|
|
Vulnerability Assessment & Network Security Forums |
|||||||||
|
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200503-31] Mozilla Firefox: Multiple vulnerabilities Vulnerability Assessment Details
|
[GLSA-200503-31] Mozilla Firefox: Multiple vulnerabilities |
||
|
Mozilla Firefox: Multiple vulnerabilities Detailed Explanation for this Vulnerability Assessment The remote host is affected by the vulnerability described in GLSA-200503-31 (Mozilla Firefox: Multiple vulnerabilities) The following vulnerabilities were found and fixed in Mozilla Firefox: Mark Dowd from ISS X-Force reported an exploitable heap overrun in the GIF processing of obsolete Netscape extension 2 (CVE-2005-0399) Kohei Yoshino discovered that a page bookmarked as a sidebar could bypass rights control (CVE-2005-0402) Michael Krax reported a new way to bypass XUL security restrictions through drag-and-drop of items like scrollbars (CVE-2005-0401) Impact The GIF heap overflow could be triggered by a malicious GIF image that would end up executing arbitrary code with the rights of the user running Firefox By tricking the user into bookmarking a malicious page as a Sidebar, a remote attacker could potentially execute arbitrary code with the rights of the user running the browser By setting up a malicious website and convincing users to obey very specific drag-and-drop instructions, attackers may leverage drag-and-drop features to bypass XUL security restrictions, which could be used as a stepping stone to exploit other vulnerabilities Workaround There is no known workaround at this time. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0399 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0402 http://www.mozilla.org/projects/security/known-vulnerabilities.html Solution: All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.2" All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.0.2" Network Security Threat Level: Medium Networks Security ID: Vulnerability Assessment Copyright: (C) 2005 Michel Arboi |
||
|
Cables, Connectors |
SanDisk 2TB Ultra 3D NAND SSD, Internal Solid State Drive - SDSSDH3-2T00-G26
$149.99
N85XX DELL 3.84TB SAS 12GB/S ENTERPRISE SOLID STATE DRIVE (W/ 14TH GEN CADDY)
$389.95
Western Digital 250GB WD Blue SA510 SATA SSD, Internal M.2 2280 - WDS250G3B0B
$39.99
Western Digital 1TB WD Blue SA510 SATA SSD Internal 2.5”/7mm Cased - WDS100T3B0A
$89.99
Patriot P210 128GB 256GB 512GB 1TB 2TB 2.5" SATA 3 6GB/s Internal SSD PC/MAC Lot
$14.99
Netac 1TB 2TB 512GB Internal SSD 2.5'' SATA III 6Gb/s Solid State Drive lot
$13.99
Micron 2300 256GB M.2 GEN 3x4 PCIe NVMe Solid State Drive 2280 SSD 00C2G4
$14.99
Fanxiang 4TB 2TB 1TB SSD 550MB/s 2.5'' SATA III Internal Solid State Drive lot
$13.99
Lot of 10 Mixed Brand Model 128GB 2.5" SATA SSD Solid State Drives
$69.99
Fanxiang SSD 512GB 1TB 2TB 4TB 2.5'' SSD SATA III Internal Solid State Drive lot
$107.99
|
||
|
No Discussions have been posted on this vulnerability. |