Test Kennung:	1.3.6.1.4.1.25623.1.0.841513
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu Update for firefox USN-1924-1
Zusammenfassung:	The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the referenced advisory. Vulnerability Insight: Jeff Gilbert, Henrik Skupin, Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga and Jesse Ruderman discovered multiple memory safety issues in Firefox. If the user were tricked in to opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1701, CVE-2013-1702) A use-after-free bug was discovered when the DOM is modified during a SetBody mutation event. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1704) A use-after-free bug was discovered when generating a CRMF request with certain parameters. If the user were tricked in to opening a specially crafted page, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1705) Aki Helin discovered a crash when decoding a WAV file in some circumstances. An attacker could potentially exploit this to cause a denial of service. (CVE-2013-1708) It was discovered that a document's URI could be set to the URI of a different document. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1709) A flaw was discovered when generating a CRMF request in certain circumstances. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2013-1710) Bobby Holley discovered that XBL scopes could be used to circumvent XrayWrappers in certain circumstances. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks or cause undefined behaviour. (CVE-2013-1711) Cody Crews discovered that some Javascript components performed security checks against the wrong URI, potentially bypassing same-origin policy restrictions. An attacker could exploit this to conduct cross-site scripting (XSS) attacks or install addons from a malicious site. (CVE-2013-1713) Federico Lanusse discovered that web workers could bypass cross-origin checks when using XMLHttpRequest. An attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2013-1714) Georgi Guninski and John Schoenick discovered that Java applets could access local files under certain circumstances. An attacker could potentially exploit this to steal confidential data. (CVE-2013-1717) Affected Software/OS: firefox on Ubuntu 13.04, Ubuntu 12.10, Ubuntu 12.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1701 BugTraq ID: 61874 http://www.securityfocus.com/bid/61874 Debian Security Information: DSA-2735 (Google Search) http://www.debian.org/security/2013/dsa-2735 Debian Security Information: DSA-2746 (Google Search) http://www.debian.org/security/2013/dsa-2746 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18514 Common Vulnerability Exposure (CVE) ID: CVE-2013-1702 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18876 Common Vulnerability Exposure (CVE) ID: CVE-2013-1704 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18945 Common Vulnerability Exposure (CVE) ID: CVE-2013-1705 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18935 SuSE Security Announcement: openSUSE-SU-2013:1496 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-09/msg00060.html SuSE Security Announcement: openSUSE-SU-2013:1633 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html Common Vulnerability Exposure (CVE) ID: CVE-2013-1708 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18803 Common Vulnerability Exposure (CVE) ID: CVE-2013-1709 BugTraq ID: 61867 http://www.securityfocus.com/bid/61867 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18531 Common Vulnerability Exposure (CVE) ID: CVE-2013-1710 BugTraq ID: 61900 http://www.securityfocus.com/bid/61900 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18773 Common Vulnerability Exposure (CVE) ID: CVE-2013-1711 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18830 Common Vulnerability Exposure (CVE) ID: CVE-2013-1713 BugTraq ID: 61876 http://www.securityfocus.com/bid/61876 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18884 Common Vulnerability Exposure (CVE) ID: CVE-2013-1714 BugTraq ID: 61882 http://www.securityfocus.com/bid/61882 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18002 Common Vulnerability Exposure (CVE) ID: CVE-2013-1717 BugTraq ID: 61896 http://www.securityfocus.com/bid/61896 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18367
Copyright	Copyright (c) 2013 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.