scip AG

NASLDB: Debian DSA-1192-1 : mozilla - several vulnerabilities

General

ID: 22733
Name: Debian DSA-1192-1 : mozilla – several vulnerabilities

Summary: Checks dpkg output for the updated package

Credits: –

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Port: 0
Family: Debian Local Security Checks
Type: Local

Description

Several security related problems have been discovered in Mozilla and
derived products such as Mozilla Thunderbird. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities :

– CVE-2006-2788
Fernando Ribeiro discovered that a vulnerability in the
getRawDER function allows remote attackers to cause a
denial of service (hang) and possibly execute arbitrary
code.

– CVE-2006-4340
Daniel Bleichenbacher recently described an
implementation error in RSA signature verification that
cause the application to incorrectly trust SSL
certificates.

– CVE-2006-4565, CVE-2006-4566
Priit Laes reported that a JavaScript regular expression
can trigger a heap-based buffer overflow which allows
remote attackers to cause a denial of service and
possibly execute arbitrary code.

– CVE-2006-4568
A vulnerability has been discovered that allows remote
attackers to bypass the security model and inject
content into the sub-frame of another site.

– CVE-2006-4570
Georgi Guninski demonstrated that even with JavaScript
disabled in mail (the default) an attacker can still
execute JavaScript when a mail message is viewed,
replied to, or forwarded.

– CVE-2006-4571
Multiple unspecified vulnerabilities in Firefox,
Thunderbird and SeaMonkey allow remote attackers to
cause a denial of service, corrupt memory, and possibly
execute arbitrary code.

Exploiting

Exploit Available: True
Exploitability Ease: Exploits are available

Sources

CVE: CVE-2006-2788
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2006/10/06
Plugin Release: 2006/10/14

Plugin

Version: 1.10
Filename: debian_DSA-1192.nasl
Filesize: 6309 bytes
MD5 Hash: 4e32a61ea9bb8547081e04d396e5c089

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"

Copyright: This script is© 2006-2012 Tenable Network Security, Inc.

Letzte Plugins

• Letzte Plugins
  • USN-1611-1 : thunderbird vulnerabilities
  • USN-1610-1 : linux vulnerability
  • USN-1609-1 : linux-ti-omap4 vulnerability
  • SuSE 10 Security Update : PostgreSQL
  • RHSA-2012-1364: bind97
  • RHSA-2012-1363: bind
  • RHSA-2012-1362: thunderbird
  • RHSA-2012-1361: xulrunner
  • Mandriva Linux Security Advisory : graphicsmagick
  • FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack

• Archiv
• scip VulDB
• Syndication
  • RSS
  • Twitter