Home hacking tournaments projects friends Help Search Login Register
May 23, 2013, 08:38:08 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: THC Hack Challenges Released!
 

 
advertisement:

Pages: [1]
« previous next »
  Print  
Author Topic: USN821-1 : firefox-3.0, xulrunner-1.9 vulnerabilities  (Read 79 times)
zomgwtfbbq
Challenge Coder
Administrator
Hero Member
*****

Karma: +31341/-1
Posts: I am a geek!!


thc title: thc elite
thc points: 3315
challenges: (69/83)

View Profile
« on: September 11, 2009, 05:25:25 PM »
 Share on FacebookFacebook Share
Synopsis :

These remote packages are missing security patches :
- abrowser
- abrowser-3.0-branding
- firefox
- firefox-3.0
- firefox-3.0-branding
- firefox-3.0-dev
- firefox-3.0-dom-inspector
- firefox-3.0-gnome-support
- firefox-3.0-venkman
- firefox-dev
- firefox-dom-inspector
- firefox-gnome-support
- firefox-granparadiso
- firefox-granparadiso-dev
- firefox-granparadiso-dom-inspector
- firefox-granparadiso-gnome-support
- firefox-libthai
- firefox-trunk
- firefox-trunk-dev
- firefox-trunk-dom-i
[...]

Description :

Several flaws were discovered in the Firefox browser and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service or possibly execute arbitrary code
with the privileges of the user invoking the program. (CVE-2009-3070,
CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075)

Jesse Ruderman and Dan Kaminsky discovered that Firefox did not adequately
inform users when security modules were added or removed via PKCS11. If
a user visited a malicious website, an attacker could exploit this to
trick the user into installing a malicious PKCS11 module. (CVE-2009-3076)

It was discovered that Firefox did not properly manage memory when using
XUL tree elements. If a user were tricked into viewing a malicious website,
a remote attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2009-3077)

Juan Pablo Lopez Yacubian discovered that Firefox did properly display
certa
[...]

Solution :

Upgrade to :
- abrowser-3.0.14+build2+nobinonly-0ubuntu0.9.04.1 (Ubuntu 9.04)
- abrowser-3.0-branding-3.0.14+build2+nobinonly-0ubuntu0.9.04.1 (Ubuntu 9.04)
- firefox-3.0.14+build2+nobinonly-0ubuntu0.9.04.1 (Ubuntu 9.04)
- firefox-3.0-3.0.14+build2+nobinonly-0ubuntu0.9.04.1 (Ubuntu 9.04)
- firefox-3.0-branding-3.0.14+build2+nobinonly-0ubuntu0.9.04.1 (Ubuntu 9.04)
- firefox-3.0-dev-3.0.14+build2+nobinonly-0ubuntu0.9.04.1 (Ubuntu 9.04)
- firefox-3.0-dom-inspector-3.0.14+build2+nobinonly-0ubuntu0.9.04.1 (Ubun
[...]

Risk factor :

High



only registered users with at least 25 hack challenge points can see links:
  click here in order to visit the hack challenges
More...
Logged

only registered users with at least 25 hack challenge points can see links:
  click here in order to visit the hack challenges


Ook al ben ik een slet toch houdt ik van je..
Pages: [1]
  Print  
« previous next »
 
Jump to:  


Related Topics
Subject Started by Replies Views Last post
RSS: Fedora 18 : firefox-18.0-1.fc18 / xulrunner-18.0-6.fc18 (2013-0578)
Latest Tools and Files 		zomgwtfbbq 0 34 Last post January 14, 2013, 04:44:52 AM
by zomgwtfbbq
RSS: USN-1401-1 : xulrunner-1.9.2 vulnerabilities
Latest Tools and Files 		zomgwtfbbq 0 69 Last post March 20, 2012, 02:31:25 PM
by zomgwtfbbq
RSS: USN-1353-1 : xulrunner-1.9.2 vulnerabilities
Latest Tools and Files 		zomgwtfbbq 0 59 Last post February 09, 2012, 05:41:04 PM
by zomgwtfbbq
RSS: USN-1197-1 : firefox, xulrunner-1.9.2 vulnerability
Latest Tools and Files 		zomgwtfbbq 0 76 Last post September 01, 2011, 03:24:21 PM
by zomgwtfbbq
RSS: USN957-1 : firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities
Latest Tools and Files 		zomgwtfbbq 0 101 Last post July 26, 2010, 07:08:59 PM
by zomgwtfbbq
SMF Board hacked and modded by zomgwtfbekjam aka Rembo from Tools & Design