ID de Prueba:	1.3.6.1.4.1.25623.1.0.71298
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: firefox
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: firefox linux-firefox linux-seamonkey linux-thunderbird seamonkey thunderbird libxul CVE-2012-0451 CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers. CVE-2012-0455 Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a 'DragAndDropJacking' issue. CVE-2012-0456 The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read. Text truncated. Please see the references for more information. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0451 BugTraq ID: 52463 http://www.securityfocus.com/bid/52463 http://www.mandriva.com/security/advisories?name=MDVSA-2012:032 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14909 RedHat Security Advisories: RHSA-2012:0387 http://rhn.redhat.com/errata/RHSA-2012-0387.html RedHat Security Advisories: RHSA-2012:0388 http://rhn.redhat.com/errata/RHSA-2012-0388.html http://www.securitytracker.com/id?1026801 http://www.securitytracker.com/id?1026803 http://www.securitytracker.com/id?1026804 http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48496 http://secunia.com/advisories/48513 http://secunia.com/advisories/48553 http://secunia.com/advisories/48561 http://secunia.com/advisories/48629 http://secunia.com/advisories/49055 SuSE Security Announcement: SUSE-SU-2012:0424 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html SuSE Security Announcement: openSUSE-SU-2012:0417 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://www.ubuntu.com/usn/USN-1400-1 http://www.ubuntu.com/usn/USN-1400-2 http://www.ubuntu.com/usn/USN-1400-3 http://www.ubuntu.com/usn/USN-1400-4 http://www.ubuntu.com/usn/USN-1400-5 Common Vulnerability Exposure (CVE) ID: CVE-2012-0455 BugTraq ID: 52458 http://www.securityfocus.com/bid/52458 Debian Security Information: DSA-2433 (Google Search) http://www.debian.org/security/2012/dsa-2433 Debian Security Information: DSA-2458 (Google Search) http://www.debian.org/security/2012/dsa-2458 http://www.mandriva.com/security/advisories?name=MDVSA-2012:031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14829 http://secunia.com/advisories/48414 http://secunia.com/advisories/48495 http://secunia.com/advisories/48624 http://secunia.com/advisories/48823 http://secunia.com/advisories/48920 SuSE Security Announcement: SUSE-SU-2012:0425 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html http://www.ubuntu.com/usn/USN-1401-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-0456 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15007 Common Vulnerability Exposure (CVE) ID: CVE-2012-0457 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14775 Common Vulnerability Exposure (CVE) ID: CVE-2012-0458 BugTraq ID: 52460 http://www.securityfocus.com/bid/52460 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122 Common Vulnerability Exposure (CVE) ID: CVE-2012-0459 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15066 Common Vulnerability Exposure (CVE) ID: CVE-2012-0460 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15114 Common Vulnerability Exposure (CVE) ID: CVE-2012-0461 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15009 Common Vulnerability Exposure (CVE) ID: CVE-2012-0462 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15012 Common Vulnerability Exposure (CVE) ID: CVE-2012-0463 BugTraq ID: 52466 http://www.securityfocus.com/bid/52466 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15143 Common Vulnerability Exposure (CVE) ID: CVE-2012-0464 BugTraq ID: 52465 http://www.securityfocus.com/bid/52465 http://pwn2own.zerodayinitiative.com/status.html http://www.zdnet.com/blog/security/mozilla-knew-of-pwn2own-bug-before-cansecwest/10757 http://www.zdnet.com/blog/security/researchers-hack-into-newest-firefox-with-zero-day-flaw/10663 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14170
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.