Eng

Services

Security Assessment

Website Security Audit

Network Penetration Testing

Solutions

DataCenter GreenZone

Web Application Security

Vulnerability Assessment

Intrusion Protection System

News and Events

Search: Advanced search

server monitoring

USN490-1 : Firefox vulnerabilities

Article ID: 28092

Last updated: 27 Jan, 2009

Print

Email to friend

Views: 322

Posted: 22 Jan, 2009
by: Tech Pubs S.

Updated: 27 Jan, 2009
by: Tech Pubs S.

USN490-1 : Firefox vulnerabilities

Ubuntu Security Notice (C) 2007 Canonical, Inc. / NASL script (C) 2007 Tenable Network Security, Inc.


Family	Ubuntu Local Security Checks
Plugin ID	28092
Bugtraq ID
CVE ID	CVE-2007-3089 CVE-2007-3285 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738

Description:
Synopsis : These remote packages are missing security patches : - firefox - firefox-dbg - firefox-dev - firefox-dom-inspector - firefox-gnome-support - firefox-libthai - libnspr-dev - libnspr4 - libnss-dev - libnss3 - mozilla-firefox - mozilla-firefox-dev - mozilla-firefox-dom-inspector - mozilla-firefox-gnome-support Description : Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the users privileges. (CVE-2007-3734, CVE-2007-3735) Flaws were discovered in the JavaScript methods addEventListener and setTimeout which could be used to inject script into another site in violation of the browsers same-origin policy. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. (CVE-2007-3736) Ronen Zilberman and Michal Zalewski discovered timing attacks in the JavaScript engines use of about:blank frames. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. (CVE-2007-3089) A flaw was discovered in the JavaScript event handling code. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the users privileges. (CVE-2007- [...] Solution : Upgrade to : - firefox-2.0.0.5+1-0ubuntu1 (Ubuntu 7.04) - firefox-dbg-2.0.0.5+1-0ubuntu1 (Ubuntu 7.04) - firefox-dev-2.0.0.5+1-0ubuntu1 (Ubuntu 7.04) - firefox-dom-inspector-2.0.0.5+1-0ubuntu1 (Ubuntu 7.04) - firefox-gnome-support-2.0.0.5+1-0ubuntu1 (Ubuntu 7.04) - firefox-libthai-2.0.0.5+1-0ubuntu1 (Ubuntu 7.04) - libnspr-dev-1.firefox2.0.0.5+1-0ubuntu1 (Ubuntu 7.04) - libnspr4-1.firefox2.0.0.5+1-0ubuntu1 (Ubuntu 7.04) - libnss-dev-1.firefox2.0.0.5+1-0ubuntu1 (Ubuntu 7.04) - libnss3-1.firefox2.0.0.5+1-0u [...] Risk factor : High

This article was: Helpful | Not Helpful

Prev		Next
USN546-1 : Firefox vulnerabilities		USN71-1 : postgresql vulnerability

server monitoring