Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.71298
Category:FreeBSD Local Security Checks
Title:FreeBSD Ports: firefox
Summary:The remote host is missing an update to the system; as announced in the referenced advisory.
Description:Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

firefox
linux-firefox
linux-seamonkey
linux-thunderbird
seamonkey
thunderbird
libxul

CVE-2012-0451
CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0,
Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0,
Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows
remote web servers to bypass intended Content Security Policy (CSP)
restrictions and possibly conduct cross-site scripting (XSS) attacks
via crafted HTTP headers.
CVE-2012-0455
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x
before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0,
Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not
properly restrict drag-and-drop operations on javascript: URLs, which
allows user-assisted remote attackers to conduct cross-site scripting
(XSS) attacks via a crafted web page, related to a
'DragAndDropJacking' issue.
CVE-2012-0456
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and
4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before
3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and
SeaMonkey before 2.8 might allow remote attackers to obtain sensitive
information from process memory via vectors that trigger an
out-of-bounds read.

Text truncated. Please see the references for more information.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-0451
BugTraq ID: 52463
http://www.securityfocus.com/bid/52463
http://www.mandriva.com/security/advisories?name=MDVSA-2012:032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14909
RedHat Security Advisories: RHSA-2012:0387
http://rhn.redhat.com/errata/RHSA-2012-0387.html
RedHat Security Advisories: RHSA-2012:0388
http://rhn.redhat.com/errata/RHSA-2012-0388.html
http://www.securitytracker.com/id?1026801
http://www.securitytracker.com/id?1026803
http://www.securitytracker.com/id?1026804
http://secunia.com/advisories/48359
http://secunia.com/advisories/48402
http://secunia.com/advisories/48496
http://secunia.com/advisories/48513
http://secunia.com/advisories/48553
http://secunia.com/advisories/48561
http://secunia.com/advisories/48629
http://secunia.com/advisories/49055
SuSE Security Announcement: SUSE-SU-2012:0424 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html
SuSE Security Announcement: openSUSE-SU-2012:0417 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html
http://www.ubuntu.com/usn/USN-1400-1
http://www.ubuntu.com/usn/USN-1400-2
http://www.ubuntu.com/usn/USN-1400-3
http://www.ubuntu.com/usn/USN-1400-4
http://www.ubuntu.com/usn/USN-1400-5
Common Vulnerability Exposure (CVE) ID: CVE-2012-0455
BugTraq ID: 52458
http://www.securityfocus.com/bid/52458
Debian Security Information: DSA-2433 (Google Search)
http://www.debian.org/security/2012/dsa-2433
Debian Security Information: DSA-2458 (Google Search)
http://www.debian.org/security/2012/dsa-2458
http://www.mandriva.com/security/advisories?name=MDVSA-2012:031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14829
http://secunia.com/advisories/48414
http://secunia.com/advisories/48495
http://secunia.com/advisories/48624
http://secunia.com/advisories/48823
http://secunia.com/advisories/48920
SuSE Security Announcement: SUSE-SU-2012:0425 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html
http://www.ubuntu.com/usn/USN-1401-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-0456
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15007
Common Vulnerability Exposure (CVE) ID: CVE-2012-0457
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14775
Common Vulnerability Exposure (CVE) ID: CVE-2012-0458
BugTraq ID: 52460
http://www.securityfocus.com/bid/52460
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122
Common Vulnerability Exposure (CVE) ID: CVE-2012-0459
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15066
Common Vulnerability Exposure (CVE) ID: CVE-2012-0460
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15114
Common Vulnerability Exposure (CVE) ID: CVE-2012-0461
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15009
Common Vulnerability Exposure (CVE) ID: CVE-2012-0462
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15012
Common Vulnerability Exposure (CVE) ID: CVE-2012-0463
BugTraq ID: 52466
http://www.securityfocus.com/bid/52466
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15143
Common Vulnerability Exposure (CVE) ID: CVE-2012-0464
BugTraq ID: 52465
http://www.securityfocus.com/bid/52465
http://pwn2own.zerodayinitiative.com/status.html
http://www.zdnet.com/blog/security/mozilla-knew-of-pwn2own-bug-before-cansecwest/10757
http://www.zdnet.com/blog/security/researchers-hack-into-newest-firefox-with-zero-day-flaw/10663
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14170
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.