Test Kennung:	1.3.6.1.4.1.25623.1.0.900309
Kategorie:	Web application abuses
Titel:	Mozilla Firefox Multiple Vulnerabilities Feb-09 (Linux)
Zusammenfassung:	The host is installed with Mozilla Firefox browser and is prone to; multiple vulnerabilities.
Beschreibung:	Summary: The host is installed with Mozilla Firefox browser and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to - Cookies marked 'HTTPOnly' are readable by JavaScript through the request calls of XMLHttpRequest methods i.e. XMLHttpRequest.getAllResponseHeaders and XMLHttpRequest.getResponseHeader. - Using local internet shortcut files to access other sites could be bypassed by redirecting to a privileged 'about:' URI e.g. 'about:plugins'. - Chrome XBL methods can be used to execute arbitrary Javascripts within the context of another website through the same origin policy by using 'window.eval' method. - 'components/sessionstore/src/nsSessionStore.js' file does not block the changes of INPUT elements to type='file' during tab restoration. - Error in caching certain HTTP directives which is being ignored by Firefox which can expose sensitive data in any shared network. Vulnerability Impact: Successful exploitation could result in bypassing certain security restrictions, information disclosures, JavaScript code executions which can be executed with the privileges of the signed users. Affected Software/OS: Firefox version 2.x to 3.0.5 on Linux. Solution: Upgrade to Firefox version 3.0.6. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 33598 Common Vulnerability Exposure (CVE) ID: CVE-2009-0352 http://www.securityfocus.com/bid/33598 Debian Security Information: DSA-1830 (Google Search) http://www.debian.org/security/2009/dsa-1830 https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:044 http://www.mandriva.com/security/advisories?name=MDVSA-2009:083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10699 RedHat Security Advisories: RHSA-2009:0256 http://rhn.redhat.com/errata/RHSA-2009-0256.html http://www.redhat.com/support/errata/RHSA-2009-0257.html http://www.redhat.com/support/errata/RHSA-2009-0258.html http://www.securitytracker.com/id?1021663 http://secunia.com/advisories/33799 http://secunia.com/advisories/33802 http://secunia.com/advisories/33808 http://secunia.com/advisories/33809 http://secunia.com/advisories/33816 http://secunia.com/advisories/33831 http://secunia.com/advisories/33841 http://secunia.com/advisories/33846 http://secunia.com/advisories/33869 http://secunia.com/advisories/34324 http://secunia.com/advisories/34387 http://secunia.com/advisories/34417 http://secunia.com/advisories/34462 http://secunia.com/advisories/34464 http://secunia.com/advisories/34527 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952 SuSE Security Announcement: SUSE-SA:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html SuSE Security Announcement: SUSE-SA:2009:023 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://www.ubuntu.com/usn/usn-717-1 https://usn.ubuntu.com/741-1/ http://www.vupen.com/english/advisories/2009/0313 Common Vulnerability Exposure (CVE) ID: CVE-2009-0353 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11193 Common Vulnerability Exposure (CVE) ID: CVE-2009-0354 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9796 http://www.securitytracker.com/id?1021664 Common Vulnerability Exposure (CVE) ID: CVE-2009-0355 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9161 http://www.securitytracker.com/id?1021665 http://www.ubuntu.com/usn/usn-717-2 Common Vulnerability Exposure (CVE) ID: CVE-2009-0356 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9922 http://www.securitytracker.com/id?1021666 Common Vulnerability Exposure (CVE) ID: CVE-2009-0357 http://ha.ckers.org/blog/20070511/bluehat-errata/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9459 http://www.securitytracker.com/id?1021668 Common Vulnerability Exposure (CVE) ID: CVE-2009-0358 http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10610 http://www.securitytracker.com/id?1021667
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.