Búsqueda de    
Vulnerabilidad   
    Buscar 172616 Descripciones CVE y
81291 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.870962
Categoría:Red Hat Local Security Checks
Título:RedHat Update for xulrunner RHSA-2013:0614-01
Resumen:The remote host is missing an update for the 'xulrunner'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'xulrunner'
package(s) announced via the referenced advisory.

Vulnerability Insight:
XULRunner provides the XUL Runtime environment for applications using the
Gecko layout engine.

A flaw was found in the way XULRunner handled malformed web content. A web
page containing malicious content could cause an application linked against
XULRunner (such as Mozilla Firefox) to crash or execute arbitrary code with
the privileges of the user running the application. (CVE-2013-0787)

Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges VUPEN Security via the TippingPoint Zero Day
Initiative project as the original reporter.

For technical details regarding this flaw, refer to the Mozilla security
advisories. You can find a link to the Mozilla advisories in the References
section of this erratum.

All XULRunner users should upgrade to these updated packages, which correct
this issue. After installing the update, applications using XULRunner must
be restarted for the changes to take effect.

Affected Software/OS:
xulrunner on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-0787
BugTraq ID: 58391
http://www.securityfocus.com/bid/58391
Debian Security Information: DSA-2699 (Google Search)
http://www.debian.org/security/2013/dsa-2699
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
http://twitter.com/VUPEN/statuses/309505403631325184
http://twitter.com/thezdi/statuses/309484730506698752
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16737
RedHat Security Advisories: RHSA-2013:0614
http://rhn.redhat.com/errata/RHSA-2013-0614.html
RedHat Security Advisories: RHSA-2013:0627
http://rhn.redhat.com/errata/RHSA-2013-0627.html
SuSE Security Announcement: SUSE-SU-2013:0470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00028.html
SuSE Security Announcement: openSUSE-SU-2013:0431 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00010.html
SuSE Security Announcement: openSUSE-SU-2013:0465 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00023.html
SuSE Security Announcement: openSUSE-SU-2013:0467 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00025.html
SuSE Security Announcement: openSUSE-SU-2013:0468 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00026.html
http://www.ubuntu.com/usn/USN-1758-1
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

Esta es sólo una de 81291 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.