oval:org.mitre.oval:def:13029

Definition Id: oval:org.mitre.oval:def:13029
 
Oval ID: oval:org.mitre.oval:def:13029
Title: USN-821-1 -- firefox-3.0, xulrunner-1.9 vulnerabilities
Description: Several flaws were discovered in the Firefox browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Jesse Ruderman and Dan Kaminsky discovered that Firefox did not adequately inform users when security modules were added or removed via PKCS11. If a user visited a malicious website, an attacker could exploit this to trick the user into installing a malicious PKCS11 module. It was discovered that Firefox did not properly manage memory when using XUL tree elements. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Juan Pablo Lopez Yacubian discovered that Firefox did properly display certain Unicode characters in the location bar and other text fields when using a certain non-Ubuntu font. If a user configured Firefox to use this font, an attacker could exploit this to spoof the location bar, such as in a phishing attack. It was discovered that the BrowserFeedWriter in Firefox could be subverted to run JavaScript code from web content with elevated chrome privileges. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program
Family: unix Class: patch
Reference(s): USN-821-1
CVE-2009-3070
CVE-2009-3071
CVE-2009-3072
CVE-2009-3074
CVE-2009-3075
CVE-2009-3076
CVE-2009-3077
CVE-2009-3078
CVE-2009-3079
 Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
 Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13250
 
Oval ID: oval:org.mitre.oval:def:13250
Title: Ubuntu 8.04 is installed
Description: Ubuntu 8.04 is installed
Family: unix Class: inventory
Reference(s): cpe:/o:ubuntu:ubuntu_linux:8.04
 Version: 3
Platform(s): Ubuntu 8.04
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13029
Definition Id: oval:org.mitre.oval:def:13306
 
Oval ID: oval:org.mitre.oval:def:13306
Title: Ubuntu 8.10 is installed
Description: Ubuntu 8.10 is installed
Family: unix Class: inventory
Reference(s): cpe:/o:ubuntu:ubuntu_linux:8.10
 Version: 3
Platform(s): Ubuntu 8.10
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13029
Definition Id: oval:org.mitre.oval:def:12669
 
Oval ID: oval:org.mitre.oval:def:12669
Title: Ubuntu 9.04 is installed
Description: Ubuntu 9.04 is installed
Family: unix Class: inventory
Reference(s): cpe:/o:canonical:ubuntu_linux:9.04
 Version: 5
Platform(s): Ubuntu 9.04
 Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:13029