 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.809806 |
| Categoría: | General |
| Título: | Mozilla Firefox ESR Security Updates (mfsa_2016-89_2016-90)-Windows |
| Resumen: | Mozilla Firefox ESR is prone to multiple vulnerabilities. |
| Descripción: | Summary: Mozilla Firefox ESR is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Heap-buffer-overflow WRITE in rasterize_edges_1. - Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink. - Arbitrary target directory for result files of update process. - Incorrect argument length checking in JavaScript. - Add-ons update must verify IDs match between current and new versions. - Integer overflow leading to a buffer overflow in nsScriptLoadHandler. - Same-origin policy violation using local HTML file and saved shortcut file. - Insufficient timing side-channel resistance in divSpoiler. Vulnerability Impact: Successful exploitation of this vulnerability will allow remote attackers to execute arbitrary code, to delete arbitrary files by leveraging certain local file execution, to obtain sensitive information, and to cause a denial of service. Affected Software/OS: Mozilla Firefox ESR version before 45.5 on Windows. Solution: Upgrade to Mozilla Firefox ESR version 45.5 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
BugTraq ID: 94336 BugTraq ID: 94337 BugTraq ID: 94342 BugTraq ID: 94339 Common Vulnerability Exposure (CVE) ID: CVE-2016-5296 http://www.securityfocus.com/bid/94339 Debian Security Information: DSA-3730 (Google Search) https://www.debian.org/security/2016/dsa-3730 https://security.gentoo.org/glsa/201701-15 RedHat Security Advisories: RHSA-2016:2780 http://rhn.redhat.com/errata/RHSA-2016-2780.html http://www.securitytracker.com/id/1037298 Common Vulnerability Exposure (CVE) ID: CVE-2016-5293 http://www.securityfocus.com/bid/94336 Common Vulnerability Exposure (CVE) ID: CVE-2016-5294 Common Vulnerability Exposure (CVE) ID: CVE-2016-5297 Common Vulnerability Exposure (CVE) ID: CVE-2016-9064 Common Vulnerability Exposure (CVE) ID: CVE-2016-9066 Common Vulnerability Exposure (CVE) ID: CVE-2016-5291 Common Vulnerability Exposure (CVE) ID: CVE-2016-9074 BugTraq ID: 94341 http://www.securityfocus.com/bid/94341 https://security.gentoo.org/glsa/201701-46 Common Vulnerability Exposure (CVE) ID: CVE-2016-5290 BugTraq ID: 94335 http://www.securityfocus.com/bid/94335 RedHat Security Advisories: RHSA-2016:2825 http://rhn.redhat.com/errata/RHSA-2016-2825.html |
| Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
| Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |