Test Kennung:	1.3.6.1.4.1.25623.1.0.843404
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu Update for firefox USN-3477-4
Zusammenfassung:	The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'firefox' package(s) announced via the referenced advisory. Vulnerability Insight: USN-3477-1 fixed vulnerabilities in Firefox. The update introduced a crash reporting issue where background tab crash reports were sent to Mozilla without user opt-in. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, bypass same-origin restrictions, bypass CSP protections, bypass mixed content blocking, spoof the addressbar, or execute arbitrary code. (CVE-2017-7826, CVE-2017-7827, CVE-2017-7828, CVE-2017-7830, CVE-2017-7831, CVE-2017-7832, CVE-2017-7833, CVE-2017-7834, CVE-2017-7835, CVE-2017-7837, CVE-2017-7838, CVE-2017-7842) It was discovered that javascript: URLs pasted in to the addressbar would be executed instead of being blocked in some circumstances. If a user were tricked in to copying a specially crafted URL in to the addressbar, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7839) It was discovered that exported bookmarks do not strip script elements from user-supplied tags. If a user were tricked in to adding specially crafted tags to bookmarks, exporting them and then opening the resulting HTML file, an attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2017-7840) Affected Software/OS: firefox on Ubuntu 17.10, Ubuntu 17.04, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7826 BugTraq ID: 101832 http://www.securityfocus.com/bid/101832 Debian Security Information: DSA-4035 (Google Search) https://www.debian.org/security/2017/dsa-4035 Debian Security Information: DSA-4061 (Google Search) https://www.debian.org/security/2017/dsa-4061 Debian Security Information: DSA-4075 (Google Search) https://www.debian.org/security/2017/dsa-4075 https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html RedHat Security Advisories: RHSA-2017:3247 https://access.redhat.com/errata/RHSA-2017:3247 RedHat Security Advisories: RHSA-2017:3372 https://access.redhat.com/errata/RHSA-2017:3372 http://www.securitytracker.com/id/1039803 https://usn.ubuntu.com/3688-1/ Common Vulnerability Exposure (CVE) ID: CVE-2017-7827 Common Vulnerability Exposure (CVE) ID: CVE-2017-7828 Common Vulnerability Exposure (CVE) ID: CVE-2017-7830 Common Vulnerability Exposure (CVE) ID: CVE-2017-7831 Common Vulnerability Exposure (CVE) ID: CVE-2017-7832 Common Vulnerability Exposure (CVE) ID: CVE-2017-7833 Common Vulnerability Exposure (CVE) ID: CVE-2017-7834 Common Vulnerability Exposure (CVE) ID: CVE-2017-7835 Common Vulnerability Exposure (CVE) ID: CVE-2017-7837 Common Vulnerability Exposure (CVE) ID: CVE-2017-7838 Common Vulnerability Exposure (CVE) ID: CVE-2017-7842 Common Vulnerability Exposure (CVE) ID: CVE-2017-7839 Common Vulnerability Exposure (CVE) ID: CVE-2017-7840
Copyright	Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.