Executive Summary
Summary | |
---|---|
Title | firefox security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:336 | First vendor Publication | 2005-03-23 |
Vendor | RedHat | Last vendor Modification | 2005-03-23 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.1 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated firefox packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Mozilla Firefox is an open source Web browser. A buffer overflow bug was found in the way Firefox processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0399 to this issue. A bug was found in the way Firefox processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0401 to this issue. A bug was found in the way Firefox bookmarks content to the sidebar. If a user can be tricked into bookmarking a malicious web page into the sidebar panel, that page could execute arbitrary programs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0402 to this issue. Users of Firefox are advised to upgrade to this updated package which contains Firefox version 1.0.2 and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 150877 - 151153 - 151714 - |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-336.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:100026 | |||
Oval ID: | oval:org.mitre.oval:def:100026 | ||
Title: | Mozilla XUL Drag and Drop Security Bypass Vulnerability | ||
Description: | FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0401 | Version: | 5 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:100027 | |||
Oval ID: | oval:org.mitre.oval:def:100027 | ||
Title: | Firefox Sidebar Panel Code Execution Vulnerability | ||
Description: | Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0402 | Version: | 5 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:100028 | |||
Oval ID: | oval:org.mitre.oval:def:100028 | ||
Title: | Mozilla GIF Heap Overflow | ||
Description: | Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2005-0399 | Version: | 5 |
Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11868 | |||
Oval ID: | oval:org.mitre.oval:def:11868 | ||
Title: | Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors. | ||
Description: | Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-0402 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Mozilla Firefox GIF processing buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2009-05-05 | Name : HP-UX Update for Mozilla remote HPSBUX01133 File : nvt/gb_hp_ux_HPSBUX01133.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-30 (Mozilla) File : nvt/glsa_200503_30.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-31 (Firefox) File : nvt/glsa_200503_31.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-32 (Thunderbird) File : nvt/glsa_200503_32.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox4.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox5.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
15010 | Mozilla Drag and Drop Privileged XUL Loading (firescrolling 2) |
15009 | Mozilla Firefox Sidebar Panel Script Injection Mozilla Firefox contains a flaw that may allow a malicious user to inject script code in the browser environment with the privleges of the locally-logged on user. The issue is triggered when a malicious web site is bookmarked as a sidebar panel. It is possible that the flaw may allow an attacker to run arbitrary code on the victim's machine, resulting in a loss of integrity. |
14937 | Mozilla Multiple Browser GIF Processing Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla GIF multipacket heap overflow - ANIMEXTS1.0 RuleID : 6503 - Revision : 9 - Type : WEB-CLIENT |
2014-01-10 | Mozilla GIF single packet heap overflow - ANIMEXTS1.0 RuleID : 6502 - Revision : 15 - Type : FILE-IMAGE |
2014-01-10 | Mozilla GIF multipacket heap overflow - NETSCAPE2.0 RuleID : 3536 - Revision : 13 - Type : WEB-CLIENT |
2014-01-10 | Mozilla GIF single packet heap overflow - NETSCAPE2.0 RuleID : 3534 - Revision : 26 - Type : FILE-IMAGE |
2014-01-10 | Mozilla Firefox sidebar panel arbitrary code execution attempt RuleID : 17268 - Revision : 12 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-384.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-149-3.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-246.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-249.nasl - Type : ACT_GATHER_INFO |
2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-247.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_741f88419c6b11d99dbe000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7d2aac529c6b11d999a7000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
2005-05-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-248.nasl - Type : ACT_GATHER_INFO |
2005-05-17 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-088.nasl - Type : ACT_GATHER_INFO |
2005-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-384.nasl - Type : ACT_GATHER_INFO |
2005-03-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200503-30.nasl - Type : ACT_GATHER_INFO |
2005-03-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200503-31.nasl - Type : ACT_GATHER_INFO |
2005-03-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200503-32.nasl - Type : ACT_GATHER_INFO |
2005-03-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-323.nasl - Type : ACT_GATHER_INFO |
2005-03-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-335.nasl - Type : ACT_GATHER_INFO |
2005-03-25 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-336.nasl - Type : ACT_GATHER_INFO |
2005-03-25 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-337.nasl - Type : ACT_GATHER_INFO |
2005-03-23 | Name : A web browser installed on the remote host contains multiple vulnerabilities. File : mozilla_176.nasl - Type : ACT_GATHER_INFO |
2005-03-23 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_102.nasl - Type : ACT_GATHER_INFO |
2005-03-23 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_102.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:14 |
|