Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.703201 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 3201-1 (iceweasel - security update) |
Zusammenfassung: | Multiple security issues have been;found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The;Common Vulnerabilities and Exposures project identifies the following problems:;;CVE-2015-0817;ilxu1a reported a flaw in Mozilla's implementation of typed array;bounds checking in JavaScript just-in-time compilation (JIT) and its;management of bounds checking for heap access. This flaw can be;leveraged into the reading and writing of memory allowing for;arbitrary code execution on the local system.;;CVE-2015-0818;Mariusz Mlynski discovered a method to run arbitrary scripts in a;privileged context. This bypassed the same-origin policy protections;by using a flaw in the processing of SVG format content navigation. |
Beschreibung: | Summary: Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0817 ilxu1a reported a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitrary code execution on the local system. CVE-2015-0818 Mariusz Mlynski discovered a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. Affected Software/OS: iceweasel on Debian Linux Solution: For the stable distribution (wheezy), these problems have been fixed in version 31.5.3esr-1~ deb7u1. For the unstable distribution (sid), these problems have been fixed in version 31.5.3esr-1. We recommend that you upgrade your iceweasel packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-0817 BugTraq ID: 73263 http://www.securityfocus.com/bid/73263 Debian Security Information: DSA-3201 (Google Search) http://www.debian.org/security/2015/dsa-3201 https://security.gentoo.org/glsa/201504-01 RedHat Security Advisories: RHSA-2015:0718 http://rhn.redhat.com/errata/RHSA-2015-0718.html http://www.securitytracker.com/id/1031958 SuSE Security Announcement: SUSE-SU-2015:0593 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html SuSE Security Announcement: SUSE-SU-2015:0630 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html SuSE Security Announcement: openSUSE-SU-2015:0567 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html SuSE Security Announcement: openSUSE-SU-2015:0636 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html http://www.ubuntu.com/usn/USN-2538-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-0818 BugTraq ID: 73265 http://www.securityfocus.com/bid/73265 http://www.securitytracker.com/id/1031959 |
Copyright | Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |