| nessus
via4
|
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRAKE_MDKSA-2006-143.NASL | | description | A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program.
Previous updates to Firefox were patch fixes to Firefox 1.0.6 that brought it in sync with 1.0.8 in terms of security fixes. In this update, Mozilla Firefox 1.5.0.6 is being provided which corrects a number of vulnerabilities that were previously unpatched, as well as providing new and enhanced features.
The following CVE names have been corrected with this update:
CVE-2006-2613, CVE-2006-2894, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3677, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3801, CVE-2006-3802, CVE-2006-3805, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812.
Update :
The previous language packages were not correctly tagged for the new Firefox which resulted in many of them not loading properly. These updated language packages correct the problem. | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 23892 | | published | 2006-12-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=23892 | | title | Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2006:143-1) |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS10_119115.NASL | | description | Mozilla 1.7 patch.
Date this patch was last updated by Sun : Sep/13/14
This plugin has been deprecated and either replaced with individual 119115 patch-revision plugins, or deemed non-security related. | | last seen | 2019-02-21 | | modified | 2018-07-30 | | plugin id | 22954 | | published | 2006-11-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=22954 | | title | Solaris 10 (sparc) : 119115-36 (deprecated) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-329-1.NASL | | description | Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812)
A buffer overflow has been discovered in the handling of .vcard files.
By tricking a user into importing a malicious vcard into his contacts, this could be exploited to execute arbitrary code with the user's privileges. (CVE-2006-3084)
The 'enigmail' plugin has been updated to work with the new Thunderbird version.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-01 | | plugin id | 27908 | | published | 2007-11-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27908 | | title | Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-329-1) |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS8_X86_120672.NASL | | description | Mozilla 1.7_x86 for Solaris 8 and 9.
Date this patch was last updated by Sun : Sep/02/08 | | last seen | 2018-09-02 | | modified | 2016-12-09 | | plugin id | 23772 | | published | 2006-12-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=23772 | | title | Solaris 8 (x86) : 120672-08 |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS10_X86_119116.NASL | | description | Mozilla 1.7_x86 patch.
Date this patch was last updated by Sun : Aug/05/09
This plugin has been deprecated and either replaced with individual 119116 patch-revision plugins, or deemed non-security related. | | last seen | 2019-02-21 | | modified | 2018-07-30 | | plugin id | 22987 | | published | 2006-11-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=22987 | | title | Solaris 10 (x86) : 119116-35 (deprecated) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-350-1.NASL | | description | This update upgrades Thunderbird from 1.0.8 to 1.5.0.7. This step was necessary since the 1.0.x series is not supported by upstream any more.
Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-3113, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812, CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4571)
A buffer overflow has been discovered in the handling of .vcard files.
By tricking a user into importing a malicious vcard into his contacts, this could be exploited to execute arbitrary code with the user's privileges. (CVE-2006-3804)
The NSS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge valid signatures without the need of the secret key. (CVE-2006-4340)
Jon Oberheide reported a way how a remote attacker could trick users into downloading arbitrary extensions with circumventing the normal SSL certificate check. The attacker would have to be in a position to spoof the victim's DNS, causing them to connect to sites of the attacker's choosing rather than the sites intended by the victim. If they gained that control and the victim accepted the attacker's cert for the Mozilla update site, then the next update check could be hijacked and redirected to the attacker's site without detection.
(CVE-2006-4567)
Georgi Guninski discovered that even with JavaScript disabled, a malicous email could still execute JavaScript when the message is viewed, replied to, or forwarded by putting the script in a remote XBL file loaded by the message. (CVE-2006-4570)
The 'enigmail' plugin and the translation packages have been updated to work with the new Thunderbird version.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 27930 | | published | 2007-11-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27930 | | title | Ubuntu 5.10 : mozilla-thunderbird vulnerabilities (USN-350-1) |
| NASL family | Solaris Local Security Checks | | NASL id | SOLARIS9_X86_120672.NASL | | description | Mozilla 1.7_x86 for Solaris 8 and 9.
Date this patch was last updated by Sun : Sep/02/08 | | last seen | 2018-09-01 | | modified | 2016-12-09 | | plugin id | 23773 | | published | 2006-12-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=23773 | | title | Solaris 9 (x86) : 120672-08 |
| NASL family | Mandriva Local Security Checks | | NASL id | MANDRAKE_MDKSA-2006-146.NASL | | description | A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program.
Corporate 3 had contained the Mozilla suite however, due to the support cycle for Mozilla, it was felt that upgrading Mozilla to Firefox and Thunderbird would allow for better future support for Corporate 3 users. To that end, the latest Thunderbird is being provided for Corporate 3 users which fix all known vulnerabilities up to version 1.5.0.5, as well as providing new and enhanced features.
Corporate users who were using Mozilla for mail may need to explicitly install the new mozilla-thunderbird packages.
For 2006 users, no explicit installs are necessary.
The following CVE names have been corrected with this update:
CVE-2006-2775, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2783, CVE-2006-2787, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807, CVE-2006-3113, CVE-2006-3802, CVE-2006-3805, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812. | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 23894 | | published | 2006-12-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=23894 | | title | Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2006:146) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-327-1.NASL | | description | Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL. (CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-3812)
cross-site scripting vulnerabilities were found in the XPCNativeWrapper() function and native DOM method handlers. A malicious website could exploit these to modify the contents or steal confidential data (such as passwords) from other opened web pages.
(CVE-2006-3802, CVE-2006-3810)
A bug was found in the script handler for automatic proxy configuration. A malicious proxy could send scripts which could execute arbitrary code with the user's privileges. (CVE-2006-3808)
Please see
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Fi refox
for technical details of these vulnerabilities.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-12-01 | | plugin id | 27905 | | published | 2007-11-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27905 | | title | Ubuntu 6.06 LTS : firefox vulnerabilities (USN-327-1) |
| NASL family | Ubuntu Local Security Checks | | NASL id | UBUNTU_USN-361-1.NASL | | description | Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious URL. (CVE-2006-2788, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3809, CVE-2006-3811, CVE-2006-4565, CVE-2006-4568, CVE-2006-4571)
A bug was found in the script handler for automatic proxy configuration. A malicious proxy could send scripts which could execute arbitrary code with the user's privileges. (CVE-2006-3808)
The NSS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge valid signatures without the need of the secret key. (CVE-2006-4340)
Georgi Guninski discovered that even with JavaScript disabled, a malicous email could still execute JavaScript when the message is viewed, replied to, or forwarded by putting the script in a remote XBL file loaded by the message. (CVE-2006-4570).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-08-06 | | plugin id | 27941 | | published | 2007-11-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=27941 | | title | Ubuntu 5.04 / 5.10 : mozilla vulnerabilities (USN-361-1) |
|
