ID de Prueba:	1.3.6.1.4.1.25623.1.0.843028
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for firefox USN-3175-1
Resumen:	The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5373, CVE-2017-5374) JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5375) Nicolas Gré goire discovered a use-after-free when manipulating XSL in XSLT documents in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5376) Atte Kettunen discovered a memory corruption issue in Skia in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5377) Jann Horn discovered that an object's address could be discovered through hashed codes of JavaScript objects shared between pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2017-5378) A use-after-free was discovered in Web Animations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5379) A use-after-free was discovered during DOM manipulation of SVG content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5380) Jann Horn discovered that the 'export' function in the Certificate Viewer can force local filesystem navigation when the Common Name contains slashes. If a user were tricked in to exporting a specially crafted certificate, an attacker could potentially exploit this to save content with arbitrary filenames in unsafe locations. (CVE-2017-5381) Jerri Rice discovered that the Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content. An attacker could potentially exploit this to obtain sens ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: firefox on Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5373 BugTraq ID: 95762 http://www.securityfocus.com/bid/95762 Debian Security Information: DSA-3771 (Google Search) https://www.debian.org/security/2017/dsa-3771 Debian Security Information: DSA-3832 (Google Search) https://www.debian.org/security/2017/dsa-3832 https://security.gentoo.org/glsa/201702-13 https://security.gentoo.org/glsa/201702-22 RedHat Security Advisories: RHSA-2017:0190 http://rhn.redhat.com/errata/RHSA-2017-0190.html RedHat Security Advisories: RHSA-2017:0238 http://rhn.redhat.com/errata/RHSA-2017-0238.html http://www.securitytracker.com/id/1037693 Common Vulnerability Exposure (CVE) ID: CVE-2017-5374 BugTraq ID: 95759 http://www.securityfocus.com/bid/95759 Common Vulnerability Exposure (CVE) ID: CVE-2017-5375 BugTraq ID: 95757 http://www.securityfocus.com/bid/95757 https://www.exploit-db.com/exploits/42327/ https://www.exploit-db.com/exploits/44293/ https://www.exploit-db.com/exploits/44294/ Common Vulnerability Exposure (CVE) ID: CVE-2017-5376 BugTraq ID: 95758 http://www.securityfocus.com/bid/95758 Common Vulnerability Exposure (CVE) ID: CVE-2017-5377 BugTraq ID: 95761 http://www.securityfocus.com/bid/95761 Common Vulnerability Exposure (CVE) ID: CVE-2017-5378 BugTraq ID: 95769 http://www.securityfocus.com/bid/95769 Common Vulnerability Exposure (CVE) ID: CVE-2017-5379 BugTraq ID: 95763 http://www.securityfocus.com/bid/95763 Common Vulnerability Exposure (CVE) ID: CVE-2017-5380 Common Vulnerability Exposure (CVE) ID: CVE-2017-5381 Common Vulnerability Exposure (CVE) ID: CVE-2017-5382 Common Vulnerability Exposure (CVE) ID: CVE-2017-5383 Common Vulnerability Exposure (CVE) ID: CVE-2017-5384 https://www.contextis.com//resources/blog/leaking-https-urls-20-year-old-vulnerability/ Common Vulnerability Exposure (CVE) ID: CVE-2017-5385 Common Vulnerability Exposure (CVE) ID: CVE-2017-5386 Common Vulnerability Exposure (CVE) ID: CVE-2017-5387 Common Vulnerability Exposure (CVE) ID: CVE-2017-5388 Common Vulnerability Exposure (CVE) ID: CVE-2017-5389 Common Vulnerability Exposure (CVE) ID: CVE-2017-5390 Common Vulnerability Exposure (CVE) ID: CVE-2017-5391 Common Vulnerability Exposure (CVE) ID: CVE-2017-5393 Common Vulnerability Exposure (CVE) ID: CVE-2017-5396
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.