This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:mozilla:firefox_esr:17.0.9 |
| Detail | |||
|---|---|---|---|
| Vendor | Mozilla | First view | 2012-05-01 |
| Product | Firefox Esr | Last view | 2019-09-27 |
| Version | 17.0.9 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:mozilla:firefox_esr | ||
Activity : Overall
Related : CVE
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 4.6 | 2019-09-27 | CVE-2019-11753 | Local | Low | None Requ... | |
| 9.3 | 2019-09-27 | CVE-2019-11752 | Network | Medium | None Requ... | |
| 6.8 | 2019-09-27 | CVE-2019-11751 | Network | Medium | None Requ... | |
| 4.3 | 2019-09-27 | CVE-2019-11750 | Network | Medium | None Requ... | |
| 4.3 | 2019-09-27 | CVE-2019-11749 | Network | Medium | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 4.3 | 2019-09-27 | CVE-2019-11748 | Network | Medium | None Requ... | |
| 4.3 | 2019-09-27 | CVE-2019-11747 | Network | Medium | None Requ... | |
| 6.8 | 2019-09-27 | CVE-2019-11746 | Network | Medium | None Requ... | |
| 4.3 | 2019-09-27 | CVE-2019-11744 | Network | Medium | None Requ... | |
| 4.3 | 2019-09-27 | CVE-2019-11743 | Network | Medium | None Requ... | |
| 4.3 | 2019-09-27 | CVE-2019-11742 | Network | Medium | None Requ... | |
| 7.5 | 2019-09-27 | CVE-2019-11740 | Network | Low | None Requ... | |
| 6.8 | 2019-09-27 | CVE-2019-11738 | Network | Medium | None Requ... | |
| 4.4 | 2019-09-27 | CVE-2019-11736 | Local | Medium | None Requ... | |
| 7.5 | 2019-09-27 | CVE-2019-11735 | Network | Low | None Requ... | |
| 5 | 2019-09-27 | CVE-2019-11733 | Network | Low | None Requ... | |
| 7.5 | 2019-07-23 | CVE-2019-9820 | Network | Low | None Requ... | |
| 7.5 | 2019-07-23 | CVE-2019-9819 | Network | Low | None Requ... | |
| 5 | 2019-07-23 | CVE-2019-9817 | Network | Low | None Requ... | |
| 4.3 | 2019-07-23 | CVE-2019-9816 | Network | Medium | None Requ... | |
| 6.8 | 2019-07-23 | CVE-2019-9815 | Network | Medium | None Requ... | |
| 5.1 | 2019-07-23 | CVE-2019-9811 | Network | High | None Requ... | |
| 7.5 | 2019-07-23 | CVE-2019-9800 | Network | Low | None Requ... | |
| 4.3 | 2019-07-23 | CVE-2019-11730 | Network | Medium | None Requ... |
CWE : Common Weakness Enumeration
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| % | id | Name |
|---|---|---|
| 24% (60) | CWE-416 | Use After Free |
| 22% (55) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 13% (33) | CWE-20 | Improper Input Validation |
| 7% (18) | CWE-200 | Information Exposure |
| 3% (9) | CWE-787 | Out-of-bounds Write |
| % | id | Name |
|---|---|---|
| 3% (8) | CWE-190 | Integer Overflow or Wraparound |
| 3% (8) | CWE-125 | Out-of-bounds Read |
| 2% (6) | CWE-704 | Incorrect Type Conversion or Cast |
| 2% (5) | CWE-346 | Origin Validation Error |
| 1% (4) | CWE-269 | Improper Privilege Management |
| 1% (4) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 1% (3) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 1% (3) | CWE-264 | Permissions, Privileges, and Access Controls |
| 1% (3) | CWE-254 | Security Features |
| 0% (2) | CWE-362 | Race Condition |
| 0% (2) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 0% (2) | CWE-276 | Incorrect Default Permissions |
| 0% (2) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 0% (1) | CWE-682 | Incorrect Calculation |
| 0% (1) | CWE-665 | Improper Initialization |
| 0% (1) | CWE-610 | Externally Controlled Reference to a Resource in Another Sphere |
| 0% (1) | CWE-522 | Insufficiently Protected Credentials |
| 0% (1) | CWE-426 | Untrusted Search Path |
| 0% (1) | CWE-417 | Channel and Path Errors |
| 0% (1) | CWE-399 | Resource Management Errors |
Oval Markup Language : Definitions
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:18495 | Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler f... |
| oval:org.mitre.oval:def:18694 | The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before... |
| oval:org.mitre.oval:def:21104 | RHSA-2013:1791: nss and nspr security, bug fix, and enhancement update (Impor... |
| oval:org.mitre.oval:def:21069 | DSA-2820-1 nspr - integer overflow |
| oval:org.mitre.oval:def:20606 | RHSA-2013:1829: nss, nspr, and nss-util security update (Important) |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:19958 | USN-2031-1 -- firefox vulnerabilities |
| oval:org.mitre.oval:def:19893 | USN-2032-1 -- thunderbird vulnerabilities |
| oval:org.mitre.oval:def:19778 | Avoid unsigned integer wrapping in PL_ArenaAllocate |
| oval:org.mitre.oval:def:22452 | USN-2087-1 -- nspr vulnerability |
| oval:org.mitre.oval:def:24183 | ELSA-2013:1829: nss, nspr, and nss-util security update (Important) |
| oval:org.mitre.oval:def:23177 | ELSA-2013:1791: nss and nspr security, bug fix, and enhancement update (Impor... |
| oval:org.mitre.oval:def:27325 | DEPRECATED: ELSA-2013-1791 -- nss and nspr security, bug fix, and enhancement... |
| oval:org.mitre.oval:def:27219 | DEPRECATED: ELSA-2013-1829 -- nss, nspr, and nss-util security update (import... |
| oval:org.mitre.oval:def:28459 | RHSA-2014:1924 -- thunderbird security update (Important) |
| oval:org.mitre.oval:def:28442 | DSA-3090-1 -- iceweasel security update |
| oval:org.mitre.oval:def:28351 | USN-2424-1 -- Firefox vulnerabilities |
| oval:org.mitre.oval:def:28336 | USN-2428-1 -- Thunderbird vulnerabilities |
| oval:org.mitre.oval:def:28317 | DSA-3092-1 -- icedove security update |
| oval:org.mitre.oval:def:28254 | ELSA-2014-1924 -- thunderbird security update (important) |
| oval:org.mitre.oval:def:28112 | ELSA-2014-1919 -- firefox security update (critical) |
| oval:org.mitre.oval:def:27983 | RHSA-2014:1919 -- firefox security update (Critical) |
| oval:org.mitre.oval:def:19277 | Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function ... |
| oval:org.mitre.oval:def:19001 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox... |
| oval:org.mitre.oval:def:14964 | The Inter-process Communication (IPC) implementation in Google Chrome before ... |
| oval:org.mitre.oval:def:21167 | RHSA-2013:1476: firefox security update (Critical) |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-05-31 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium13.nasl |
| 2012-05-07 | Name : Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Linux) File : nvt/gb_google_chrome_mult_dos_vuln_may12_lin.nasl |
| 2012-05-07 | Name : Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Mac OS X) File : nvt/gb_google_chrome_mult_dos_vuln_may12_macosx.nasl |
| 2012-05-07 | Name : Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Windows) File : nvt/gb_google_chrome_mult_dos_vuln_may12_win.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-A-0220 | Multiple Vulnerabilities in Mozilla Products Severity : Category I - VMSKEY : V0042380 |
| 2013-A-0203 | Multiple Vulnerabilities in Mozilla Products Severity : Category I - VMSKEY : V0041365 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-10-08 | Mozilla Firefox Custom Elements write-after-free attempt RuleID : 51440 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2019-10-08 | Mozilla Firefox Custom Elements write-after-free attempt RuleID : 51439 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2019-08-13 | Mozilla Firefox RemotePrompt sandbox escape attempt RuleID : 50697 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2019-08-13 | Mozilla Firefox RemotePrompt sandbox escape attempt RuleID : 50696 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2019-07-31 | Mozilla Firefox Array.prototype.pop type confusion attempt RuleID : 50519 - Type : BROWSER-FIREFOX - Revision : 2 |
| Date | Description |
|---|---|
| 2019-07-31 | Mozilla Firefox Array.prototype.pop type confusion attempt RuleID : 50518 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2019-01-17 | Mozilla Firefox method array.prototype.push remote code execution attempt RuleID : 48626 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2019-01-17 | Mozilla Firefox method array.prototype.push remote code execution attempt RuleID : 48625 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2019-01-10 | Mozilla Firefox javascript type confusion code execution attempt RuleID : 48565 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2019-01-10 | Mozilla Firefox javascript type confusion code execution attempt RuleID : 48564 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2018-12-07 | out-of-bounds write attempt with malicious MAR file detected RuleID : 48296 - Type : FILE-OTHER - Revision : 2 |
| 2018-12-07 | out-of-bounds write attempt with malicious MAR file detected RuleID : 48295 - Type : FILE-OTHER - Revision : 2 |
| 2018-11-10 | libvorbis VORBIS audio data out of bounds write attempt RuleID : 48106 - Type : FILE-MULTIMEDIA - Revision : 1 |
| 2018-11-10 | libvorbis VORBIS audio data out of bounds write attempt RuleID : 48105 - Type : FILE-MULTIMEDIA - Revision : 1 |
| 2018-11-08 | Microsoft Edge OP_Memset type confusion attempt RuleID : 48052 - Type : BROWSER-IE - Revision : 4 |
| 2018-11-08 | Microsoft Edge OP_Memset type confusion attempt RuleID : 48051 - Type : BROWSER-IE - Revision : 4 |
| 2018-02-20 | Mozilla Firefox HTTP index format out of bounds read attempt RuleID : 45476 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2017-07-27 | Mozilla Firefox domFuzzLite3 table use after free attempt RuleID : 43347 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2017-07-27 | Mozilla Firefox domFuzzLite3 table use after free attempt RuleID : 43346 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2016-12-02 | Mozilla Firefox ESR NotifyTimeChange use after free attempt RuleID : 40896-community - Type : BROWSER-FIREFOX - Revision : 3 |
| 2017-01-04 | Mozilla Firefox ESR NotifyTimeChange use after free attempt RuleID : 40896 - Type : BROWSER-FIREFOX - Revision : 3 |
| 2016-12-01 | Mozilla Firefox ESR NotifyTimeChange use after free attempt RuleID : 40888-community - Type : BROWSER-FIREFOX - Revision : 3 |
| 2017-01-04 | Mozilla Firefox ESR NotifyTimeChange use after free attempt RuleID : 40888 - Type : BROWSER-FIREFOX - Revision : 3 |
Nessus® Vulnerability Scanner
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 2019-01-03 | Name : The remote Fedora host is missing a security update. File : fedora_2018-def329f680.nasl - Type : ACT_GATHER_INFO |
| 2018-12-28 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1414.nasl - Type : ACT_GATHER_INFO |
| 2018-12-27 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2018-3831.nasl - Type : ACT_GATHER_INFO |
| 2018-12-27 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2018-3833.nasl - Type : ACT_GATHER_INFO |
| 2018-12-18 | Name : A web browser installed on the remote macOS host is affected by multiple vuln... File : macosx_firefox_62_0.nasl - Type : ACT_GATHER_INFO |
| id | Description |
|---|---|
| 2018-12-14 | Name : The remote Debian host is missing a security update. File : debian_DLA-1605.nasl - Type : ACT_GATHER_INFO |
| 2018-12-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4354.nasl - Type : ACT_GATHER_INFO |
| 2018-12-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_d10b49b28d0249e8afde0844626317af.nasl - Type : ACT_GATHER_INFO |
| 2018-12-12 | Name : A web browser installed on the remote macOS host is affected by multiple vuln... File : macosx_firefox_60_4_esr.nasl - Type : ACT_GATHER_INFO |
| 2018-12-12 | Name : A web browser installed on the remote macOS host is affected by multiple vuln... File : macosx_firefox_64_0.nasl - Type : ACT_GATHER_INFO |
| 2018-12-12 | Name : A web browser installed on the remote Windows host is affected by multiple vu... File : mozilla_firefox_60_4_esr.nasl - Type : ACT_GATHER_INFO |
| 2018-12-12 | Name : A web browser installed on the remote Windows host is affected by multiple vu... File : mozilla_firefox_64_0.nasl - Type : ACT_GATHER_INFO |
| 2018-12-11 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1384.nasl - Type : ACT_GATHER_INFO |
| 2018-11-27 | Name : The remote Virtuozzo host is missing a security update. File : Virtuozzo_VZLSA-2017-2831.nasl - Type : ACT_GATHER_INFO |
| 2018-11-27 | Name : The remote Virtuozzo host is missing a security update. File : Virtuozzo_VZLSA-2017-2885.nasl - Type : ACT_GATHER_INFO |
| 2018-11-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201811-13.nasl - Type : ACT_GATHER_INFO |
| 2018-11-21 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2018-3531.nasl - Type : ACT_GATHER_INFO |
| 2018-11-21 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2018-3532.nasl - Type : ACT_GATHER_INFO |
| 2018-11-13 | Name : The remote Debian host is missing a security update. File : debian_DLA-1575.nasl - Type : ACT_GATHER_INFO |
| 2018-11-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-4337.nasl - Type : ACT_GATHER_INFO |
| 2018-11-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2018-3403.nasl - Type : ACT_GATHER_INFO |
| 2018-11-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201811-04.nasl - Type : ACT_GATHER_INFO |
| 2018-11-08 | Name : The remote Debian host is missing a security update. File : debian_DLA-1571.nasl - Type : ACT_GATHER_INFO |
| 2018-11-07 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1367.nasl - Type : ACT_GATHER_INFO |
| 2018-11-06 | Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2018-1359.nasl - Type : ACT_GATHER_INFO |
