Executive Summary
Summary | |
---|---|
Title | Firefox and Xulrunner vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-765-1 | First vendor Publication | 2009-04-28 |
Vendor | Ubuntu | Last vendor Modification | 2009-04-28 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: Ubuntu 8.10: Ubuntu 9.04: After a standard system upgrade you need to restart Firefox and any applications that use xulrunner, such as Epiphany, to effect the necessary changes. Details follow: It was discovered that the upstream security fixes in USN-764-1 introduced a regression which could cause the browser to crash. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. |
Original Source
Url : http://www.ubuntu.com/usn/USN-765-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10446 | |||
Oval ID: | oval:org.mitre.oval:def:10446 | ||
Title: | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||
Description: | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1313 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22781 | |||
Oval ID: | oval:org.mitre.oval:def:22781 | ||
Title: | ELSA-2009:0449: firefox security update (Critical) | ||
Description: | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0449-01 CVE-2009-1313 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28736 | |||
Oval ID: | oval:org.mitre.oval:def:28736 | ||
Title: | RHSA-2009:0449 -- firefox security update (Critical) | ||
Description: | Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0449 CESA-2009:0449-CentOS 5 CVE-2009-1313 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0449 centos4 i386 File : nvt/gb_CESA-2009_0449_firefox_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0449 centos5 i386 File : nvt/gb_CESA-2009_0449_firefox_centos5_i386.nasl |
2009-10-11 | Name : SLES11: Security update for Mozilla Firefox File : nvt/sles11_MozillaFirefox2.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:111 (firefox) File : nvt/mdksa_2009_111.nasl |
2009-06-05 | Name : Ubuntu USN-761-2 (php5) File : nvt/ubuntu_761_2.nasl |
2009-06-05 | Name : Ubuntu USN-765-1 (xulrunner-1.9) File : nvt/ubuntu_765_1.nasl |
2009-06-05 | Name : Ubuntu USN-766-1 (acpid) File : nvt/ubuntu_766_1.nasl |
2009-06-05 | Name : Ubuntu USN-767-1 (freetype) File : nvt/ubuntu_767_1.nasl |
2009-05-20 | Name : Mandrake Security Advisory MDVSA-2009:111-1 (firefox) File : nvt/mdksa_2009_111_1.nasl |
2009-05-07 | Name : Mozilla Firefox DoS Vulnerability May-09 (Linux) File : nvt/gb_firefox_dos_vuln_may09_lin.nasl |
2009-05-07 | Name : Mozilla Firefox DoS Vulnerability May-09 (Win) File : nvt/gb_firefox_dos_vuln_may09_win.nasl |
2009-05-05 | Name : RedHat Security Advisory RHSA-2009:0449 File : nvt/RHSA_2009_0449.nasl |
2009-05-05 | Name : Fedora Core 9 FEDORA-2009-4078 (xulrunner) File : nvt/fcore_2009_4078.nasl |
2009-05-05 | Name : Fedora Core 10 FEDORA-2009-4083 (epiphany) File : nvt/fcore_2009_4083.nasl |
2009-05-05 | Name : CentOS Security Advisory CESA-2009:0449 (firefox) File : nvt/ovcesa2009_0449.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-118-01 mozilla-firefox File : nvt/esoft_slk_ssa_2009_118_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54174 | Mozilla Firefox layout/generic/nsTextFrameThebes.cpp nsTextFrame::ClearTextRu... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla Firefox ClearTextRun exploit attempt RuleID : 17719 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox ClearTextRun exploit attempt RuleID : 16284 - Revision : 8 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0449.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0449.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-111.nasl - Type : ACT_GATHER_INFO |
2009-04-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-118-01.nasl - Type : ACT_GATHER_INFO |
2009-04-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-765-1.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-4078.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-4083.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3010.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0449.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:05:54 |
|
2013-05-11 00:56:01 |
|