Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN155-1 : mozilla vulnerabilities Vulnerability Scan


Vulnerability Scan Summary
mozilla vulnerabilities

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- libnspr-dev
- libnspr4
- libnss-dev
- libnss3
- mozilla
- mozilla-browser
- mozilla-calendar
- mozilla-chatzilla
- mozilla-dev
- mozilla-dom-inspector
- mozilla-js-debugger
- mozilla-mailnews
- mozilla-psm


Description :

Secunia.com reported that one of the recent security patches in
Firefox reintroduced the frame injection patch that was originally
known as CVE-2004-0718. This allowed a malicious web site to spoof the
contents of other web sites. (CVE-2005-1937)

It was discovered that a malicious website could inject arbitrary
scripts into a target site by loading it into a frame and navigating
back to a previous Javascript URL that contained an eval() call. This
could be used to steal cookies or other confidential data from the
target site. (MFSA 2005-42)

Michael Krax, Georgi Guninski, and L. David Baron found that the
security checks that prevent script injection could be bypassed by
wrapping a javascript: url in another pseudo-protocol like
"view-source:" or "jar:". (CVE-2005-1531)

A variant of the attack described in CVE-2005-1160 (see USN-124-1) was
discovered. Additional checks were added to make sure Javascript eval
and script objects are run with the rights of the context that
created them, not the potentiall
[...]

Solution :

Upgrade to :
- libnspr-dev-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- libnspr4-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- libnss-dev-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- libnss3-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-browser-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-calendar-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-chatzilla-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-dev-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mozilla-dom-inspector-1.7.10-0ubuntu05.04 (Ubuntu 5.04)
- mo
[...]


Threat Level: High


Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

 Vulnerability Scanning Solutions, LLC.