Executive Summary
Summary | |
---|---|
Title | New iceweasel packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1396 | First vendor Publication | 2007-10-27 |
Vendor | Debian | Last vendor Modification | 2007-10-27 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1095 Michal Zalewski discovered that the unload event handler had access to the address of the next page to be loaded, which could allow information disclosure or spoofing. CVE-2007-2292 Stefano Di Paola discovered that insufficient validation of user names used in Digest authentication on a web site allows HTTP response splitting attacks. CVE-2007-3511 It was discovered that insecure focus handling of the file upload control can lead to information disclosure. This is a variant of CVE-2006-2894. CVE-2007-5334 Eli Friedman discovered that web pages written in Xul markup can hide the titlebar of windows, which can lead to spoofing attacks. CVE-2007-5337 Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI schemes may lead to information disclosure. This vulnerability is only exploitable if Gnome-VFS support is present on the system. CVE-2007-5338 "moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers could be bypassed, which might allow privilege escalation. CVE-2007-5339 L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay, Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2007-5340 Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. The Mozilla products in the oldstable distribution (sarge) are no longer supported with with security updates. For the stable distribution (etch) these problems have been fixed in version 2.0.0.6+2.0.0.8-0etch1. Builds for arm and sparc will be provided later. For the unstable distribution (sid) these problems have been fixed in version 2.0.0.8-1. We recommend that you upgrade your iceweasel packages. |
Original Source
Url : http://www.debian.org/security/2007/dsa-1396 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-20 | Improper Input Validation |
25 % | CWE-16 | Configuration |
12 % | CWE-264 | Permissions, Privileges, and Access Controls |
12 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10965 | |||
Oval ID: | oval:org.mitre.oval:def:10965 | ||
Title: | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. | ||
Description: | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5338 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11443 | |||
Oval ID: | oval:org.mitre.oval:def:11443 | ||
Title: | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | ||
Description: | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5337 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11665 | |||
Oval ID: | oval:org.mitre.oval:def:11665 | ||
Title: | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. | ||
Description: | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1095 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17494 | |||
Oval ID: | oval:org.mitre.oval:def:17494 | ||
Title: | USN-536-1 -- mozilla-thunderbird, thunderbird vulnerabilities | ||
Description: | Various flaws were discovered in the layout and JavaScript engines. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-536-1 CVE-2007-5339 CVE-2007-5340 CVE-2006-2894 CVE-2007-3511 CVE-2007-1095 CVE-2007-2292 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | mozilla-thunderbird thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17867 | |||
Oval ID: | oval:org.mitre.oval:def:17867 | ||
Title: | DSA-1391-1 icedove - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1391-1 CVE-2007-3734 CVE-2007-3735 CVE-2007-3844 CVE-2007-3845 CVE-2007-5339 CVE-2007-5340 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | icedove |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18602 | |||
Oval ID: | oval:org.mitre.oval:def:18602 | ||
Title: | DSA-1401-1 iceape - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1401-1 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 CVE-2006-2894 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18655 | |||
Oval ID: | oval:org.mitre.oval:def:18655 | ||
Title: | DSA-1574-1 icedove - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1574-1 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2007-3738 CVE-2007-5338 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | icedove |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18729 | |||
Oval ID: | oval:org.mitre.oval:def:18729 | ||
Title: | DSA-1534-1 iceape | ||
Description: | Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1534-1 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18755 | |||
Oval ID: | oval:org.mitre.oval:def:18755 | ||
Title: | DSA-1532-1 xulrunner | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1532-1 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19745 | |||
Oval ID: | oval:org.mitre.oval:def:19745 | ||
Title: | DSA-1392-1 xulrunner - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1392-1 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 CVE-2006-2894 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19906 | |||
Oval ID: | oval:org.mitre.oval:def:19906 | ||
Title: | DSA-1534-2 iceape - regression | ||
Description: | Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1534-2 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20297 | |||
Oval ID: | oval:org.mitre.oval:def:20297 | ||
Title: | DSA-1535-1 iceweasel | ||
Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1535-1 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20376 | |||
Oval ID: | oval:org.mitre.oval:def:20376 | ||
Title: | DSA-1396-1 iceweasel | ||
Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1396-1 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 CVE-2006-2894 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21818 | |||
Oval ID: | oval:org.mitre.oval:def:21818 | ||
Title: | ELSA-2007:0979: firefox security update (Critical) | ||
Description: | Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0979-02 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 | Version: | 41 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22422 | |||
Oval ID: | oval:org.mitre.oval:def:22422 | ||
Title: | ELSA-2007:0981: thunderbird security update (Moderate) | ||
Description: | Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0981-02 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 | Version: | 41 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7395 | |||
Oval ID: | oval:org.mitre.oval:def:7395 | ||
Title: | DSA-1535 iceweasel -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. moz_bug_r_a4 discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. moz_bug_r_a4 discovered that insecure handling of event handlers could lead to cross-site scripting. Boris Zbarsky, Johnny Stenback and moz_bug_r_a4 discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code. Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. georgi, tgirmann and Igor Bukanov discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks. Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin. Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks. The Mozilla products from the old stable distribution (sarge) are no longer supported. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1535 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7869 | |||
Oval ID: | oval:org.mitre.oval:def:7869 | ||
Title: | DSA-1534 iceape -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems: Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. moz_bug_r_a4 discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. moz_bug_r_a4 discovered that insecure handling of event handlers could lead to cross-site scripting. Boris Zbarsky, Johnny Stenback and moz_bug_r_a4 discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code. Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. Georgi, Tgirmann and Igor Bukanov discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks. Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin. Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks. The Mozilla products from the old stable distribution (sarge) are no longer supported. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1534 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceape |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7955 | |||
Oval ID: | oval:org.mitre.oval:def:7955 | ||
Title: | DSA-1532 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. moz_bug_r_a4 discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. moz_bug_r_a4 discovered that insecure handling of event handlers could lead to cross-site scripting. Boris Zbarsky, Johnny Stenback and moz_bug_r_a4 discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code. Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. georgi, tgirmann and Igor Bukanov discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks. Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin. Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks. The Mozilla products from the old stable distribution (sarge) are no longer supported. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1532 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9763 | |||
Oval ID: | oval:org.mitre.oval:def:9763 | ||
Title: | The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field. | ||
Description: | The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3511 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5018527.nasl |
2009-05-05 | Name : HP-UX Update for Thunderbird HPSBUX02156 File : nvt/gb_hp_ux_HPSBUX02156.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2007:047 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2007_047.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDKSA-2007:202 (mozilla-firefox) File : nvt/gb_mandriva_MDKSA_2007_202.nasl |
2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-536-1 File : nvt/gb_ubuntu_USN_536_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-535-1 File : nvt/gb_ubuntu_USN_535_1.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-2664 File : nvt/gb_fedora_2007_2664_firefox_fc7.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-3431 File : nvt/gb_fedora_2007_3431_thunderbird_fc7.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-3414 File : nvt/gb_fedora_2007_3414_thunderbird_fc8.nasl |
2009-02-27 | Name : Fedora Update for seamonkey FEDORA-2007-2795 File : nvt/gb_fedora_2007_2795_seamonkey_fc8.nasl |
2009-02-27 | Name : Fedora Update for seamonkey FEDORA-2007-2601 File : nvt/gb_fedora_2007_2601_seamonkey_fc7.nasl |
2009-01-28 | Name : SuSE Update for MozillaFirefox,mozilla,seamonkey SUSE-SA:2007:057 File : nvt/gb_suse_2007_057.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-14 (firefox seamonkey xulrunner) File : nvt/glsa_200711_14.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-24 (mozilla-thunderbird mozilla-thunderb... File : nvt/glsa_200711_24.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox27.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1574-1 (icedove) File : nvt/deb_1574_1.nasl |
2008-04-30 | Name : Debian Security Advisory DSA 1534-2 (iceape) File : nvt/deb_1534_2.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1535-1 (iceweasel) File : nvt/deb_1535_1.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1534-1 (iceape) File : nvt/deb_1534_1.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1532-1 (xulrunner) File : nvt/deb_1532_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1391-1 (icedove) File : nvt/deb_1391_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1401-1 (iceape) File : nvt/deb_1401_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1396-1 (icedove) File : nvt/deb_1396_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1392-1 (xulrunner) File : nvt/deb_1392_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-324-01 mozilla-thunderbird File : nvt/esoft_slk_ssa_2007_324_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
38044 | Mozilla Multiple Products JavaScript Engine Multiple Unspecified Memory Corr... |
38043 | Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corruption |
38035 | Mozilla Multiple Products XUL Page Title Bar Spoofing |
38034 | Mozilla Firefox on Linux gnome-vfs smb/sftp URI Arbitrary File Access |
38033 | Mozilla Multiple Products Script Object XPCNativeWrappers Pollution |
37995 | Mozilla Firefox Digest Authentication username Attribute CRLF Injection |
37994 | Mozilla Multiple Browsers onkeydown Event Window Focus Manipulation |
33809 | Mozilla Firefox JavaScript onUnload Handler Site Tailgating |
26178 | Multiple Multiple Browsers OnKey* Keystroke Event File Upload |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla Firefox XBL Event Handler Tags Removal memory corruption attempt RuleID : 15383 - Revision : 8 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0979.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0980.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-0981.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20071019_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071019_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071019_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-047.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-202.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1574.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1535.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1532.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1534.nasl - Type : ACT_GATHER_INFO |
2008-01-10 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-4874.nasl - Type : ACT_GATHER_INFO |
2007-12-20 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_15014.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-4570.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-4811.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-324-01.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-24.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3414.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3431.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_2009.nasl - Type : ACT_GATHER_INFO |
2007-11-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-14.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-535-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-536-1.nasl - Type : ACT_GATHER_INFO |
2007-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2795.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2664.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2601.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1401.nasl - Type : ACT_GATHER_INFO |
2007-10-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1396.nasl - Type : ACT_GATHER_INFO |
2007-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-4596.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0979.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0980.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-4594.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0981.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1391.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1392.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0981.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0980.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0979.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e24797af803d11dcb787003048705d5a.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_115.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-4572.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-4574.nasl - Type : ACT_GATHER_INFO |
2007-10-19 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_2008.nasl - Type : ACT_GATHER_INFO |
2006-12-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-143.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:58 |
|