Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA1044] DSA-1044-1 mozilla-firefox


Vulnerability Assessment Details

[DSA1044] DSA-1044-1 mozilla-firefox

Vulnerability Assessment Summary
DSA-1044-1 mozilla-firefox

Detailed Explanation for this Vulnerability Assessment

Several security related problems have been discovered in Mozilla
Firefox. The Common Vulnerabilities and Exposures project identifies
the following vulnerabilities:
Web pages with extremely long titles cause subsequent launches of
the browser to appear to "hang" for up to a few minutes, or even
crash if the computer has insufficient memory. [MFSA-2006-03]
The JavaScript interpreter does not properly dereference objects,
which permits remote attackers to cause a denial of service or
execute arbitrary code. [MFSA-2006-01]
The function allocation code permits attackers to cause a denial of
service and possibly execute arbitrary code. [MFSA-2006-01]
XULDocument.persist() did not validate the attribute name,
permiting a possible hacker to inject arbitrary XML and JavaScript code
into localstore.rdf that would be read and acted upon during
startup. [MFSA-2006-05]
An anonymous researcher for TippingPoint and the Zero Day
Initiative reported that an invalid and nonsensical ordering of
table-related tags can be exploited to execute arbitrary code.
[MFSA-2006-27]
A particular sequence of HTML tags can cause memory corruption
that can be exploited to execute arbitrary code. [MFSA-2006-18]
Georgi Guninski reported two variants of using scripts in an XBL
control to gain chrome rights when the page is viewed under
"Print Preview". [MFSA-2006-25]
"shutdown" discovered that the crypto.generateCRMFRequest method
can be used to run arbitrary code with the privilege of the user
running the browser, which could enable a possible hacker to install
malware. [MFSA-2006-24]
Claus Jørgensen reported that a text input box can be pre-filled
with a filename and then turned into a file-upload control,
permiting a malicious website to steal any local file whose name
they can guess. [MFSA-2006-23]
An anonymous researcher for TippingPoint and the Zero Day
Initiative discovered an integer overflow triggered by the CSS
letter-spacing property, which could be exploited to execute
arbitrary code. [MFSA-2006-22]
"moz_bug_r_a4" discovered that some internal functions return
prototypes instead of objects, which permits remote attackers to
conduct cross-site scripting attacks. [MFSA-2006-19]
"shutdown" discovered that it is possible to bypass same-origin
protections, permiting a malicious site to inject script into
content from another site, which could permit the malicious page to
steal information such as cookies or passwords from the other
site, or perform transactions on the user's behalf if the user
were already logged in. [MFSA-2006-17]
"moz_bug_r_a4" discovered that the compilation scope of privileged
built-in XBL bindings is not fully protected from web content and
can still be executed which could be used to execute arbitrary
JavaScript, which could permit a possible hacker to install malware such
as viruses and password sniffers. [MFSA-2006-16]
"shutdown" discovered that it is possible to ac
[...]

Solution : http://www.debian.org/security/2006/dsa-1044
Network Security Threat Level: High

Networks Security ID: 15773, 16476, 17516

Vulnerability Assessment Copyright: This script is (C) 2007 Michel Arboi

Cables, Connectors


Juniper MX104-AC 4 MIC Slot Chassis w/ 2x RE-S-MX104 and 2x PWR-MX104-AC picture

Juniper MX104-AC 4 MIC Slot Chassis w/ 2x RE-S-MX104 and 2x PWR-MX104-AC

$1899.00



*New* MIC-MRATE Juniper 12-Port Multi-Rate MIC module picture

*New* MIC-MRATE Juniper 12-Port Multi-Rate MIC module

$749.00



Juniper 48-Port PoE GbE Network Switch  w/ Dual Power Supplies F B EX4300-48P picture

Juniper 48-Port PoE GbE Network Switch w/ Dual Power Supplies F B EX4300-48P

$178.99



Juniper Networks EX2300-24P 24 Port Gigabit PoE 4 SFP 1/10G Network Switch picture

Juniper Networks EX2300-24P 24 Port Gigabit PoE 4 SFP 1/10G Network Switch

$119.00



Juniper EX4600-40F-AFO 24x SFP+/SFP & 4x QSFP+ Ports Switch 2XPSU TESTED picture

Juniper EX4600-40F-AFO 24x SFP+/SFP & 4x QSFP+ Ports Switch 2XPSU TESTED

$749.95



Juniper EX4300-48T 48 Port 1G 4 QSFP 40G Dual PSU AFO w/ Rails, EX-UM-4X4SFP Mod picture

Juniper EX4300-48T 48 Port 1G 4 QSFP 40G Dual PSU AFO w/ Rails, EX-UM-4X4SFP Mod

$169.00



Juniper EX3300-48P, 48 Port PoE+ Gigabit Network Switch w/ Power cord picture

Juniper EX3300-48P, 48 Port PoE+ Gigabit Network Switch w/ Power cord

$54.99



Juniper EX4600-40F-AFO 24 SFP+/SFP Ports 4 QSFP+ Ports Switch - Dual AC PSU picture

Juniper EX4600-40F-AFO 24 SFP+/SFP Ports 4 QSFP+ Ports Switch - Dual AC PSU

$950.00



Juniper QFX5100-48S 48-Port 10GbE SFP+ 6x40GbE QSFP Network Switch w/Ears Tested picture

Juniper QFX5100-48S 48-Port 10GbE SFP+ 6x40GbE QSFP Network Switch w/Ears Tested

$599.99



Juniper Networks EX4300-48P PoE+ 48-Port 4xSFP 2xPSU With Module Tested Working picture

Juniper Networks EX4300-48P PoE+ 48-Port 4xSFP 2xPSU With Module Tested Working

$249.99



Discussions

No Discussions have been posted on this vulnerability.