Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.57760
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-398-2 (firefox)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to firefox
announced via advisory USN-398-2.

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

USN-398-1 fixed vulnerabilities in Firefox 2.0. This update provides
the corresponding updates for Firefox 1.5.

Various flaws have been reported that allow an attacker to execute
arbitrary code with user privileges by tricking the user into opening
a malicious web page containing JavaScript or SVG. (CVE-2006-6497,
CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502,
CVE-2006-6504)

Various flaws have been reported that allow an attacker to bypass
Firefox's internal XSS protections by tricking the user into opening a
malicious web page containing JavaScript. (CVE-2006-6503)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
firefox 1.5.dfsg+1.5.0.9-0ubuntu0.5.10
firefox-dev 1.5.dfsg+1.5.0.9-0ubuntu0.5.10

Ubuntu 6.06 LTS:
firefox 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
firefox-dev 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
libnspr-dev 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
libnspr4 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
libnss-dev 1.5.dfsg+1.5.0.9-0ubuntu0.6.06
libnss3 1.5.dfsg+1.5.0.9-0ubuntu0.6.06

After a standard system upgrade you need to restart Firefox to effect
the necessary changes.

https://secure1.securityspace.com/smysecure/catid.html?in=USN-398-2

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-6497
BugTraq ID: 21668
http://www.securityfocus.com/bid/21668
Bugtraq: 20061222 rPSA-2006-0234-1 firefox (Google Search)
http://www.securityfocus.com/archive/1/455145/100/0/threaded
Bugtraq: 20070102 rPSA-2006-0234-2 firefox thunderbird (Google Search)
http://www.securityfocus.com/archive/1/455728/100/200/threaded
Cert/CC Advisory: TA06-354A
http://www.us-cert.gov/cas/techalerts/TA06-354A.html
CERT/CC vulnerability note: VU#427972
http://www.kb.cert.org/vuls/id/427972
CERT/CC vulnerability note: VU#606260
http://www.kb.cert.org/vuls/id/606260
Debian Security Information: DSA-1253 (Google Search)
http://www.debian.org/security/2007/dsa-1253
Debian Security Information: DSA-1258 (Google Search)
http://www.debian.org/security/2007/dsa-1258
Debian Security Information: DSA-1265 (Google Search)
http://www.debian.org/security/2007/dsa-1265
http://fedoranews.org/cms/node/2297
http://fedoranews.org/cms/node/2338
http://security.gentoo.org/glsa/glsa-200701-02.xml
http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml
http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml
HPdes Security Advisory: HPSBUX02153
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
HPdes Security Advisory: SSRT061181
http://www.mandriva.com/security/advisories?name=MDKSA-2007:010
http://www.mandriva.com/security/advisories?name=MDKSA-2007:011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11691
RedHat Security Advisories: RHSA-2006:0758
http://rhn.redhat.com/errata/RHSA-2006-0758.html
RedHat Security Advisories: RHSA-2006:0759
http://rhn.redhat.com/errata/RHSA-2006-0759.html
RedHat Security Advisories: RHSA-2006:0760
http://rhn.redhat.com/errata/RHSA-2006-0760.html
http://securitytracker.com/id?1017398
http://securitytracker.com/id?1017405
http://securitytracker.com/id?1017406
http://secunia.com/advisories/23282
http://secunia.com/advisories/23420
http://secunia.com/advisories/23422
http://secunia.com/advisories/23433
http://secunia.com/advisories/23439
http://secunia.com/advisories/23440
http://secunia.com/advisories/23468
http://secunia.com/advisories/23514
http://secunia.com/advisories/23545
http://secunia.com/advisories/23589
http://secunia.com/advisories/23591
http://secunia.com/advisories/23598
http://secunia.com/advisories/23601
http://secunia.com/advisories/23614
http://secunia.com/advisories/23618
http://secunia.com/advisories/23672
http://secunia.com/advisories/23692
http://secunia.com/advisories/23988
http://secunia.com/advisories/24078
http://secunia.com/advisories/24390
http://secunia.com/advisories/24948
SGI Security Advisory: 20061202-01-P
ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102885-1
SuSE Security Announcement: SUSE-SA:2006:080 (Google Search)
http://www.novell.com/linux/security/advisories/2006_80_mozilla.html
SuSE Security Announcement: SUSE-SA:2007:006 (Google Search)
http://www.novell.com/linux/security/advisories/2007_06_mozilla.html
http://www.ubuntu.com/usn/usn-398-1
http://www.ubuntu.com/usn/usn-398-2
http://www.ubuntu.com/usn/usn-400-1
http://www.vupen.com/english/advisories/2006/5068
http://www.vupen.com/english/advisories/2007/1463
http://www.vupen.com/english/advisories/2008/0083
Common Vulnerability Exposure (CVE) ID: CVE-2006-6498
CERT/CC vulnerability note: VU#447772
http://www.kb.cert.org/vuls/id/447772
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10661
http://secunia.com/advisories/25556
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102955-1
http://www.vupen.com/english/advisories/2007/2106
Common Vulnerability Exposure (CVE) ID: CVE-2006-6499
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102846-1
http://www.vupen.com/english/advisories/2007/1124
Common Vulnerability Exposure (CVE) ID: CVE-2006-6501
CERT/CC vulnerability note: VU#263412
http://www.kb.cert.org/vuls/id/263412
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9746
http://securitytracker.com/id?1017403
http://securitytracker.com/id?1017404
http://securitytracker.com/id?1017407
Common Vulnerability Exposure (CVE) ID: CVE-2006-6502
CERT/CC vulnerability note: VU#428500
http://www.kb.cert.org/vuls/id/428500
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9626
http://securitytracker.com/id?1017411
http://securitytracker.com/id?1017412
http://securitytracker.com/id?1017413
Common Vulnerability Exposure (CVE) ID: CVE-2006-6503
CERT/CC vulnerability note: VU#405092
http://www.kb.cert.org/vuls/id/405092
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10895
http://securitytracker.com/id?1017414
http://securitytracker.com/id?1017415
http://securitytracker.com/id?1017416
Common Vulnerability Exposure (CVE) ID: CVE-2006-6504
Bugtraq: 20061220 ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/454939/100/0/threaded
CERT/CC vulnerability note: VU#928956
http://www.kb.cert.org/vuls/id/928956
http://www.zerodayinitiative.com/advisories/ZDI-06-051.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11077
http://securitytracker.com/id?1017417
http://securitytracker.com/id?1017418
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.