English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.809805
Kategorie:General
Titel:Mozilla Firefox Security Updates (mfsa_2016-89_2016-90)-Windows
Zusammenfassung:Mozilla Firefox is prone to multiple vulnerabilities.
Beschreibung:Summary:
Mozilla Firefox is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- Heap-buffer-overflow WRITE in rasterize_edges_1.

- URL parsing causes crash.

- Write to arbitrary file with Mozilla Updater and Maintenance Service using
updater.log hardlink.

- Arbitrary target directory for result files of update process.

- Incorrect argument length checking in JavaScript.

- Add-ons update must verify IDs match between current and new versions.

- Integer overflow leading to a buffer overflow in nsScriptLoadHandler.

- heap-use-after-free in nsINode::ReplaceOrInsertBefore.

- heap-use-after-free in nsRefreshDriver.

- WebExtensions can access the mozAddonManager API and use it to gain elevated
privileges.

- Canvas filters allow feDisplacementMaps to be applied to cross-origin images,
allowing timing attacks on them.

- Same-origin policy violation using local HTML file and saved shortcut file.

- Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM.

- Sidebar bookmark can have reference to chrome window.

- Insufficient timing side-channel resistance in divSpoiler.

- select dropdown menu can be used for URL bar spoofing on e10s.

- Possible integer overflow to fix inside XML_Parse in Expat.

- Probe browser history via HSTS/301 redirect + CSP.

Vulnerability Impact:
Successful exploitation of this
vulnerability will allow remote attackers to execute arbitrary code, to delete
arbitrary files by leveraging certain local file execution, to obtain sensitive
information, and to cause a denial of service.

Affected Software/OS:
Mozilla Firefox version before 50 on Windows.

Solution:
Upgrade to Mozilla Firefox version 50
or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 94336
BugTraq ID: 94337
BugTraq ID: 94342
BugTraq ID: 94339
Common Vulnerability Exposure (CVE) ID: CVE-2016-5296
http://www.securityfocus.com/bid/94339
Debian Security Information: DSA-3730 (Google Search)
https://www.debian.org/security/2016/dsa-3730
https://security.gentoo.org/glsa/201701-15
RedHat Security Advisories: RHSA-2016:2780
http://rhn.redhat.com/errata/RHSA-2016-2780.html
http://www.securitytracker.com/id/1037298
Common Vulnerability Exposure (CVE) ID: CVE-2016-5292
http://www.securityfocus.com/bid/94337
Common Vulnerability Exposure (CVE) ID: CVE-2016-5293
http://www.securityfocus.com/bid/94336
Common Vulnerability Exposure (CVE) ID: CVE-2016-5294
Common Vulnerability Exposure (CVE) ID: CVE-2016-5297
Common Vulnerability Exposure (CVE) ID: CVE-2016-9064
Common Vulnerability Exposure (CVE) ID: CVE-2016-9066
Common Vulnerability Exposure (CVE) ID: CVE-2016-9067
Common Vulnerability Exposure (CVE) ID: CVE-2016-5290
BugTraq ID: 94335
http://www.securityfocus.com/bid/94335
RedHat Security Advisories: RHSA-2016:2825
http://rhn.redhat.com/errata/RHSA-2016-2825.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9068
Common Vulnerability Exposure (CVE) ID: CVE-2016-5289
Common Vulnerability Exposure (CVE) ID: CVE-2016-9075
Common Vulnerability Exposure (CVE) ID: CVE-2016-9077
Common Vulnerability Exposure (CVE) ID: CVE-2016-5291
Common Vulnerability Exposure (CVE) ID: CVE-2016-5295
Common Vulnerability Exposure (CVE) ID: CVE-2016-9070
Common Vulnerability Exposure (CVE) ID: CVE-2016-9073
Common Vulnerability Exposure (CVE) ID: CVE-2016-9074
BugTraq ID: 94341
http://www.securityfocus.com/bid/94341
https://security.gentoo.org/glsa/201701-46
Common Vulnerability Exposure (CVE) ID: CVE-2016-9076
Common Vulnerability Exposure (CVE) ID: CVE-2016-9063
Debian Security Information: DSA-3898 (Google Search)
https://www.debian.org/security/2017/dsa-3898
http://www.securitytracker.com/id/1039427
Common Vulnerability Exposure (CVE) ID: CVE-2016-9071
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.