7.5 - DSA-1161

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	New Mozilla Firefox packages fix several vulnerabilities

Informations
Name	DSA-1161	First vendor Publication	2006-08-29
Vendor	Debian	Last vendor Modification	2006-09-13
Severity (Vendor)	N/A	Revision	2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The latest security updates of Mozilla Firefox introduced a regression that led to a disfunctional attachment panel which warrants a correction to fix this issue. For reference please find below the original advisory text:

Several security related problems have been discovered in Mozilla and derived products like Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

CVE-2006-3805

The Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]

CVE-2006-3806

Multiple integer overflows in the Javascript engine might allow remote attackers to execute arbitrary code. [MFSA-2006-50]

CVE-2006-3807

Specially crafted Javascript allows remote attackers to execute arbitrary code. [MFSA-2006-51]

CVE-2006-3808

Remote AutoConfig (PAC) servers could execute code with elevated privileges via a specially crafted PAC script. [MFSA-2006-52]

CVE-2006-3809

Scripts with the UniversalBrowserRead privilege could gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data. [MFSA-2006-53]

CVE-2006-3811

Multiple vulnerabilities allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. [MFSA-2006-55]

For the stable distribution (sarge) these problems have been fixed in version 1.0.4-2sarge11.

For the unstable distribution (sid) these problems have been fixed in version 1.5.dfsg+1.5.0.5-1.

We recommend that you upgrade your mozilla-firefox package.

Original Source

Url : http://www.debian.org/security/2006/dsa-1161

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-189	Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10374

Oval ID:	oval:org.mitre.oval:def:10374
Title:	Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.
Description:	Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-3807	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.3-0.el3.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el3.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el3.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:10690

Oval ID:	oval:org.mitre.oval:def:10690
Title:	The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.
Description:	The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-3805	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.3-0.el3.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el3.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el3.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:10845

Oval ID:	oval:org.mitre.oval:def:10845
Title:	Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.
Description:	Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-3808	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.3-0.el3.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el3.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el3.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:11232

Oval ID:	oval:org.mitre.oval:def:11232
Title:	Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."
Description:	Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-3806	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.3-0.el3.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el3.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el3.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:9753

Oval ID:	oval:org.mitre.oval:def:9753
Title:	Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.
Description:	Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-3809	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.3-0.el3.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el3.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el3.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:9934

Oval ID:	oval:org.mitre.oval:def:9934
Title:	Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.
Description:	Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-3811	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.3-0.el3.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el3.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el3.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el3.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el3.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el3.1 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mozilla Firefox cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::* cpe:2.3:a:mozilla:firefox:1.5:-::::::	5
Application	Mozilla Seamonkey cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::* cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.0:::::::* cpe:2.3:a:mozilla:seamonkey:1.0::dev:::::	4
Application	Mozilla Thunderbird cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::* cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::* cpe:2.3:a:mozilla:thunderbird:1.5:-::::::	3

OpenVAS Exploits

Date	Description
2009-05-05	Name : HP-UX Update for Thunderbird HPSBUX02156 File : nvt/gb_hp_ux_HPSBUX02156.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200608-02 (SeaMonkey) File : nvt/glsa_200608_02.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200608-03 (Firefox) File : nvt/glsa_200608_03.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200608-04 (Thunderbird) File : nvt/glsa_200608_04.nasl
2008-09-04	Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox24.nasl
2008-01-17	Name : Debian Security Advisory DSA 1159-1 (mozilla-thunderbird) File : nvt/deb_1159_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1159-2 (mozilla-thunderbird) File : nvt/deb_1159_2.nasl
2008-01-17	Name : Debian Security Advisory DSA 1160-1 (mozilla) File : nvt/deb_1160_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1160-2 (mozilla) File : nvt/deb_1160_2.nasl
2008-01-17	Name : Debian Security Advisory DSA 1161-1 (mozilla-firefox) File : nvt/deb_1161_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1161-2 (mozilla-firefox) File : nvt/deb_1161_2.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
27577	Mozilla Multiple Products Removed Node Reference Unspecified Code Execution
27576	Mozilla Multiple Products crypto.generateCRMFRequest Deleted Context Code Exe...
27575	Mozilla Multiple Products Anonymous Box Selector Unspecified Code Execution
27574	Mozilla Multiple Products Table Row/Column Group Unspecified Code Execution
27573	Mozilla Multiple Products String Class Out-of-memory Code Execution
27572	Mozilla Multiple Products nsListControlFrame::FireMenuItemActiveEvent Arbitra...
27571	Mozilla Multiple Products String Function Objects Unspecified Overflow
27570	Mozilla Multiple Products toSource Method Overflow
27569	Mozilla Multiple Products Garbage Collection Temporary Object Handling Arbitr...
27568	Mozilla Multiple Products Standard Object() Constructor Manipulation Privileg...
27567	Mozilla Multiple Products PAC Script FindProxyForURL Function Privilege Escal...
27566	Mozilla Multiple Products UniversalXPConnect Privilege Escalation

Snort® IPS/IDS

Date	Description
2014-01-10	Mozilla Firefox Javascript engine function arguments memory corruption attempt RuleID : 18262 - Revision : 7 - Type : BROWSER-FIREFOX
2014-01-10	Mozilla Firefox Javascript engine String.toSource memory corruption attempt RuleID : 18261 - Revision : 6 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0735.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0733.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-1960.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-361-1.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-350-1.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-329-1.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-327-1.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-1981.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-1924.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-1952.nasl - Type : ACT_GATHER_INFO
2006-12-16	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-143.nasl - Type : ACT_GATHER_INFO
2006-12-16	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-146.nasl - Type : ACT_GATHER_INFO
2006-12-06	Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris9_x86_120672.nasl - Type : ACT_GATHER_INFO
2006-12-06	Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris8_x86_120672.nasl - Type : ACT_GATHER_INFO
2006-11-06	Name : The remote host is missing Sun Security Patch number 119116-35 File : solaris10_x86_119116.nasl - Type : ACT_GATHER_INFO
2006-11-06	Name : The remote host is missing Sun Security Patch number 119115-36 File : solaris10_119115.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1161.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1160.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1159.nasl - Type : ACT_GATHER_INFO
2006-08-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0594.nasl - Type : ACT_GATHER_INFO
2006-08-07	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0608.nasl - Type : ACT_GATHER_INFO
2006-08-07	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0609.nasl - Type : ACT_GATHER_INFO
2006-08-04	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0609.nasl - Type : ACT_GATHER_INFO
2006-08-04	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200608-04.nasl - Type : ACT_GATHER_INFO
2006-08-04	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200608-03.nasl - Type : ACT_GATHER_INFO
2006-08-04	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200608-02.nasl - Type : ACT_GATHER_INFO
2006-08-04	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0611.nasl - Type : ACT_GATHER_INFO
2006-08-04	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0610.nasl - Type : ACT_GATHER_INFO
2006-07-29	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0610.nasl - Type : ACT_GATHER_INFO
2006-07-29	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0611.nasl - Type : ACT_GATHER_INFO
2006-07-28	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0608.nasl - Type : ACT_GATHER_INFO
2006-07-28	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e2a926641d6011db88cf000c6ec775d9.nasl - Type : ACT_GATHER_INFO
2006-07-27	Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_103.nasl - Type : ACT_GATHER_INFO
2006-07-27	Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_1505.nasl - Type : ACT_GATHER_INFO
2006-07-27	Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1505.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:26:09	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	6
CPE ID(s)	12
osvdb(s)	12
Openvas Exploit(s)	11
Snort® Rule(s)	2
Nessus® Exploit(s)	35

	Related
7.5	CVE-2006-3811
7.5	CVE-2006-3809
7.5	CVE-2006-3808
7.5	CVE-2006-3807
7.5	CVE-2006-3806
7.5	CVE-2006-3805
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 6 more Alert(s)