oval:org.mitre.oval:def:13605

Definition Id: oval:org.mitre.oval:def:13605

Oval ID:	oval:org.mitre.oval:def:13605
Title:	DSA-1707-1 iceweasel -- several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. CVE-2008-5504 It was discovered that attackers could run arbitrary JavaScript with chrome privileges via vectors related to the feed preview. CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. CVE-2008-5510 Kojima Hajime and Jun Muto discovered that escaped null characters were ignored by the CSS parser and could lead to the bypass of protection mechanisms CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. CVE-2008-5513 moz_bug_r_a4 discovered that the session-restore feature does not properly sanitise input leading to arbitrary injections. This issue could be used to perform an XSS attack or run arbitrary JavaScript with chrome privileges. For the stable distribution these problems have been fixed in version 2.0.0.19-0etch1. For the testing distribution and the unstable distribution these problems have been fixed in version 3.0.5-1. Please note iceweasel in Lenny links dynamically against xulrunner. We recommend that you upgrade your iceweasel package.
Family:	unix	Class:	patch
Reference(s):	DSA-1707-1 CVE-2008-5500 CVE-2008-5503 CVE-2008-5504 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5510 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	iceweasel
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section mozilla-firefox-gnome-support DPKG is earlier than 2.0.0.19-0etch1 AND mozilla-firefox DPKG is earlier than 2.0.0.19-0etch1 AND firefox DPKG is earlier than 2.0.0.19-0etch1 AND firefox-dom-inspector DPKG is earlier than 2.0.0.19-0etch1 AND iceweasel-dom-inspector DPKG is earlier than 2.0.0.19-0etch1 AND mozilla-firefox-dom-inspector DPKG is earlier than 2.0.0.19-0etch1 AND firefox-gnome-support DPKG is earlier than 2.0.0.19-0etch1 AND iceweasel-gnome-support DPKG is earlier than 2.0.0.19-0etch1 AND iceweasel-dbg DPKG is earlier than 2.0.0.19-0etch1 AND iceweasel DPKG is earlier than 2.0.0.19-0etch1

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:13605

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.2378s

Facebook rss twitter linkedin mail