9405
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1687
XForce ISS Database: mozilla-mozgrid-memory-corruption(25811)
http://xforce.iss.net/xforce/xfdb/25811
Common Vulnerability Exposure (CVE) ID: CVE-2006-1739
https://bugzilla.mozilla.org/show_bug.cgi?id=265736
CERT/CC vulnerability note: VU#935556
http://www.kb.cert.org/vuls/id/935556
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9817
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1667
XForce ISS Database: mozilla-css-memory-corruption(25810)
http://xforce.iss.net/xforce/xfdb/25810
Common Vulnerability Exposure (CVE) ID: CVE-2006-1740
https://bugzilla.mozilla.org/show_bug.cgi?id=271194
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10424
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1811
XForce ISS Database: mozilla-secure-site-spoofing(25813)
http://xforce.iss.net/xforce/xfdb/25813
Common Vulnerability Exposure (CVE) ID: CVE-2006-1741
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9167
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1855
XForce ISS Database: mozilla-eventhandler-xss(25806)
http://xforce.iss.net/xforce/xfdb/25806
Common Vulnerability Exposure (CVE) ID: CVE-2006-1742
CERT/CC vulnerability note: VU#492382
http://www.kb.cert.org/vuls/id/492382
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11808
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1087
XForce ISS Database: mozilla-garbage-memory-corruption(25807)
http://xforce.iss.net/xforce/xfdb/25807
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 52540 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.