Executive Summary
Summary | |
---|---|
Title | Firefox regression |
Informations | |||
---|---|---|---|
Name | USN-398-4 | First vendor Publication | 2007-01-27 |
Vendor | Ubuntu | Last vendor Modification | 2007-01-27 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: Ubuntu 6.06 LTS: After a standard system upgrade you need to restart Firefox to effect the necessary changes. Details follow: USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when auto-filling saved-password login forms without a username field, Firefox would crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Various flaws have been reported that allow an attacker to execute Various flaws have been reported that allow an attacker to bypass |
Original Source
Url : http://www.ubuntu.com/usn/USN-398-4 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
33 % | CWE-254 | Security Features |
33 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : Solaris Update for Mozilla 1.7 119115-35 File : nvt/gb_solaris_119115_35.nasl |
2009-10-13 | Name : Solaris Update for Mozilla 1.7_x86 119116-35 File : nvt/gb_solaris_119116_35.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDKSA-2007:010 (mozilla-firefox) File : nvt/gb_mandriva_MDKSA_2007_010.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDKSA-2007:011 (mozilla-thunderbird) File : nvt/gb_mandriva_MDKSA_2007_011.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-398-1 File : nvt/gb_ubuntu_USN_398_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-398-2 File : nvt/gb_ubuntu_USN_398_2.nasl |
2009-03-23 | Name : Ubuntu Update for firefox regression USN-398-4 File : nvt/gb_ubuntu_USN_398_4.nasl |
2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird vulnerabilities USN-400-1 File : nvt/gb_ubuntu_USN_400_1.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2006-004 File : nvt/gb_fedora_2006_004_thunderbird_fc5.nasl |
2009-01-28 | Name : SuSE Update for mozilla SUSE-SA:2007:006 File : nvt/gb_suse_2007_006.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-02 (mozilla-firefox) File : nvt/glsa_200701_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-03 (mozilla-thunderbird) File : nvt/glsa_200701_03.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-04 (seamonkey) File : nvt/glsa_200701_04.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1253-1 (mozilla-firefox) File : nvt/deb_1253_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1258-1 (mozilla-firefox) File : nvt/deb_1258_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1265-1 (mozilla) File : nvt/deb_1265_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
31348 | Mozilla Multiple Products Layout Engine Memory Corruption |
31347 | Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption |
31346 | Mozilla Multiple Products CPU FPP Reduction js_dtoa() Memory Corruption |
31344 | Mozilla Multiple Products JavaScript watch() Function Privilege Escalation |
31343 | Mozilla Multiple Products LiveConnect JS Object Finalization DoS |
31342 | Mozilla Multiple Products img.src javascript: URI XSS |
31341 | Mozilla Multiple Products SVG Processing Remote Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla products frame comment objects manipulation memory corruption attempt RuleID : 18296 - Revision : 5 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla products frame comment objects manipulation memory corruption attempt RuleID : 15999 - Revision : 9 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0760.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0759.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0758.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-2423.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-400-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-398-4.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-398-2.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-398-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-2418.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-2421.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-2432.nasl - Type : ACT_GATHER_INFO |
2007-03-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1265.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris9_120671.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris8_120671.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-010.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-011.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1258.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1253.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-004.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1491.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing one or more security updates. File : fedora_2006-1492.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1499.nasl - Type : ACT_GATHER_INFO |
2007-01-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-04.nasl - Type : ACT_GATHER_INFO |
2007-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-03.nasl - Type : ACT_GATHER_INFO |
2007-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-02.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0758.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0760.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0759.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0760.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0759.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0758.nasl - Type : ACT_GATHER_INFO |
2006-12-20 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_107.nasl - Type : ACT_GATHER_INFO |
2006-12-20 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_1509.nasl - Type : ACT_GATHER_INFO |
2006-12-20 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1509.nasl - Type : ACT_GATHER_INFO |
2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris8_x86_120672.nasl - Type : ACT_GATHER_INFO |
2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris9_x86_120672.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119116-35 File : solaris10_x86_119116.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119115-36 File : solaris10_119115.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:03 |
|