English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57596
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2006:068 (MozillaFirefox,MozillaThunderbird,seamonkey)
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory SUSE-SA:2006:068.

MozillaFirefox has been updated to the security update release
1.5.0.8, MozillaThunderbird has been updated to 1.5.0.8, and the
Mozilla Seamonkey suite has been updated to 1.0.6 to fix the following
security issues.

Full details of the security problems can be found on:
http://www.mozilla.org/projects/security/known-vulnerabilities.html

MFSA2006-65: This issue is split into 3 sub-entries, for ongoing
stability improvements in the Mozilla browsers:
CVE-2006-5464: Layout engine flaws were fixed.
CVE-2006-5747: A xml.prototype.hasOwnProperty flaw was fixed.
CVE-2006-5748: Fixes were applied to the Javascript engine.

MFSA2006-66/CVE-2006-5462: MFSA 2006-60 reported that RSA digital
signatures with a low exponent (typically 3) could be forged. Firefox
and Thunderbird 1.5.0.7, which incorporated NSS version 3.10.2,
were incompletely patched and remained vulnerable to a variant of
this attack.

MFSA2006-67/CVE-2006-5463: shutdown demonstrated that it was possible
to modify a Script object while it was executing, potentially leading
to the execution of arbitrary JavaScript bytecode.

Note that Mozilla Suite updates for products before SUSE Linux 10.1 / SLES 10
are not available yet due to backporting problems.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2006:068

Risk factor : High

CVSS Score:
7.5

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-5464
BugTraq ID: 20957
http://www.securityfocus.com/bid/20957
Bugtraq: 20061109 rPSA-2006-0206-1 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/451099/100/0/threaded
Cert/CC Advisory: TA06-312A
http://www.us-cert.gov/cas/techalerts/TA06-312A.html
CERT/CC vulnerability note: VU#495288
http://www.kb.cert.org/vuls/id/495288
Debian Security Information: DSA-1224 (Google Search)
http://www.debian.org/security/2006/dsa-1224
Debian Security Information: DSA-1225 (Google Search)
http://www.debian.org/security/2006/dsa-1225
Debian Security Information: DSA-1227 (Google Search)
http://www.debian.org/security/2006/dsa-1227
http://security.gentoo.org/glsa/glsa-200612-06.xml
http://security.gentoo.org/glsa/glsa-200612-07.xml
http://security.gentoo.org/glsa/glsa-200612-08.xml
HPdes Security Advisory: HPSBUX02153
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2006:205
http://www.mandriva.com/security/advisories?name=MDKSA-2006:206
https://bugzilla.mozilla.org/show_bug.cgi?id=307809
https://bugzilla.mozilla.org/show_bug.cgi?id=310267
https://bugzilla.mozilla.org/show_bug.cgi?id=350370
https://bugzilla.mozilla.org/show_bug.cgi?id=351328
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9304
RedHat Security Advisories: RHSA-2006:0733
http://rhn.redhat.com/errata/RHSA-2006-0733.html
RedHat Security Advisories: RHSA-2006:0734
http://rhn.redhat.com/errata/RHSA-2006-0734.html
RedHat Security Advisories: RHSA-2006:0735
http://rhn.redhat.com/errata/RHSA-2006-0735.html
http://securitytracker.com/id?1017177
http://securitytracker.com/id?1017178
http://securitytracker.com/id?1017179
http://secunia.com/advisories/22066
http://secunia.com/advisories/22722
http://secunia.com/advisories/22727
http://secunia.com/advisories/22737
http://secunia.com/advisories/22763
http://secunia.com/advisories/22770
http://secunia.com/advisories/22774
http://secunia.com/advisories/22815
http://secunia.com/advisories/22817
http://secunia.com/advisories/22929
http://secunia.com/advisories/22965
http://secunia.com/advisories/22980
http://secunia.com/advisories/23009
http://secunia.com/advisories/23013
http://secunia.com/advisories/23197
http://secunia.com/advisories/23202
http://secunia.com/advisories/23235
http://secunia.com/advisories/23263
http://secunia.com/advisories/23287
http://secunia.com/advisories/23297
http://secunia.com/advisories/24711
http://secunia.com/advisories/27328
SGI Security Advisory: 20061101-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103121-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200587-1
SuSE Security Announcement: SUSE-SA:2006:068 (Google Search)
http://www.novell.com/linux/security/advisories/2006_68_mozilla.html
http://www.ubuntu.com/usn/usn-381-1
http://www.ubuntu.com/usn/usn-382-1
http://www.vupen.com/english/advisories/2006/3748
http://www.vupen.com/english/advisories/2006/4387
http://www.vupen.com/english/advisories/2007/1198
http://www.vupen.com/english/advisories/2007/3588
http://www.vupen.com/english/advisories/2008/0083
XForce ISS Database: mozilla-layout-dos(30092)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30092
Common Vulnerability Exposure (CVE) ID: CVE-2006-5747
CERT/CC vulnerability note: VU#815432
http://www.kb.cert.org/vuls/id/815432
https://bugzilla.mozilla.org/show_bug.cgi?id=355569
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11496
XForce ISS Database: mozilla-xmlprototypehasownproperty-dos(30093)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30093
Common Vulnerability Exposure (CVE) ID: CVE-2006-5748
CERT/CC vulnerability note: VU#390480
http://www.kb.cert.org/vuls/id/390480
https://bugzilla.mozilla.org/show_bug.cgi?id=349527
https://bugzilla.mozilla.org/show_bug.cgi?id=350238
https://bugzilla.mozilla.org/show_bug.cgi?id=351116
https://bugzilla.mozilla.org/show_bug.cgi?id=351973
https://bugzilla.mozilla.org/show_bug.cgi?id=352271
https://bugzilla.mozilla.org/show_bug.cgi?id=352606
https://bugzilla.mozilla.org/show_bug.cgi?id=353165
https://bugzilla.mozilla.org/show_bug.cgi?id=354145
https://bugzilla.mozilla.org/show_bug.cgi?id=354151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11408
http://secunia.com/advisories/27603
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103139-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201335-1
http://www.vupen.com/english/advisories/2007/3821
XForce ISS Database: mozilla-javascript-engine-code-execution(30096)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30096
Common Vulnerability Exposure (CVE) ID: CVE-2006-5462
CERT/CC vulnerability note: VU#335392
http://www.kb.cert.org/vuls/id/335392
http://www.mozilla.org/security/announce/2006/mfsa2006-60.html
https://bugzilla.mozilla.org/show_bug.cgi?id=356215
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10478
http://securitytracker.com/id?1017180
http://securitytracker.com/id?1017181
http://securitytracker.com/id?1017182
http://secunia.com/advisories/23883
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102781-1
http://www.vupen.com/english/advisories/2007/0293
XForce ISS Database: mozilla-nss-security-bypass(30098)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30098
Common Vulnerability Exposure (CVE) ID: CVE-2006-5463
CERT/CC vulnerability note: VU#714496
http://www.kb.cert.org/vuls/id/714496
https://bugzilla.mozilla.org/show_bug.cgi?id=355655
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10357
http://securitytracker.com/id?1017184
http://securitytracker.com/id?1017185
http://securitytracker.com/id?1017186
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103011-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200185-1
http://www.vupen.com/english/advisories/2007/2663
XForce ISS Database: mozilla-script-code-execution(30116)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30116
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2024 E-Soft Inc. All rights reserved.