Test Kennung:	1.3.6.1.4.1.25623.1.0.842152
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu Update for firefox USN-2550-1
Zusammenfassung:	The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the referenced advisory. Vulnerability Insight: Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. (CVE-2015-0801) Bobby Holley discovered that windows created to hold privileged UI content retained access to privileged internal methods if navigated to unprivileged content. An attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. (CVE-2015-0802) Several type confusion issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0803, CVE-2015-0804) Abhishek Arya discovered memory corruption issues during 2D graphics rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0805, CVE-2015-0806) Christoph Kerschbaumer discovered that CORS requests from navigator.sendBeacon() followed 30x redirections after preflight. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2015-0807) Mitchell Harper discovered an issue with memory management of simple-type arrays in WebRTC. An attacker could potentially exploit this to cause undefined behaviour. (CVE-2015-0808) Felix Grö bert discovered an out-of-bounds read in the QCMS colour management library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0811) Armin Razmdjou discovered that lightweight themes could be installed in Firefox without a user approval message, from Mozilla subdomains over HTTP without SSL. A remote attacker could potentially exploit this by conducting a Man-In-The-Middle (MITM) attack to install themes without user approval. (CVE-2015-0812) Aki Helin discovered a use-after-free when playing MP3 audio files using the Fluendo MP3 GStreamer plugin in certain circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: firefox on Ubuntu 14.10, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0801 BugTraq ID: 73455 http://www.securityfocus.com/bid/73455 Debian Security Information: DSA-3211 (Google Search) http://www.debian.org/security/2015/dsa-3211 Debian Security Information: DSA-3212 (Google Search) http://www.debian.org/security/2015/dsa-3212 https://security.gentoo.org/glsa/201512-10 RedHat Security Advisories: RHSA-2015:0766 http://rhn.redhat.com/errata/RHSA-2015-0766.html RedHat Security Advisories: RHSA-2015:0771 http://rhn.redhat.com/errata/RHSA-2015-0771.html http://www.securitytracker.com/id/1031996 http://www.securitytracker.com/id/1032000 SuSE Security Announcement: SUSE-SU-2015:0704 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html SuSE Security Announcement: openSUSE-SU-2015:0677 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html SuSE Security Announcement: openSUSE-SU-2015:0892 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.ubuntu.com/usn/USN-2550-1 http://www.ubuntu.com/usn/USN-2552-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-0802 https://www.exploit-db.com/exploits/37958/ Common Vulnerability Exposure (CVE) ID: CVE-2015-0803 Common Vulnerability Exposure (CVE) ID: CVE-2015-0804 Common Vulnerability Exposure (CVE) ID: CVE-2015-0805 Common Vulnerability Exposure (CVE) ID: CVE-2015-0806 Common Vulnerability Exposure (CVE) ID: CVE-2015-0807 BugTraq ID: 73457 http://www.securityfocus.com/bid/73457 Common Vulnerability Exposure (CVE) ID: CVE-2015-0808 Common Vulnerability Exposure (CVE) ID: CVE-2015-0811 Common Vulnerability Exposure (CVE) ID: CVE-2015-0812 Common Vulnerability Exposure (CVE) ID: CVE-2015-0813 BugTraq ID: 73463 http://www.securityfocus.com/bid/73463 Common Vulnerability Exposure (CVE) ID: CVE-2015-0814 Common Vulnerability Exposure (CVE) ID: CVE-2015-0815 BugTraq ID: 73466 http://www.securityfocus.com/bid/73466 Common Vulnerability Exposure (CVE) ID: CVE-2015-0816 BugTraq ID: 73461 http://www.securityfocus.com/bid/73461
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.