|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA1044] DSA-1044-1 mozilla-firefox Vulnerability Assessment Details
|
[DSA1044] DSA-1044-1 mozilla-firefox |
||
DSA-1044-1 mozilla-firefox Detailed Explanation for this Vulnerability Assessment Several security related problems have been discovered in Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: Web pages with extremely long titles cause subsequent launches of the browser to appear to "hang" for up to a few minutes, or even crash if the computer has insufficient memory. [MFSA-2006-03] The JavaScript interpreter does not properly dereference objects, which permits remote attackers to cause a denial of service or execute arbitrary code. [MFSA-2006-01] The function allocation code permits attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-01] XULDocument.persist() did not validate the attribute name, permiting a possible hacker to inject arbitrary XML and JavaScript code into localstore.rdf that would be read and acted upon during startup. [MFSA-2006-05] An anonymous researcher for TippingPoint and the Zero Day Initiative reported that an invalid and nonsensical ordering of table-related tags can be exploited to execute arbitrary code. [MFSA-2006-27] A particular sequence of HTML tags can cause memory corruption that can be exploited to execute arbitrary code. [MFSA-2006-18] Georgi Guninski reported two variants of using scripts in an XBL control to gain chrome rights when the page is viewed under "Print Preview". [MFSA-2006-25] "shutdown" discovered that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user running the browser, which could enable a possible hacker to install malware. [MFSA-2006-24] Claus Jørgensen reported that a text input box can be pre-filled with a filename and then turned into a file-upload control, permiting a malicious website to steal any local file whose name they can guess. [MFSA-2006-23] An anonymous researcher for TippingPoint and the Zero Day Initiative discovered an integer overflow triggered by the CSS letter-spacing property, which could be exploited to execute arbitrary code. [MFSA-2006-22] "moz_bug_r_a4" discovered that some internal functions return prototypes instead of objects, which permits remote attackers to conduct cross-site scripting attacks. [MFSA-2006-19] "shutdown" discovered that it is possible to bypass same-origin protections, permiting a malicious site to inject script into content from another site, which could permit the malicious page to steal information such as cookies or passwords from the other site, or perform transactions on the user's behalf if the user were already logged in. [MFSA-2006-17] "moz_bug_r_a4" discovered that the compilation scope of privileged built-in XBL bindings is not fully protected from web content and can still be executed which could be used to execute arbitrary JavaScript, which could permit a possible hacker to install malware such as viruses and password sniffers. [MFSA-2006-16] "shutdown" discovered that it is possible to ac [...] Solution : http://www.debian.org/security/2006/dsa-1044 Network Security Threat Level: High Networks Security ID: 15773, 16476, 17516 Vulnerability Assessment Copyright: This script is (C) 2007 Michel Arboi |
||
Cables, Connectors |
Juniper MX104-AC 4 MIC Slot Chassis w/ 2x RE-S-MX104 and 2x PWR-MX104-AC
$1899.00
*New* MIC-MRATE Juniper 12-Port Multi-Rate MIC module
$749.00
Juniper 48-Port PoE GbE Network Switch w/ Dual Power Supplies F B EX4300-48P
$178.99
Juniper Networks EX2300-24P 24 Port Gigabit PoE 4 SFP 1/10G Network Switch
$119.00
Juniper EX4600-40F-AFO 24x SFP+/SFP & 4x QSFP+ Ports Switch 2XPSU TESTED
$749.95
Juniper EX4300-48T 48 Port 1G 4 QSFP 40G Dual PSU AFO w/ Rails, EX-UM-4X4SFP Mod
$169.00
Juniper EX3300-48P, 48 Port PoE+ Gigabit Network Switch w/ Power cord
$54.99
Juniper EX4600-40F-AFO 24 SFP+/SFP Ports 4 QSFP+ Ports Switch - Dual AC PSU
$950.00
Juniper QFX5100-48S 48-Port 10GbE SFP+ 6x40GbE QSFP Network Switch w/Ears Tested
$599.99
Juniper Networks EX4300-48P PoE+ 48-Port 4xSFP 2xPSU With Module Tested Working
$249.99
|
||
No Discussions have been posted on this vulnerability. |