24393

24437

GLSA-200703-04

GLSA-200703-08

32108

20070205 Firefox + popup blocker + XMLHttpRequest + srand() = oops

20070205 Re: [Full-disclosure] Firefox + popup blocker + XMLHttpRequest + srand() = oops

22396

Several flaws have been found that could be used to perform Cross-site scripting attacks. A malicious website could exploit these to modify the contents or steal confidential data (such as passwords) from other opened web pages. (CVE-2006-6077, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996)

The SSLv2 protocol support in the NSS library did not sufficiently check the validity of public keys presented with a SSL certificate. A malicious SSL website using SSLv2 could potentially exploit this to execute arbitrary code with the user's privileges. (CVE-2007-0008)

The SSLv2 protocol support in the NSS library did not sufficiently verify the validity of client master keys presented in an SSL client certificate. A remote attacker could exploit this to execute arbitrary code in a server application that uses the NSS library.
(CVE-2007-0009)

Various flaws have been reported that could allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page. (CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-1092)

Two web pages could collide in the disk cache with the result that depending on order loaded the end of the longer document could be appended to the shorter when the shorter one was reloaded from the cache. It is possible a determined hacker could construct a targeted attack to steal some sensitive data from a particular web page. The potential victim would have to be already logged into the targeted service (or be fooled into doing so) and then visit the malicious site. (CVE-2007-0778)

David Eckel reported that browser UI elements--such as the host name and security indicators--could be spoofed by using custom cursor images and a specially crafted style sheet. (CVE-2007-0779).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-200703-08 (SeaMonkey: Multiple vulnerabilities)

    Tom Ferris reported a heap-based buffer overflow involving wide SVG     stroke widths that affects SeaMonkey. Various researchers reported some     errors in the JavaScript engine potentially leading to memory     corruption. SeaMonkey also contains minor vulnerabilities involving     cache collision and unsafe pop-up restrictions, filtering or CSS     rendering under certain conditions. All those vulnerabilities are the     same as in GLSA 200703-04 affecting Mozilla Firefox.
  Impact :

    An attacker could entice a user to view a specially crafted web page or     to read a specially crafted email that will trigger one of the     vulnerabilities, possibly leading to the execution of arbitrary code.
    It is also possible for an attacker to spoof the address bar, steal     information through cache collision, bypass the local file protection     mechanism with pop-ups, or perform cross-site scripting attacks,     leading to the exposure of sensitive information, such as user     credentials.
  Workaround :

    There is no known workaround at this time for all of these issues, but     most of them can be avoided by disabling JavaScript. Note that the     execution of JavaScript is disabled by default in the SeaMonkey email     client, and enabling it is strongly discouraged.

The remote host is affected by the vulnerability described in GLSA-200703-04 (Mozilla Firefox: Multiple vulnerabilities)

    Tom Ferris reported a heap-based buffer overflow involving wide SVG     stroke widths that affects Mozilla Firefox 2 only. Various researchers     reported some errors in the JavaScript engine potentially leading to     memory corruption. Mozilla Firefox also contains minor vulnerabilities     involving cache collision and unsafe pop-up restrictions, filtering or     CSS rendering under certain conditions.
  Impact :

    An attacker could entice a user to view a specially crafted web page     that will trigger one of the vulnerabilities, possibly leading to the     execution of arbitrary code. It is also possible for an attacker to     spoof the address bar, steal information through cache collision,     bypass the local files protection mechanism with pop-ups, or perform     cross-site scripting attacks, leading to the exposure of sensitive     information, like user credentials.
  Workaround :

    There is no known workaround at this time for all of these issues, but     most of them can be avoided by disabling JavaScript.

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.10.

This update provides the latest Firefox to correct these issues.

Update :

A regression was found in the latest Firefox packages provided where changes to library paths caused applications that depended on the NSS libraries (such as Thunderbird and Evolution) to fail to start or fail to load certain SSL-related security components. These new packages correct that problem and we apologize for any inconvenience the previous update may have caused.

The installed version of SeaMonkey contains various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user's privileges.

Versions of Mozilla Firefox 1.5.x prior ot 1.5.0.10, or 2.x prior to 2.0.0.2 are affected by various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user's privileges.

The installed version of Firefox is affected by various security issues, some of which could lead to execution of arbitrary code on the affected host subject to the user's privileges.

The installed version of Firefox is reported to be vulnerable to a number of flaws.  The details of the flaws are not currently known; however, it is alleged that an attacker can bypass security mechanisms in order to obtain local file contents.  In order for this attack to be a success, the attacker would need to be able to convince a user to browsea malicious URI and expect that the user would allow a popup window.

The installed version of Firefox is affected by various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user's privileges.

ID	Name	Product	Family	Severity
28021	Ubuntu 5.10 / 6.06 LTS / 6.10 : firefox vulnerabilities (USN-428-1)	Nessus	Ubuntu Local Security Checks	high
24800	GLSA-200703-08 : SeaMonkey: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
24771	GLSA-200703-04 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
24753	Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2007:050-1)	Nessus	Mandriva Local Security Checks	high
24735	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Nessus	Windows	high
3927	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
3922	Mozilla Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
24701	Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Nessus	Windows	high
3903	Mozilla Firefox <= 1.5.0.9 Cross Zone Security Bypass	Nessus Network Monitor	Web Clients	low
800879	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800773	Firefox <= 1.5.0.9 Cross Zone Security Bypass	Log Correlation Engine	Web Clients	medium
800760	Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high

CVE-2007-0801

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins