Executive Summary

Summary
TitleNew icedove packages fix several vulnerabilities
Informations
NameDSA-1830First vendor Publication2009-07-12
VendorDebianLast vendor Modification2009-07-12
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2009-0040

The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. (MFSA 2009-10)

CVE-2009-0352

It is possible to execute arbitrary code via vectors related to the layout engine. (MFSA 2009-01)

CVE-2009-0353

It is possible to execute arbitrary code via vectors related to the JavaScript engine. (MFSA 2009-01)

CVE-2009-0652

Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalized domain names. (MFSA 2009-15)

CVE-2009-0771

Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. (MFSA 2009-07)

CVE-2009-0772

The layout engine allows the execution of arbitrary code ia vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. (MFSA 2009-07)

CVE-2009-0773

The JavaScript engine is prone to the execution of arbitrary code via several vectors. (MFSA 2009-07)

CVE-2009-0774

The layout engine allows the execution of arbitrary code via vectors related to gczeal. (MFSA 2009-07)

CVE-2009-0776

Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. (MFSA 2009-09)

CVE-2009-1302

The browser engine is prone to a possible memory corruption via several vectors. (MFSA 2009-14)

CVE-2009-1303

The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. (MFSA 2009-14)

CVE-2009-1307

Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. (MFSA 2009-17)

CVE-2009-1832

The possible arbitrary execution of code was discovered via vectors involving "double frame construction." (MFSA 2009-24)

CVE-2009-1392

Several issues were discovered in the browser engine as used by icedove, which could lead to the possible execution of arbitrary code. (MFSA 2009-24)

CVE-2009-1836

Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. (MFSA 2009-27)

CVE-2009-1838

moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. (MFSA 2009-29)

CVE-2009-1841

moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. (MFSA 2009-32)

No CVE id yet

Bernd Jendrissek discovered a potentially exploitable crash when viewing a multipart/alternative mail message with a text/enhanced part. (MFSA 2009-33)



For the stable distribution (lenny), these problems have been fixed in version 2.0.0.22-0lenny1.

As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported mail client.

For the testing (squeeze) distribution these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 2.0.0.22-1.



We recommend that you upgrade your icedove packages.

Original Source

Url : http://www.debian.org/security/2009/dsa-1830

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors
CWE-94Failure to Control Generation of Code ('Code Injection')
CWE-287Improper Authentication
CWE-200Information Exposure
CWE-20Improper Input Validation
CWE-16Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6458
 
Oval ID: oval:org.mitre.oval:def:6458
Title: Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerability
Description: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0040
Version: 1
Platform(s): VMWare ESX Server 3
VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10316
 
Oval ID: oval:org.mitre.oval:def:10316
Title: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Description: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0040
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22744
 
Oval ID: oval:org.mitre.oval:def:22744
Title: ELSA-2009:0333: libpng security update (Moderate)
Description: The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Family: unix Class: patch
Reference(s): ELSA-2009:0333-01
CVE-2008-1382
CVE-2009-0040
Version: 10
Platform(s): Oracle Linux 4
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10699
 
Oval ID: oval:org.mitre.oval:def:10699
Title: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function.
Description: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0352
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11193
 
Oval ID: oval:org.mitre.oval:def:11193
Title: Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine.
Description: Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0353
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11396
 
Oval ID: oval:org.mitre.oval:def:11396
Title: The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
Description: The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0652
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6755
 
Oval ID: oval:org.mitre.oval:def:6755
Title: Mozilla Firefox, Thunderbird and Seamonkey memory corruption Vulnerability
Description: The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0771
Version: 12
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6196
 
Oval ID: oval:org.mitre.oval:def:6196
Title: Mozilla Firefox memory corruption Vulnerability
Description: The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0771
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6163
 
Oval ID: oval:org.mitre.oval:def:6163
Title: Mozilla Thunderbird memory corruption Vulnerability
Description: The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0771
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5250
 
Oval ID: oval:org.mitre.oval:def:5250
Title: Mozilla Seamonkey memory corruption Vulnerability
Description: The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0771
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11314
 
Oval ID: oval:org.mitre.oval:def:11314
Title: The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
Description: The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0771
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9609
 
Oval ID: oval:org.mitre.oval:def:9609
Title: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0772
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6811
 
Oval ID: oval:org.mitre.oval:def:6811
Title: Mozilla Firefox, Thunderbird and Seamonkey Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0772
Version: 12
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6097
 
Oval ID: oval:org.mitre.oval:def:6097
Title: Mozilla Firefox Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0772
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5945
 
Oval ID: oval:org.mitre.oval:def:5945
Title: Mozilla Seamonkey Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0772
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5703
 
Oval ID: oval:org.mitre.oval:def:5703
Title: Mozilla Thunderbird Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0772
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6708
 
Oval ID: oval:org.mitre.oval:def:6708
Title: Mozilla Firefox, Thunderbird and Seamonkey Denial of Service and arbitrary code execution Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0773
Version: 12
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6141
 
Oval ID: oval:org.mitre.oval:def:6141
Title: Mozilla Firefox Denial of Service and arbitrary code execution Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0773
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5980
 
Oval ID: oval:org.mitre.oval:def:5980
Title: Mozilla Thunderbird Denial of Service and arbitrary code execution Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0773
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5856
 
Oval ID: oval:org.mitre.oval:def:5856
Title: Mozilla Seamonkey Denial of Service and arbitrary code execution Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0773
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10491
 
Oval ID: oval:org.mitre.oval:def:10491
Title: The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Description: The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0773
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6945
 
Oval ID: oval:org.mitre.oval:def:6945
Title: Mozilla Firefox, Thunderbird and Seamonkey gczeal (vector) Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0774
Version: 12
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6121
 
Oval ID: oval:org.mitre.oval:def:6121
Title: Mozilla Thunderbird gczeal (vector) Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0774
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6057
 
Oval ID: oval:org.mitre.oval:def:6057
Title: Mozilla Seamonkey gczeal (vector) Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0774
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5947
 
Oval ID: oval:org.mitre.oval:def:5947
Title: Mozilla Firefox gczeal (vector) Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0774
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11138
 
Oval ID: oval:org.mitre.oval:def:11138
Title: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0774
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9241
 
Oval ID: oval:org.mitre.oval:def:9241
Title: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0776
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7390
 
Oval ID: oval:org.mitre.oval:def:7390
Title: Mozilla Firefox, Thunderbird and Seamonkey security bypass Vulnerability
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0776
Version: 12
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6191
 
Oval ID: oval:org.mitre.oval:def:6191
Title: Mozilla Thunderbird security bypass Vulnerability
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0776
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6017
 
Oval ID: oval:org.mitre.oval:def:6017
Title: Mozilla Seamonkey security bypass Vulnerability
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0776
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5956
 
Oval ID: oval:org.mitre.oval:def:5956
Title: Mozilla Firefox security bypass Vulnerability
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0776
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22778
 
Oval ID: oval:org.mitre.oval:def:22778
Title: ELSA-2009:0258: thunderbird security update (Moderate)
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: unix Class: patch
Reference(s): ELSA-2009:0258-01
CVE-2009-0352
CVE-2009-0353
CVE-2009-0355
CVE-2009-0772
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
Version: 30
Platform(s): Oracle Linux 4
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7030
 
Oval ID: oval:org.mitre.oval:def:7030
Title: Mozilla Thunderbird, Seamonkey and Firefox Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1302
Version: 10
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Thunderbird
Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6170
 
Oval ID: oval:org.mitre.oval:def:6170
Title: Mozilla Thunderbird Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1302
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6070
 
Oval ID: oval:org.mitre.oval:def:6070
Title: Mozilla Seamonkey Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1302
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5527
 
Oval ID: oval:org.mitre.oval:def:5527
Title: Mozilla Firefox Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1302
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10106
 
Oval ID: oval:org.mitre.oval:def:10106
Title: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1302
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9455
 
Oval ID: oval:org.mitre.oval:def:9455
Title: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1303
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6646
 
Oval ID: oval:org.mitre.oval:def:6646
Title: Mozilla Thunderbird, Firefox and Seamonkey Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1303
Version: 10
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6151
 
Oval ID: oval:org.mitre.oval:def:6151
Title: Mozilla Thunderbird Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1303
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5992
 
Oval ID: oval:org.mitre.oval:def:5992
Title: Mozilla Firefox Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1303
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5810
 
Oval ID: oval:org.mitre.oval:def:5810
Title: Mozilla Seamonkey Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1303
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7008
 
Oval ID: oval:org.mitre.oval:def:7008
Title: Mozilla Thunderbird, Firefox and Seamonkey arbitrary code execution Vulnerability
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1307
Version: 10
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Thunderbird
Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6266
 
Oval ID: oval:org.mitre.oval:def:6266
Title: Mozilla Thunderbird arbitrary code execution Vulnerability
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1307
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6154
 
Oval ID: oval:org.mitre.oval:def:6154
Title: Mozilla Firefox arbitrary code execution Vulnerability
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1307
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5933
 
Oval ID: oval:org.mitre.oval:def:5933
Title: Mozilla Seamonkey arbitrary code execution Vulnerability
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1307
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10972
 
Oval ID: oval:org.mitre.oval:def:10972
Title: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1307
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9501
 
Oval ID: oval:org.mitre.oval:def:9501
Title: The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.
Description: The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1392
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10237
 
Oval ID: oval:org.mitre.oval:def:10237
Title: Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction."
Description: Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1832
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11764
 
Oval ID: oval:org.mitre.oval:def:11764
Title: Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Description: Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1836
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11080
 
Oval ID: oval:org.mitre.oval:def:11080
Title: The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
Description: The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1838
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9815
 
Oval ID: oval:org.mitre.oval:def:9815
Title: js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.
Description: js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1841
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22817
 
Oval ID: oval:org.mitre.oval:def:22817
Title: ELSA-2009:1095: firefox security update (Critical)
Description: js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.
Family: unix Class: patch
Reference(s): ELSA-2009:1095-01
CVE-2009-1392
CVE-2009-1832
CVE-2009-1833
CVE-2009-1834
CVE-2009-1835
CVE-2009-1836
CVE-2009-1837
CVE-2009-1838
CVE-2009-1839
CVE-2009-1840
CVE-2009-1841
Version: 46
Platform(s): Oracle Linux 5
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9994
 
Oval ID: oval:org.mitre.oval:def:9994
Title: Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
Description: Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2210
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22628
 
Oval ID: oval:org.mitre.oval:def:22628
Title: ELSA-2009:1126: thunderbird security update (Moderate)
Description: Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
Family: unix Class: patch
Reference(s): ELSA-2009:1126-01
CVE-2009-1303
CVE-2009-1305
CVE-2009-1306
CVE-2009-1307
CVE-2009-1308
CVE-2009-1309
CVE-2009-1392
CVE-2009-1833
CVE-2009-1836
CVE-2009-1838
CVE-2009-2210
Version: 46
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application333
Application103
Application42
Application73

OpenVAS Exploits

DateDescription
2012-10-03Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w...
File : nvt/glsa_201209_25.nasl
2011-08-09Name : CentOS Update for firefox CESA-2009:0256 centos4 i386
File : nvt/gb_CESA-2009_0256_firefox_centos4_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2009:0256 centos5 i386
File : nvt/gb_CESA-2009_0256_firefox_centos5_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:0257-01 centos2 i386
File : nvt/gb_CESA-2009_0257-01_seamonkey_centos2_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:0257 centos3 i386
File : nvt/gb_CESA-2009_0257_seamonkey_centos3_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:0257 centos4 i386
File : nvt/gb_CESA-2009_0257_seamonkey_centos4_i386.nasl
2011-08-09Name : CentOS Update for thunderbird CESA-2009:0258 centos4 i386
File : nvt/gb_CESA-2009_0258_thunderbird_centos4_i386.nasl
2011-08-09Name : CentOS Update for thunderbird CESA-2009:0258 centos5 i386
File : nvt/gb_CESA-2009_0258_thunderbird_centos5_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2009:0315 centos4 i386
File : nvt/gb_CESA-2009_0315_firefox_centos4_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2009:0315 centos5 i386
File : nvt/gb_CESA-2009_0315_firefox_centos5_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:0325-01 centos2 i386
File : nvt/gb_CESA-2009_0325-01_seamonkey_centos2_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:0325 centos3 i386
File : nvt/gb_CESA-2009_0325_seamonkey_centos3_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:0325 centos4 i386
File : nvt/gb_CESA-2009_0325_seamonkey_centos4_i386.nasl
2011-08-09Name : CentOS Update for libpng CESA-2009:0333-01 centos2 i386
File : nvt/gb_CESA-2009_0333-01_libpng_centos2_i386.nasl
2011-08-09Name : CentOS Update for libpng10 CESA-2009:0333 centos4 i386
File : nvt/gb_CESA-2009_0333_libpng10_centos4_i386.nasl
2011-08-09Name : CentOS Update for libpng10 CESA-2009:0340 centos3 i386
File : nvt/gb_CESA-2009_0340_libpng10_centos3_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2009:0436 centos4 i386
File : nvt/gb_CESA-2009_0436_firefox_centos4_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2009:0436 centos5 i386
File : nvt/gb_CESA-2009_0436_firefox_centos5_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:0437-02 centos2 i386
File : nvt/gb_CESA-2009_0437-02_seamonkey_centos2_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:0437 centos4 i386
File : nvt/gb_CESA-2009_0437_seamonkey_centos4_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2009:1095 centos5 i386
File : nvt/gb_CESA-2009_1095_firefox_centos5_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:1096 centos3 i386
File : nvt/gb_CESA-2009_1096_seamonkey_centos3_i386.nasl
2011-08-09Name : CentOS Update for thunderbird CESA-2009:1126 centos5 i386
File : nvt/gb_CESA-2009_1126_thunderbird_centos5_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:1134 centos3 i386
File : nvt/gb_CESA-2009_1134_seamonkey_centos3_i386.nasl
2010-05-12Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002
File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl
2010-05-12Name : Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003
File : nvt/macosx_upd_10_5_8_secupd_2009-003.nasl
2009-11-17Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13Name : SLES10: Security update for libpng
File : nvt/sles10_libpng.nasl
2009-10-13Name : SLES10: Security update for libpng
File : nvt/sles10_libpng0.nasl
2009-10-13Name : SLES10: Security update for MozillaFirefox
File : nvt/sles10_MozillaFirefox3.nasl
2009-10-11Name : SLES11: Security update for MozillaFirefox
File : nvt/sles11_MozillaFirefox.nasl
2009-10-11Name : SLES11: Security update for MozillaFirefox
File : nvt/sles11_MozillaFirefox1.nasl
2009-10-11Name : SLES11: Security update for MozillaFirefox
File : nvt/sles11_MozillaFirefox3.nasl
2009-10-11Name : SLES11: Security update for libpng
File : nvt/sles11_libpng12-0.nasl
2009-10-11Name : SLES11: Security update for Mozilla
File : nvt/sles11_mozilla-xulrunn.nasl
2009-10-10Name : SLES9: Security update for libpng
File : nvt/sles9p5043440.nasl
2009-10-10Name : SLES9: Security update for libpng
File : nvt/sles9p5043680.nasl
2009-10-10Name : SLES9: Security update for epiphany
File : nvt/sles9p5059920.nasl
2009-08-17Name : Mandrake Security Advisory MDVSA-2009:185 (firefox)
File : nvt/mdksa_2009_185.nasl
2009-07-29Name : Debian Security Advisory DSA 1830-1 (icedove)
File : nvt/deb_1830_1.nasl
2009-07-29Name : Ubuntu USN-799-1 (dbus)
File : nvt/ubuntu_799_1.nasl
2009-07-29Name : Ubuntu USN-801-1 (tiff)
File : nvt/ubuntu_801_1.nasl
2009-07-29Name : Ubuntu USN-802-1 (apache2)
File : nvt/ubuntu_802_1.nasl
2009-07-29Name : Fedora Core 10 FEDORA-2009-7567 (seamonkey)
File : nvt/fcore_2009_7567.nasl
2009-07-29Name : Fedora Core 11 FEDORA-2009-7614 (seamonkey)
File : nvt/fcore_2009_7614.nasl
2009-07-06Name : RedHat Security Advisory RHSA-2009:1134
File : nvt/RHSA_2009_1134.nasl
2009-07-06Name : CentOS Security Advisory CESA-2009:1134 (seamonkey)
File : nvt/ovcesa2009_1134.nasl
2009-06-30Name : Mozilla Thunderbird/Seamonkey DoS Vulnerability June-09 (Linux)
File : nvt/secpod_mozilla_prdts_dos_vuln_jun09_lin.nasl
2009-06-30Name : Mozilla Products DoS Vulnerability June-09 (Win)
File : nvt/secpod_mozilla_prdts_dos_vuln_jun09_win.nasl
2009-06-30Name : RedHat Security Advisory RHSA-2009:1125
File : nvt/RHSA_2009_1125.nasl
2009-06-30Name : RedHat Security Advisory RHSA-2009:1126
File : nvt/RHSA_2009_1126.nasl
2009-06-30Name : Mandrake Security Advisory MDVSA-2009:141 (mozilla-thunderbird)
File : nvt/mdksa_2009_141.nasl
2009-06-30Name : Ubuntu USN-782-1 (thunderbird)
File : nvt/ubuntu_782_1.nasl
2009-06-30Name : Ubuntu USN-792-1 (openssl)
File : nvt/ubuntu_792_1.nasl
2009-06-30Name : CentOS Security Advisory CESA-2009:1126 (thunderbird)
File : nvt/ovcesa2009_1126.nasl
2009-06-23Name : Debian Security Advisory DSA 1820-1 (xulrunner)
File : nvt/deb_1820_1.nasl
2009-06-23Name : Mandrake Security Advisory MDVSA-2009:134 (firefox)
File : nvt/mdksa_2009_134.nasl
2009-06-23Name : Ubuntu USN-779-1 (xulrunner-1.9)
File : nvt/ubuntu_779_1.nasl
2009-06-23Name : SuSE Security Advisory SUSE-SA:2009:034 (MozillaFirefox)
File : nvt/suse_sa_2009_034.nasl
2009-06-23Name : Fedora Core 10 FEDORA-2009-6366 (firefox)
File : nvt/fcore_2009_6366.nasl
2009-06-23Name : Fedora Core 9 FEDORA-2009-6411 (firefox)
File : nvt/fcore_2009_6411.nasl
2009-06-23Name : Fedora Core 10 FEDORA-2009-6531 (libpng)
File : nvt/fcore_2009_6531.nasl
2009-06-23Name : Fedora Core 9 FEDORA-2009-6603 (libpng)
File : nvt/fcore_2009_6603.nasl
2009-06-23Name : CentOS Security Advisory CESA-2009:1095 (firefox)
File : nvt/ovcesa2009_1095.nasl
2009-06-16Name : Mozilla Firefox Multiple Vulnerability Jun-09 (Linux)
File : nvt/gb_firefox_mult_vuln_jun09_lin.nasl
2009-06-16Name : Mozilla Firefox Multiple Vulnerability Jun-09 (Win)
File : nvt/gb_firefox_mult_vuln_jun09_win.nasl
2009-06-16Name : Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux)
File : nvt/gb_seamonkey_mult_vuln_jun09_lin.nasl
2009-06-16Name : Mozilla Seamonkey Multiple Vulnerability Jun-09 (Win)
File : nvt/gb_seamonkey_mult_vuln_jun09_win.nasl
2009-06-16Name : Mozilla Thunderbird Multiple Vulnerability Jun-09 (Linux)
File : nvt/gb_thunderbird_mult_vuln_jun09_lin.nasl
2009-06-16Name : Mozilla Thunderbird Multiple Vulnerability Jun-09 (Win)
File : nvt/gb_thunderbird_mult_vuln_jun09_win.nasl
2009-06-15Name : RedHat Security Advisory RHSA-2009:1095
File : nvt/RHSA_2009_1095.nasl
2009-06-15Name : RedHat Security Advisory RHSA-2009:1096
File : nvt/RHSA_2009_1096.nasl
2009-06-15Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox39.nasl
2009-06-15Name : CentOS Security Advisory CESA-2009:1096 (seamonkey)
File : nvt/ovcesa2009_1096.nasl
2009-06-05Name : Ubuntu USN-723-1 (git-core)
File : nvt/ubuntu_723_1.nasl
2009-06-05Name : Mandrake Security Advisory MDVSA-2009:111 (firefox)
File : nvt/mdksa_2009_111.nasl
2009-06-05Name : Ubuntu USN-763-1 (xine-lib)
File : nvt/ubuntu_763_1.nasl
2009-06-05Name : Ubuntu USN-764-1 (xulrunner-1.9)
File : nvt/ubuntu_764_1.nasl
2009-06-05Name : Ubuntu USN-771-1 (libmodplug)
File : nvt/ubuntu_771_1.nasl
2009-06-05Name : Ubuntu USN-772-1 (mpfr)
File : nvt/ubuntu_772_1.nasl
2009-06-05Name : Ubuntu USN-773-1 (pango1.0)
File : nvt/ubuntu_773_1.nasl
2009-05-25Name : CentOS Security Advisory CESA-2009:0437 (seamonkey)
File : nvt/ovcesa2009_0437.nasl
2009-05-20Name : Mandrake Security Advisory MDVSA-2009:111-1 (firefox)
File : nvt/mdksa_2009_111_1.nasl
2009-05-20Name : CentOS Security Advisory CESA-2009:0258 (thunderbird)
File : nvt/ovcesa2009_0258.nasl
2009-05-20Name : SuSE Security Summary SUSE-SR:2009:010
File : nvt/suse_sr_2009_010.nasl
2009-05-11Name : Debian Security Advisory DSA 1797-1 (xulrunner)
File : nvt/deb_1797_1.nasl
2009-04-30Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Linux)
File : nvt/secpod_seamonkey_mult_vuln_apr09_lin.nasl
2009-04-30Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Win)
File : nvt/secpod_seamonkey_mult_vuln_apr09_win.nasl
2009-04-30Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Linux)
File : nvt/secpod_firefox_mult_vuln_apr09_lin.nasl
2009-04-30Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Win)
File : nvt/secpod_firefox_mult_vuln_apr09_win.nasl
2009-04-30Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Linux)
File : nvt/secpod_thunderbird_mult_vuln_apr09_lin.nasl
2009-04-30Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Win)
File : nvt/secpod_thunderbird_mult_vuln_apr09_win.nasl
2009-04-28Name : RedHat Security Advisory RHSA-2009:0436
File : nvt/RHSA_2009_0436.nasl
2009-04-28Name : RedHat Security Advisory RHSA-2009:0437
File : nvt/RHSA_2009_0437.nasl
2009-04-28Name : Fedora Core 9 FEDORA-2009-3875 (firefox)
File : nvt/fcore_2009_3875.nasl
2009-04-28Name : Fedora Core 10 FEDORA-2009-3893 (epiphany)
File : nvt/fcore_2009_3893.nasl
2009-04-28Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox38.nasl
2009-04-28Name : CentOS Security Advisory CESA-2009:0333 (libpng)
File : nvt/ovcesa2009_0333.nasl
2009-04-28Name : CentOS Security Advisory CESA-2009:0436 (firefox)
File : nvt/ovcesa2009_0436.nasl
2009-04-28Name : CentOS Security Advisory CESA-2009:0437-02 (seamonkey)
File : nvt/ovcesa2009_0437_02.nasl
2009-04-20Name : SuSE Security Advisory SUSE-SA:2009:023 (MozillaFirefox)
File : nvt/suse_sa_2009_023.nasl
2009-04-06Name : Mandrake Security Advisory MDVSA-2009:083 (mozilla-thunderbird)
File : nvt/mdksa_2009_083.nasl
2009-04-06Name : Fedora Core 9 FEDORA-2009-3101 (seamonkey)
File : nvt/fcore_2009_3101.nasl
2009-04-06Name : Fedora Core 10 FEDORA-2009-3161 (seamonkey)
File : nvt/fcore_2009_3161.nasl
2009-03-31Name : Debian Security Advisory DSA 1750-1 (libpng)
File : nvt/deb_1750_1.nasl
2009-03-31Name : Fedora Core 10 FEDORA-2009-2882 (thunderbird)
File : nvt/fcore_2009_2882.nasl
2009-03-31Name : Fedora Core 9 FEDORA-2009-2884 (thunderbird)
File : nvt/fcore_2009_2884.nasl
2009-03-31Name : Ubuntu USN-741-1 (thunderbird)
File : nvt/ubuntu_741_1.nasl
2009-03-31Name : Ubuntu USN-742-1 (jasper)
File : nvt/ubuntu_742_1.nasl
2009-03-31Name : RedHat Security Advisory RHSA-2009:0258
File : nvt/RHSA_2009_0258.nasl
2009-03-20Name : Mandrake Security Advisory MDVSA-2009:075 (firefox)
File : nvt/mdksa_2009_075.nasl
2009-03-20Name : Gentoo Security Advisory GLSA 200903-28 (libpng)
File : nvt/glsa_200903_28.nasl
2009-03-20Name : SuSE Security Advisory SUSE-SA:2009:012 (MozillaFirefox)
File : nvt/suse_sa_2009_012.nasl
2009-03-13Name : Fedora Core 9 FEDORA-2009-2421 (firefox)
File : nvt/fcore_2009_2421.nasl
2009-03-13Name : Fedora Core 10 FEDORA-2009-2422 (firefox)
File : nvt/fcore_2009_2422.nasl
2009-03-13Name : CentOS Security Advisory CESA-2009:0315 (firefox)
File : nvt/ovcesa2009_0315.nasl
2009-03-13Name : CentOS Security Advisory CESA-2009:0325-01 (seamonkey)
File : nvt/ovcesa2009_0325_01.nasl
2009-03-13Name : CentOS Security Advisory CESA-2009:0333-01 (libpng)
File : nvt/ovcesa2009_0333_01.nasl
2009-03-13Name : CentOS Security Advisory CESA-2009:0340 (libpng)
File : nvt/ovcesa2009_0340.nasl
2009-03-13Name : Fedora Core 10 FEDORA-2009-1976 (libpng10)
File : nvt/fcore_2009_1976.nasl
2009-03-13Name : Fedora Core 9 FEDORA-2009-2045 (libpng10)
File : nvt/fcore_2009_2045.nasl
2009-03-10Name : Mozilla Firefox Multiple Vulnerabilities Mar-09 (Linux)
File : nvt/gb_firefox_mult_vuln_mar09_lin.nasl
2009-03-10Name : Mozilla Firefox Multiple Vulnerabilities Mar-09 (Win)
File : nvt/gb_firefox_mult_vuln_mar09_win.nasl
2009-03-10Name : Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Linux)
File : nvt/gb_seamonkey_mult_vuln_mar09_lin.nasl
2009-03-10Name : Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Win)
File : nvt/gb_seamonkey_mult_vuln_mar09_win.nasl
2009-03-10Name : Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Linux)
File : nvt/gb_thunderbird_mult_vuln_mar09_lin.nasl
2009-03-10Name : Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Win)
File : nvt/gb_thunderbird_mult_vuln_mar09_win.nasl
2009-03-07Name : FreeBSD Ports: pngcrush
File : nvt/freebsd_pngcrush.nasl
2009-03-07Name : Ubuntu USN-728-1 (xulrunner-1.9)
File : nvt/ubuntu_728_1.nasl
2009-03-07Name : Ubuntu USN-728-2 (firefox)
File : nvt/ubuntu_728_2.nasl
2009-03-07Name : Ubuntu USN-728-3 (firefox)
File : nvt/ubuntu_728_3.nasl
2009-03-07Name : Ubuntu USN-730-1 (libpng)
File : nvt/ubuntu_730_1.nasl
2009-03-07Name : CentOS Security Advisory CESA-2009:0325 (seamonkey)
File : nvt/ovcesa2009_0325.nasl
2009-03-07Name : RedHat Security Advisory RHSA-2009:0315
File : nvt/RHSA_2009_0315.nasl
2009-03-07Name : RedHat Security Advisory RHSA-2009:0325
File : nvt/RHSA_2009_0325.nasl
2009-03-07Name : RedHat Security Advisory RHSA-2009:0333
File : nvt/RHSA_2009_0333.nasl
2009-03-07Name : RedHat Security Advisory RHSA-2009:0340
File : nvt/RHSA_2009_0340.nasl
2009-03-02Name : Fedora Core 10 FEDORA-2009-2112 (libpng)
File : nvt/fcore_2009_2112.nasl
2009-03-02Name : Mandrake Security Advisory MDVSA-2009:051 (libpng)
File : nvt/mdksa_2009_051.nasl
2009-03-02Name : Fedora Core 9 FEDORA-2009-2128 (libpng)
File : nvt/fcore_2009_2128.nasl
2009-03-02Name : Fedora Core 10 FEDORA-2009-2131 (mingw32-libpng)
File : nvt/fcore_2009_2131.nasl
2009-03-02Name : SuSE Security Summary SUSE-SR:2009:005
File : nvt/suse_sr_2009_005.nasl
2009-02-26Name : Firefox URL Spoofing And Phising Vulnerability (Linux)
File : nvt/secpod_firefox_url_spoof_vuln_lin.nasl
2009-02-26Name : Firefox URL Spoofing And Phising Vulnerability (Win)
File : nvt/secpod_firefox_url_spoof_vuln_win.nasl
2009-02-23Name : Mandrake Security Advisory MDVSA-2009:044 (firefox)
File : nvt/mdksa_2009_044.nasl
2009-02-20Name : Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Linux)
File : nvt/secpod_seamonkey_mult_vuln_feb09_lin.nasl
2009-02-20Name : Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Win)
File : nvt/secpod_seamonkey_mult_vuln_feb09_win.nasl
2009-02-20Name : Mozilla Firefox Multiple Vulnerabilities Feb-09 (Linux)
File : nvt/secpod_firefox_mult_vuln_feb09_lin.nasl
2009-02-20Name : Mozilla Firefox Multiple Vulnerabilities Feb-09 (Win)
File : nvt/secpod_firefox_mult_vuln_feb09_win.nasl
2009-02-20Name : Mozilla Thunderbird Multiple Vulnerabilities Feb-09 (Linux)
File : nvt/secpod_thunderbird_mult_vuln_feb09_lin.nasl
2009-02-20Name : Mozilla Thunderbird Multiple Vulnerabilities Feb-09 (Win)
File : nvt/secpod_thunderbird_mult_vuln_feb09_win.nasl
2009-02-18Name : SuSE Security Advisory SUSE-SA:2009:009 (MozillaFirefox)
File : nvt/suse_sa_2009_009.nasl
2009-02-13Name : Ubuntu USN-717-1 (xulrunner-1.9)
File : nvt/ubuntu_717_1.nasl
2009-02-13Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox37.nasl
2009-02-13Name : Fedora Core 10 FEDORA-2009-1398 (xulrunner)
File : nvt/fcore_2009_1398.nasl
2009-02-13Name : Fedora Core 9 FEDORA-2009-1399 (xulrunner)
File : nvt/fcore_2009_1399.nasl
2009-02-10Name : CentOS Security Advisory CESA-2009:0256 (firefox)
File : nvt/ovcesa2009_0256.nasl
2009-02-10Name : CentOS Security Advisory CESA-2009:0257 (seamonkey)
File : nvt/ovcesa2009_0257.nasl
2009-02-10Name : CentOS Security Advisory CESA-2009:0257-01 (seamonkey)
File : nvt/ovcesa2009_0257_01.nasl
2009-02-10Name : RedHat Security Advisory RHSA-2009:0256
File : nvt/RHSA_2009_0256.nasl
2009-02-10Name : RedHat Security Advisory RHSA-2009:0257
File : nvt/RHSA_2009_0257.nasl
0000-00-00Name : Slackware Advisory SSA:2009-051-01 libpng
File : nvt/esoft_slk_ssa_2009_051_01.nasl
0000-00-00Name : Slackware Advisory SSA:2009-083-02 seamonkey
File : nvt/esoft_slk_ssa_2009_083_02.nasl
0000-00-00Name : Slackware Advisory SSA:2009-083-03 mozilla-thunderbird
File : nvt/esoft_slk_ssa_2009_083_03.nasl
0000-00-00Name : Slackware Advisory SSA:2009-167-01 mozilla-firefox
File : nvt/esoft_slk_ssa_2009_167_01.nasl
0000-00-00Name : Slackware Advisory SSA:2009-176-01 seamonkey
File : nvt/esoft_slk_ssa_2009_176_01.nasl
0000-00-00Name : Slackware Advisory SSA:2009-178-01 mozilla-thunderbird
File : nvt/esoft_slk_ssa_2009_178_01.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
55532Mozilla Multiple Products Crafted multipart/alternative E-mail Message Remote...
55160Mozilla Multiple Products Proxy Server CONNECT Response Manipulation SSL MiTM...
55159Mozilla Multiple Products xpcwrappedjsclass.cpp JavaScript Chrome Privilege E...
55157Mozilla Multiple Products Garbage-collection Implementation Crafted Event Han...
55148Mozilla Multiple Products Double Frame Construction Memory Corruption
55147Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corruption
55146Mozilla Multiple Products Browser Engine xulrunner nsWindow::SetCursor Functi...
55145Mozilla Multiple Products Browser Engine nsHTMLEditor::HideResizers contentEd...
55144Mozilla Multiple Products Browser Engine AtomTableClearEntry Multiple Method ...
55143Mozilla Multiple Products Browser Engine nsListBoxBodyFrame::GetNextItemBox x...
55142Mozilla Multiple Products Browser Engine PL_DHashTableFinish style Tag Handli...
55141Mozilla Multiple Products Browser Engine IsPercentageAware Function Memory Co...
55140Mozilla Multiple Products Browser Engine nsTextFrame::ClearTextRun Accessibil...
55139Mozilla Multiple Products Browser Engine UnhookTextRunFromFrames / ClearAllTe...
55138Mozilla Multiple Products Browser Engine nsEventStateManager::GetContentState...
53972Mozilla Multiple Products nsAsyncInstantiateEvent::Run() Frame Handling Memor...
53971Mozilla Multiple Products nsSVGElement::BindToTree svg Handling Memory Corrup...
53966Mozilla Multiple Products gfxSkipCharsIterator::SetOffsets Memory Corruption
53965Mozilla Multiple Products nsStyleContext::Destroy() DOMAttrModified Window Ha...
53964Mozilla Multiple Products PL_DHashTableOperate / nsEditor::EndUpdateViewBatch...
53963Mozilla Multiple Products XSLT Stylesheet Compiling Memory Corruption
53962Mozilla Multiple Products nsComputedDOMStyle::GetWidth Memory Corruption
53961Mozilla Multiple Products nsXULDocument::SynchronizeBroadcastListener Memory ...
53960Mozilla Multiple Products IsBindingAncestor Frame Handling Memory Corruption
53958Mozilla Multiple Products view-source: Scheme Adobe Flash Same-origin Policy ...
53317libpng 16-bit Gamma Table Handling Uninitialised Pointer Free Arbitrary Code ...
53316libpng pCAL Chunk Handling Uninitialised Pointer Free Arbitrary Code Execution
53315libpng png_read_png Function Uninitialised Pointer Free Arbitrary Code Execution
52659Mozilla Firefox IDN Homoglyph Character Literal Rendering URI Spoofing Weakness
52451Mozilla Multiple Products nsIRDFService Cross-domain Redirect Same-origin Pol...
52449Mozilla Multiple Products JavaScript Engine Multiple Vector Unspecified DoS
52448Mozilla Multiple Products JavaScript Engine jsopcode.cpp Multiple Vector Arbi...
52447Mozilla Multiple Products JavaScript Engine jsarray.cpp ResizeSlots Function ...
52446Mozilla Multiple Products Layout Engine gczeal Unspecified Code Execution
52445Mozilla Multiple Products Layout Engine nsCSSStyleSheet::GetOwnerNode Functio...
52444Mozilla Multiple Products Layout Engine Multiple Unspecified Memory Corruptions
51940Mozilla Multiple Products Layout Engine nsStyleContext::Destroy Multiple Meth...
51939Mozilla Multiple Products Layout Engine nsOverflowContinuationTracker::Insert...
51938Mozilla Multiple Products Layout Engine nsContainerFrame::ReflowOverflowConta...
51937Mozilla Multiple Products Layout Engine nsViewManager::Composite() Layout Obj...
51936Mozilla Multiple Products Layout Engine nsTransactionItem.cpp PlaceholderTxn:...
51935Mozilla Multiple Products Layout Engine nsAttributeTextNode GetStrokeDash* Me...
51934Mozilla Multiple Products Layout Engine nsStyleContext::Release Memory Corrup...
51933Mozilla Multiple Products Layout Engine nsContainerFrame.cpp Frame Tree Handl...
51932Mozilla Multiple Products Layout Engine nsContentUtils::ComparePosition Memor...
51931Mozilla Multiple Products Layout Engine File Open Dialog input type Manipulat...
51929Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption

Snort® IPS/IDS

DateDescription
2014-03-06Mozilla Firefox SVG data processing obfuscated memory corruption attempt
RuleID : 29580 - Revision : 1 - Type : BROWSER-FIREFOX
2014-01-10Mozilla Firefox browser engine memory corruption attempt
RuleID : 17613 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10Mozilla Firefox Javascript array.splice memory corruption attempt
RuleID : 17399 - Revision : 4 - Type : BROWSER-FIREFOX
2014-01-10Mozilla Firefox Javascript array.splice memory corruption attempt
RuleID : 17398 - Revision : 4 - Type : BROWSER-FIREFOX
2014-01-10Mozilla Firefox SVG data processing memory corruption attempt
RuleID : 15428 - Revision : 13 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0256.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0257.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-0258.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0315.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0325.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0333.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0340.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0436.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0437.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1095.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1096.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-1125.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1134.nasl - Type : ACT_GATHER_INFO
2013-03-09Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-728-2.nasl - Type : ACT_GATHER_INFO
2013-03-09Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-728-3.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO
2013-01-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-10-01Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-25.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090204_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090204_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090304_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090304_libpng_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090304_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20090324_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090421_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090421_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090611_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090611_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20090625_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090630_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1830.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0333.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1095.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO
2009-10-30Name : The remote SuSE system is missing the security patch seamonkey-6538
File : suse_seamonkey-6538.nasl - Type : ACT_GATHER_INFO
2009-10-22Name : The remote SuSE system is missing a security patch for seamonkey
File : suse_11_1_seamonkey-091007.nasl - Type : ACT_GATHER_INFO
2009-10-22Name : The remote SuSE system is missing a security patch for seamonkey
File : suse_11_0_seamonkey-091007.nasl - Type : ACT_GATHER_INFO
2009-10-07Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12519.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote SuSE system is missing the security patch MozillaThunderbird-6347
File : suse_MozillaThunderbird-6347.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12353.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12358.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libpng-6003.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libpng-090317.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libpng-6024.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-090319.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6187.nasl - Type : ACT_GATHER_INFO
2009-08-05Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_8.nasl - Type : ACT_GATHER_INFO
2009-08-05Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2009-003.nasl - Type : ACT_GATHER_INFO
2009-07-27Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2009-0007.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for mozilla-xulrunner190
File : suse_11_1_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for mozilla-xulrunner190
File : suse_11_0_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for seamonkey
File : suse_11_1_seamonkey-090617.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for seamonkey
File : suse_11_0_seamonkey-090617.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for MozillaFirefox
File : suse_11_1_MozillaFirefox-090206.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for MozillaFirefox
File : suse_11_1_MozillaFirefox-090312.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for MozillaFirefox
File : suse_11_1_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for MozillaFirefox
File : suse_11_1_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for MozillaThunderbird
File : suse_11_1_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for libpng-devel
File : suse_11_1_libpng-devel-090217.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for libpng-devel
File : suse_11_1_libpng-devel-090225.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for MozillaFirefox
File : suse_11_0_MozillaFirefox-090206.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for MozillaFirefox
File : suse_11_0_MozillaFirefox-090312.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for MozillaFirefox
File : suse_11_0_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for MozillaFirefox
File : suse_11_0_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for libpng-devel
File : suse_11_0_libpng-devel-090217.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for libpng-devel
File : suse_11_0_libpng-devel-090225.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote SuSE system is missing a security patch for MozillaThunderbird
File : suse_11_0_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO
2009-07-17Name : The remote Fedora host is missing a security update.
File : fedora_2009-7567.nasl - Type : ACT_GATHER_INFO
2009-07-17Name : The remote Fedora host is missing a security update.
File : fedora_2009-7614.nasl - Type : ACT_GATHER_INFO
2009-07-02Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1134.nasl - Type : ACT_GATHER_INFO
2009-07-01Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1134.nasl - Type : ACT_GATHER_INFO
2009-06-28Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-178-01.nasl - Type : ACT_GATHER_INFO
2009-06-28Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-141.nasl - Type : ACT_GATHER_INFO
2009-06-26Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-176-01.nasl - Type : ACT_GATHER_INFO
2009-06-26Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-782-1.nasl - Type : ACT_GATHER_INFO
2009-06-26Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1125.nasl - Type : ACT_GATHER_INFO
2009-06-23Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20022.nasl - Type : ACT_GATHER_INFO
2009-06-23Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1117.nasl - Type : ACT_GATHER_INFO
2009-06-19Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1820.nasl - Type : ACT_GATHER_INFO
2009-06-19Name : The remote SuSE system is missing the security patch seamonkey-6310
File : suse_seamonkey-6310.nasl - Type : ACT_GATHER_INFO
2009-06-18Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-134.nasl - Type : ACT_GATHER_INFO
2009-06-17Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-167-01.nasl - Type : ACT_GATHER_INFO
2009-06-16Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-6366.nasl - Type : ACT_GATHER_INFO
2009-06-16Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-6411.nasl - Type : ACT_GATHER_INFO
2009-06-15Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_da185955573811deb857000f20797ede.nasl - Type : ACT_GATHER_INFO
2009-06-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1096.nasl - Type : ACT_GATHER_INFO
2009-06-15Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-779-1.nasl - Type : ACT_GATHER_INFO
2009-06-12Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1095.nasl - Type : ACT_GATHER_INFO
2009-06-12Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1096.nasl - Type : ACT_GATHER_INFO
2009-06-12Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3011.nasl - Type : ACT_GATHER_INFO
2009-06-09Name : The remote host contains a web browser that is affected by several vulnerabil...
File : safari_4.0.nasl - Type : ACT_GATHER_INFO
2009-05-26Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-0258.nasl - Type : ACT_GATHER_INFO
2009-05-26Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO
2009-05-13Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO
2009-05-13Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-111.nasl - Type : ACT_GATHER_INFO
2009-05-11Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1797.nasl - Type : ACT_GATHER_INFO
2009-04-27Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-3893.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2009-3161.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-3875.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-044.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-051.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-075.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-083.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-717-1.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-1398.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-728-1.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-730-1.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2009-1976.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-741-1.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2009-2112.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2009-2131.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-2422.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-764-1.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2009-2882.nasl - Type : ACT_GATHER_INFO
2009-04-22Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_309.nasl - Type : ACT_GATHER_INFO
2009-04-22Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_3b18e2372f1511de96720030843d3802.nasl - Type : ACT_GATHER_INFO
2009-04-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO
2009-04-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO
2009-04-21Name : The remote SuSE system is missing the security patch MozillaFirefox-6194
File : suse_MozillaFirefox-6194.nasl - Type : ACT_GATHER_INFO
2009-04-10Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1116.nasl - Type : ACT_GATHER_INFO
2009-03-31Name : The remote Fedora host is missing a security update.
File : fedora_2009-3101.nasl - Type : ACT_GATHER_INFO
2009-03-25Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-083-02.nasl - Type : ACT_GATHER_INFO
2009-03-25Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-083-03.nasl - Type : ACT_GATHER_INFO
2009-03-25Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-0258.nasl - Type : ACT_GATHER_INFO
2009-03-23Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1750.nasl - Type : ACT_GATHER_INFO
2009-03-23Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1751.nasl - Type : ACT_GATHER_INFO
2009-03-22Name : The remote Fedora host is missing a security update.
File : fedora_2009-2884.nasl - Type : ACT_GATHER_INFO
2009-03-20Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20021.nasl - Type : ACT_GATHER_INFO
2009-03-20Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1115.nasl - Type : ACT_GATHER_INFO
2009-03-16Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200903-28.nasl - Type : ACT_GATHER_INFO
2009-03-10Name : The remote Fedora host is missing a security update.
File : fedora_2009-2045.nasl - Type : ACT_GATHER_INFO
2009-03-09Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-2421.nasl - Type : ACT_GATHER_INFO
2009-03-08Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0315.nasl - Type : ACT_GATHER_INFO
2009-03-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0325.nasl - Type : ACT_GATHER_INFO
2009-03-05Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ea2411a408e811deb88a0022157515b2.nasl - Type : ACT_GATHER_INFO
2009-03-05Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_307.nasl - Type : ACT_GATHER_INFO
2009-03-05Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0340.nasl - Type : ACT_GATHER_INFO
2009-03-05Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0315.nasl - Type : ACT_GATHER_INFO
2009-03-05Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0325.nasl - Type : ACT_GATHER_INFO
2009-03-05Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0333.nasl - Type : ACT_GATHER_INFO
2009-03-05Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0340.nasl - Type : ACT_GATHER_INFO
2009-02-27Name : The remote SuSE system is missing the security patch libpng-6021
File : suse_libpng-6021.nasl - Type : ACT_GATHER_INFO
2009-02-27Name : The remote Fedora host is missing a security update.
File : fedora_2009-2128.nasl - Type : ACT_GATHER_INFO
2009-02-24Name : The remote SuSE system is missing the security patch libpng-6001
File : suse_libpng-6001.nasl - Type : ACT_GATHER_INFO
2009-02-23Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-051-01.nasl - Type : ACT_GATHER_INFO
2009-02-12Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_8b491182f84211dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO
2009-02-06Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-1399.nasl - Type : ACT_GATHER_INFO
2009-02-05Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0256.nasl - Type : ACT_GATHER_INFO
2009-02-05Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0257.nasl - Type : ACT_GATHER_INFO
2009-02-04Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_306.nasl - Type : ACT_GATHER_INFO
2009-02-04Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0256.nasl - Type : ACT_GATHER_INFO
2009-02-04Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0257.nasl - Type : ACT_GATHER_INFO
2008-03-04Name : The remote host is missing Sun Security Patch number 137080-07
File : solaris10_137080.nasl - Type : ACT_GATHER_INFO
2008-03-04Name : The remote host is missing Sun Security Patch number 137081-07
File : solaris10_x86_137081.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:28:36
  • Multiple Updates