|
Family: Ubuntu Local Security Checks --> Category: infos
USN155-1 : mozilla vulnerabilities Vulnerability Scan
Vulnerability Scan Summary mozilla vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libnspr-dev
- libnspr4
- libnss-dev
- libnss3
- mozilla
- mozilla-browser
- mozilla-calendar
- mozilla-chatzilla
- mozilla-dev
- mozilla-dom-inspector
- mozilla-js-debugger
- mozilla-mailnews
- mozilla-psm
Description :
Secunia.com reported that one of the recent security patches in
Firefox reintroduced the frame injection patch that was originally
known as CVE-2004-0718. This allowed a malicious web site to spoof the
contents of other web sites. (CVE-2005-1937)
It was discovered that a malicious website could inject arbitrary
scripts into a target site by loading it into a frame and navigating
back to a previous Javascript URL that contained an eval() call. This
could be used to steal cookies or other confidential data from the
target site. (MFSA 2005-42)
Michael Krax, Georgi Guninski, and L. David Baron found that the
security checks that prevent script injection could be bypassed by
wrapping a javascript: url in another pseudo-protocol like
"view-source:" or "jar:". (CVE-2005-1531)
A variant of the attack described in CVE-2005-1160 (see USN-124-1) was
discovered. Additional checks were added to make sure Javascript eval
and script objects are run with the rights of the context that
created them, not the potentiall
[...]
Solution :
Upgrade to :
- libnspr-dev-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- libnspr4-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- libnss-dev-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- libnss3-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-browser-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-calendar-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-chatzilla-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-dev-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-dom-inspector-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mo
[...]
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|