NASLDB: USN-1277-2 : mozvoikko, ubufox update
General
ID: 56945
Name: USN-1277-2 : mozvoikko, ubufox update
Summary: Checks dpkg output for updated package(s)
Credits: –
Classification
Risk: –
CVSS: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Base Vector: –
CVSS Temporal Vector: –
Port: 0
Family: Ubuntu Local Security Checks
Type: Local
Description
USN-1277-1 fixed vulnerabilities in Firefox. This update provides
updated Mozvoikko and ubufox packages for use with Firefox 8.
Original advisory details:
Yosuke Hasegawa discovered that the Mozilla browser engine
mishandled invalid sequences in the Shift-JIS encoding. It may be
possible to trigger this crash without the use of debugging APIs,
which might allow malicious websites to exploit this vulnerability.
An attacker could possibly use this flaw this to steal data or inject
malicious scripts into web content. (CVE-2011-3648)
Marc Schoenefeld discovered that using Firebug to profile a
JavaScript file with many functions would cause Firefox to crash. An
attacker might be able to exploit this without using the debugging
APIs, which could potentially remotely crash the browser, resulting
in a denial of service. (CVE-2011-3650)
Jason Orendorff, Boris Zbarsky, Gregg Tavares, Mats Palmgren,
Christian Holler, Jesse Ruderman, Simona Marcu, Bob Clary, and
William McCloskey discovered multiple memory safety bugs in the
browser engine used in Firefox and other Mozilla-based products. An
attacker might be able to use these flaws to execute arbitrary code
with the privileges of the user invoking Firefox or possibly crash
the browser resulting in a denial of service. (CVE-2011-3651)
It was discovered that Firefox could be caused to crash under
certain conditions, due to an unchecked allocation failure, resulting
in a denial of service. It might also be possible to execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2011-3652)
Aki Helin discovered that Firefox does not properly handle links
from SVG mpath elements to non-SVG elements. An attacker could use
this vulnerability to crash Firefox, resulting in a denial of
service, or possibly execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2011-3654)
It was discovered that an internal privilege check failed to respect
the NoWaiverWrappers introduced with Firefox 4. An attacker could
possibly use this to gain elevated privileges within the browser for
web content. (CVE-2011-3655)
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2011-3648
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2011/11/23
Plugin Release: 2011/11/25
Plugin
Version: 1.3
Filename: ubuntu_USN-1277-2.nasl
Filesize: 4937 bytes
MD5 Hash: 219d9374f78d18992a09e00c370c9502
Identification: Host/local_checks_enabled
Require Keys: Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"
Copyright: –
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack