oval:org.mitre.oval:def:27902

Definition Id: oval:org.mitre.oval:def:27902

Oval ID:	oval:org.mitre.oval:def:27902
Title:	DEPRECATED: ELSA-2010-0501 -- firefox security, bug fix, and enhancement update (critical)
Description:	Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. A website that allows arbitrary uploads and relies on the "Content-Disposition: attachment" HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182)
Family:	unix	Class:	patch
Reference(s):	ELSA-2010-0501 CVE-2009-5017 CVE-2010-0182 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1202 CVE-2010-1203 CVE-2008-5913	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	devhelp esc firefox gnome-python2-extras totem xulrunner yelp
Definition Synopsis:
Oracle Linux 5.x Packages match section devhelp is earlier than 0:0.12-21.el5 AND esc is earlier than 0:1.1.0-12.el5 AND firefox is earlier than 0:3.6.4-8.0.1.el5 AND gnome-python2-extras is earlier than 0:2.14.2-7.el5 AND totem is earlier than 0:2.16.7-7.el5 AND xulrunner is earlier than 0:1.9.2.4-9.0.1.el5 AND yelp is earlier than 0:2.16.0-26.el5 AND devhelp-devel is earlier than 0:0.12-21.el5 AND gnome-python2-gtkhtml2 is earlier than 0:2.14.2-7.el5 AND gnome-python2-gtkmozembed is earlier than 0:2.14.2-7.el5 AND gnome-python2-gtkspell is earlier than 0:2.14.2-7.el5 AND gnome-python2-libegg is earlier than 0:2.14.2-7.el5 AND totem-devel is earlier than 0:2.16.7-7.el5 AND totem-mozplugin is earlier than 0:2.16.7-7.el5 AND xulrunner-devel is earlier than 0:1.9.2.4-9.0.1.el5

Definition Id: oval:org.mitre.oval:def:15459

Oval ID:	oval:org.mitre.oval:def:15459
Title:	Oracle Linux 5.x
Description:	The operating system installed on the system is Oracle Linux 5.x
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:oracle:linux:5	Version:	7
Platform(s):	Oracle Linux 5	Product(s):
Definition Synopsis:
the installed operating system is part of the Unix family AND Oracle Linux 5.x is installed
Referenced By:
oval:org.mitre.oval:def:27902

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0273s

Facebook rss twitter linkedin mail