Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN186-1 : mozilla, mozilla-firefox vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
mozilla, mozilla-firefox vulnerabilities

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- libnspr-dev
- libnspr4
- libnss-dev
- libnss3
- mozilla
- mozilla-browser
- mozilla-calendar
- mozilla-chatzilla
- mozilla-dev
- mozilla-dom-inspector
- mozilla-firefox
- mozilla-firefox-dev
- mozilla-firefox-dom-inspector
- mozilla-firefox-gnome-support
- mozilla-js-debugger
- mozilla-mailnews
- mozilla-psm


Description :

Peter Zelezny discovered that URLs which are passed to Firefox or
Mozilla on the command line are not correctly protected against
interpretation by the shell. If Firefox or Mozilla is configured as
the default handler for URLs (which is the default in Ubuntu), this
could be exploited to execute arbitrary code with user rights by
tricking the user into clicking on a specially crafted URL (for
example, in an email or chat client). (CVE-2005-2968, MFSA-2005-59)

A buffer overflow was discovered in the XBM image handler. By tricking
an user into opening a specially crafted XBM image, a possible hacker could
exploit this to execute arbitrary code with the user's rights.
(MFSA-2005-58)

Mats Palmgren discovered a buffer overflow in the Unicode string
parser. Unicode strings that contained "zero-width non-joiner"
characters caused a browser crash, which could possibly even exploited
to execute arbitrary code with the user's rights.
(MFSA-2005-58)

Georgi Guninski reported an integer overflow in the JavaScr
[...]

Solution :

Upgrade to :
- libnspr-dev-1.7.12-0ubuntu05.04 (Ubuntu 5.04)
- libnspr4-1.7.12-0ubuntu05.04 (Ubuntu 5.04)
- libnss-dev-1.7.12-0ubuntu05.04 (Ubuntu 5.04)
- libnss3-1.7.12-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-1.7.12-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-browser-1.7.12-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-calendar-1.7.12-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-chatzilla-1.7.12-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-dev-1.7.12-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-dom-inspector-1.7.12-0ubuntu05.04 (Ubuntu 5.04)
- mo
[...]


Threat Level: High


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

 Vulnerability Scanning Solutions, LLC.