 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.842224 |
| Kategorie: | Ubuntu Local Security Checks |
| Titel: | Ubuntu Update for firefox USN-2602-1 |
| Zusammenfassung: | The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'firefox' package(s) announced via the referenced advisory. Vulnerability Insight: Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Gary Kwong, Andrew McCreight, Christian Holler, Jon Coppeard, and Milan Sreckovic discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2708, CVE-2015-2709) Atte Kettunen discovered a buffer overflow during the rendering of SVG content with certain CSS properties in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2710) Alex Verstak discovered that meta name='referrer' is ignored in some circumstances. (CVE-2015-2711) Dougall Johnson discovered an out of bounds read and write in asm.js. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2712) Scott Bell discovered a use-afer-free during the processing of text when vertical text is enabled. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2713) Tyson Smith and Jesse Schwartzentruber discovered a use-after-free during shutdown. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2715) Ucha Gobejishvili discovered a buffer overflow when parsing compressed XML content. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-2716) A buffer overflow and out-of-bounds read were discovered when parsing metadata in MP4 files in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the us ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: firefox on Ubuntu 14.10, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-2708 BugTraq ID: 74615 http://www.securityfocus.com/bid/74615 Debian Security Information: DSA-3260 (Google Search) http://www.debian.org/security/2015/dsa-3260 Debian Security Information: DSA-3264 (Google Search) http://www.debian.org/security/2015/dsa-3264 https://security.gentoo.org/glsa/201605-06 RedHat Security Advisories: RHSA-2015:0988 http://rhn.redhat.com/errata/RHSA-2015-0988.html RedHat Security Advisories: RHSA-2015:1012 http://rhn.redhat.com/errata/RHSA-2015-1012.html SuSE Security Announcement: SUSE-SU-2015:0960 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00054.html SuSE Security Announcement: SUSE-SU-2015:0978 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00000.html SuSE Security Announcement: openSUSE-SU-2015:0892 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html SuSE Security Announcement: openSUSE-SU-2015:0934 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.ubuntu.com/usn/USN-2602-1 http://www.ubuntu.com/usn/USN-2603-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2709 Common Vulnerability Exposure (CVE) ID: CVE-2015-2710 BugTraq ID: 74611 http://www.securityfocus.com/bid/74611 Common Vulnerability Exposure (CVE) ID: CVE-2015-2711 Common Vulnerability Exposure (CVE) ID: CVE-2015-2712 Common Vulnerability Exposure (CVE) ID: CVE-2015-2713 Common Vulnerability Exposure (CVE) ID: CVE-2015-2715 Common Vulnerability Exposure (CVE) ID: CVE-2015-2716 Common Vulnerability Exposure (CVE) ID: CVE-2015-2717 Common Vulnerability Exposure (CVE) ID: CVE-2015-2718 |
| Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |