Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.809805 |
Kategorie: | General |
Titel: | Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-Windows |
Zusammenfassung: | Mozilla Firefox is prone to multiple vulnerabilities. |
Beschreibung: | Summary: Mozilla Firefox is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - Heap-buffer-overflow WRITE in rasterize_edges_1. - URL parsing causes crash. - Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink. - Arbitrary target directory for result files of update process. - Incorrect argument length checking in JavaScript. - Add-ons update must verify IDs match between current and new versions. - Integer overflow leading to a buffer overflow in nsScriptLoadHandler. - heap-use-after-free in nsINode::ReplaceOrInsertBefore. - heap-use-after-free in nsRefreshDriver. - WebExtensions can access the mozAddonManager API and use it to gain elevated privileges. - Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them. - Same-origin policy violation using local HTML file and saved shortcut file. - Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM. - Sidebar bookmark can have reference to chrome window. - Insufficient timing side-channel resistance in divSpoiler. - select dropdown menu can be used for URL bar spoofing on e10s. - Possible integer overflow to fix inside XML_Parse in Expat. - Probe browser history via HSTS/301 redirect + CSP. Vulnerability Impact: Successful exploitation of this vulnerability will allow remote attackers to execute arbitrary code, to delete arbitrary files by leveraging certain local file execution, to obtain sensitive information, and to cause a denial of service. Affected Software/OS: Mozilla Firefox version before 50 on Windows. Solution: Upgrade to Mozilla Firefox version 50 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Querverweis: |
BugTraq ID: 94336 BugTraq ID: 94337 BugTraq ID: 94342 BugTraq ID: 94339 Common Vulnerability Exposure (CVE) ID: CVE-2016-5296 http://www.securityfocus.com/bid/94339 Debian Security Information: DSA-3730 (Google Search) https://www.debian.org/security/2016/dsa-3730 https://security.gentoo.org/glsa/201701-15 RedHat Security Advisories: RHSA-2016:2780 http://rhn.redhat.com/errata/RHSA-2016-2780.html http://www.securitytracker.com/id/1037298 Common Vulnerability Exposure (CVE) ID: CVE-2016-5292 http://www.securityfocus.com/bid/94337 Common Vulnerability Exposure (CVE) ID: CVE-2016-5293 http://www.securityfocus.com/bid/94336 Common Vulnerability Exposure (CVE) ID: CVE-2016-5294 Common Vulnerability Exposure (CVE) ID: CVE-2016-5297 Common Vulnerability Exposure (CVE) ID: CVE-2016-9064 Common Vulnerability Exposure (CVE) ID: CVE-2016-9066 Common Vulnerability Exposure (CVE) ID: CVE-2016-9067 Common Vulnerability Exposure (CVE) ID: CVE-2016-5290 BugTraq ID: 94335 http://www.securityfocus.com/bid/94335 RedHat Security Advisories: RHSA-2016:2825 http://rhn.redhat.com/errata/RHSA-2016-2825.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9068 Common Vulnerability Exposure (CVE) ID: CVE-2016-5289 Common Vulnerability Exposure (CVE) ID: CVE-2016-9075 Common Vulnerability Exposure (CVE) ID: CVE-2016-9077 Common Vulnerability Exposure (CVE) ID: CVE-2016-5291 Common Vulnerability Exposure (CVE) ID: CVE-2016-5295 Common Vulnerability Exposure (CVE) ID: CVE-2016-9070 Common Vulnerability Exposure (CVE) ID: CVE-2016-9073 Common Vulnerability Exposure (CVE) ID: CVE-2016-9074 BugTraq ID: 94341 http://www.securityfocus.com/bid/94341 https://security.gentoo.org/glsa/201701-46 Common Vulnerability Exposure (CVE) ID: CVE-2016-9076 Common Vulnerability Exposure (CVE) ID: CVE-2016-9063 Debian Security Information: DSA-3898 (Google Search) https://www.debian.org/security/2017/dsa-3898 http://www.securitytracker.com/id/1039427 Common Vulnerability Exposure (CVE) ID: CVE-2016-9071 |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |