Executive Summary
Summary | |
---|---|
Title | New icedove packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1830 | First vendor Publication | 2009-07-12 |
Vendor | Debian | Last vendor Modification | 2009-07-12 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0040 The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. (MFSA 2009-10) CVE-2009-0352 It is possible to execute arbitrary code via vectors related to the layout engine. (MFSA 2009-01) CVE-2009-0353 It is possible to execute arbitrary code via vectors related to the JavaScript engine. (MFSA 2009-01) CVE-2009-0652 Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalized domain names. (MFSA 2009-15) CVE-2009-0771 Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. (MFSA 2009-07) CVE-2009-0772 The layout engine allows the execution of arbitrary code ia vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. (MFSA 2009-07) CVE-2009-0773 The JavaScript engine is prone to the execution of arbitrary code via several vectors. (MFSA 2009-07) CVE-2009-0774 The layout engine allows the execution of arbitrary code via vectors related to gczeal. (MFSA 2009-07) CVE-2009-0776 Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. (MFSA 2009-09) CVE-2009-1302 The browser engine is prone to a possible memory corruption via several vectors. (MFSA 2009-14) CVE-2009-1303 The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. (MFSA 2009-14) CVE-2009-1307 Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. (MFSA 2009-17) CVE-2009-1832 The possible arbitrary execution of code was discovered via vectors involving "double frame construction." (MFSA 2009-24) CVE-2009-1392 Several issues were discovered in the browser engine as used by icedove, which could lead to the possible execution of arbitrary code. (MFSA 2009-24) CVE-2009-1836 Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. (MFSA 2009-27) CVE-2009-1838 moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. (MFSA 2009-29) CVE-2009-1841 moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. (MFSA 2009-32) No CVE id yet Bernd Jendrissek discovered a potentially exploitable crash when viewing a multipart/alternative mail message with a text/enhanced part. (MFSA 2009-33) For the stable distribution (lenny), these problems have been fixed in version 2.0.0.22-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported mail client. For the testing (squeeze) distribution these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 2.0.0.22-1. We recommend that you upgrade your icedove packages. |
Original Source
Url : http://www.debian.org/security/2009/dsa-1830 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
47 % | CWE-399 | Resource Management Errors |
27 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
7 % | CWE-287 | Improper Authentication |
7 % | CWE-200 | Information Exposure |
7 % | CWE-20 | Improper Input Validation |
7 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10106 | |||
Oval ID: | oval:org.mitre.oval:def:10106 | ||
Title: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1302 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10237 | |||
Oval ID: | oval:org.mitre.oval:def:10237 | ||
Title: | Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." | ||
Description: | Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1832 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10316 | |||
Oval ID: | oval:org.mitre.oval:def:10316 | ||
Title: | The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | ||
Description: | The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0040 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10491 | |||
Oval ID: | oval:org.mitre.oval:def:10491 | ||
Title: | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0773 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10972 | |||
Oval ID: | oval:org.mitre.oval:def:10972 | ||
Title: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11080 | |||
Oval ID: | oval:org.mitre.oval:def:11080 | ||
Title: | The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. | ||
Description: | The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1838 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11138 | |||
Oval ID: | oval:org.mitre.oval:def:11138 | ||
Title: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | ||
Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0774 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11314 | |||
Oval ID: | oval:org.mitre.oval:def:11314 | ||
Title: | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | ||
Description: | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0771 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11396 | |||
Oval ID: | oval:org.mitre.oval:def:11396 | ||
Title: | The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected. | ||
Description: | The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0652 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11764 | |||
Oval ID: | oval:org.mitre.oval:def:11764 | ||
Title: | Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | ||
Description: | Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1836 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13052 | |||
Oval ID: | oval:org.mitre.oval:def:13052 | ||
Title: | USN-730-1 -- libpng vulnerabilities | ||
Description: | It was discovered that libpng did not properly perform bounds checking in certain operations. An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng. This issue only affected Ubuntu 8.04 LTS. Tavis Ormandy discovered that libpng did not properly initialize memory. If a user or automated system were tricked into opening a crafted PNG image, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue did not affect Ubuntu 8.10. Harald van Dijk discovered an off-by-one error in libpng. An attacker could could cause an application crash in programs using pngtest. It was discovered that libpng did not properly NULL terminate a keyword string. An attacker could exploit this to set arbitrary memory locations to zero. Glenn Randers-Pehrson discovered that libpng did not properly initialize pointers. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program | ||
Family: | unix | Class: | patch |
Reference(s): | USN-730-1 CVE-2007-5268 CVE-2007-5269 CVE-2008-1382 CVE-2008-3964 CVE-2008-5907 CVE-2009-0040 | Version: | 5 |
Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13378 | |||
Oval ID: | oval:org.mitre.oval:def:13378 | ||
Title: | DSA-1830-1 icedove -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0040 The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialised pointer in the png_read_png function, pCAL chunk handling, or setup of 16-bit gamma tables. CVE-2009-0352 It is possible to execute arbitrary code via vectors related to the layout engine. CVE-2009-0353 It is possible to execute arbitrary code via vectors related to the JavaScript engine. CVE-2009-0652 Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalised domain names. CVE-2009-0771 Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. CVE-2009-0772 The layout engine allows the execution of arbitrary code ia vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. CVE-2009-0773 The JavaScript engine is prone to the execution of arbitrary code via several vectors. CVE-2009-0774 The layout engine allows the execution of arbitrary code via vectors related to gczeal. CVE-2009-0776 Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. CVE-2009-1302 The browser engine is prone to a possible memory corruption via several vectors. CVE-2009-1303 The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. CVE-2009-1307 Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. CVE-2009-1832 The possible arbitrary execution of code was discovered via vectors involving "double frame construction." CVE-2009-1392 Several issues were discovered in the browser engine as used by icedove, which could lead to the possible execution of arbitrary code. CVE-2009-1836 Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. CVE-2009-1838 moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. CVE-2009-1841 moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. No CVE id yet Bernd Jendrissek discovered a potentially exploitable crash when viewing a multipart/alternative mail message with a text/enhanced part. For the stable distribution, these problems have been fixed in version 2.0.0.22-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported mail client. For the testing distribution these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 2.0.0.22-1. We recommend that you upgrade your icedove packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1830-1 CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1302 CVE-2009-1303 CVE-2009-1307 CVE-2009-1832 CVE-2009-1392 CVE-2009-1836 CVE-2009-1838 CVE-2009-1841 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | icedove |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13425 | |||
Oval ID: | oval:org.mitre.oval:def:13425 | ||
Title: | DSA-1820-1 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1392 Several issues in the browser engine have been discovered, which can result in the execution of arbitrary code. CVE-2009-1832 It is possible to execute arbitrary code via vectors involving "double frame construction." CVE-2009-1833 Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript engine, which could lead to the execution of arbitrary code. CVE-2009-1834 Pavel Cvrcek discovered a potential issue leading to a spoofing attack on the location bar related to certain invalid unicode characters. CVE-2009-1835 Gregory Fleischer discovered that it is possible to read arbitrary cookies via a crafted HTML document. CVE-2009-1836 Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. CVE-2009-1837 Jakob Balle and Carsten Eiram reported a race condition in the NPObjWrapper_NewResolve function that can be used to execute arbitrary code. CVE-2009-1838 moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. CVE-2009-1839 Adam Barth and Collin Jackson reported a potential privilege escalation when loading a file::resource via the location bar. CVE-2009-1840 Wladimir Palant discovered that it is possible to bypass access restrictions due to a lack of content policy check, when loading a script file into a XUL document. CVE-2009-1841 moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object’s chrome privileges. For the stable distribution, these problems have been fixed in version 1.9.0.11-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 1.9.0.11-1. We recommend that you upgrade your xulrunner packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1820-1 CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13613 | |||
Oval ID: | oval:org.mitre.oval:def:13613 | ||
Title: | DSA-1750-1 libpng -- several | ||
Description: | Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: The png_handle_tRNS function allows attackers to cause a denial of service via a grayscale PNG image with a bad tRNS chunk CRC value. Certain chunk handlers allow attackers to cause a denial of service via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. libpng allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialised memory. The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service via a crafted PNG file. libpng allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialised pointer in the png_read_png function, pCAL chunk handling, or setup of 16-bit gamma tables. For the old stable distribution, these problems have been fixed in version1.2.15~beta5-1+etch2. For the stable distribution, these problems have been fixed in version 1.2.27-2+lenny2. For the unstable distribution, these problems have been fixed in version 1.2.35-1. We recommend that you upgrade your libpng packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1750-1 CVE-2007-2445 CVE-2007-5269 CVE-2008-1382 CVE-2008-5907 CVE-2008-6218 CVE-2009-0040 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13664 | |||
Oval ID: | oval:org.mitre.oval:def:13664 | ||
Title: | USN-741-1 -- mozilla-thunderbird, thunderbird vulnerabilities | ||
Description: | Several flaws were discovered in the browser engine. If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird and possibly execute arbitrary code with user privileges. Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user had Javascript enabled, these problems could allow a remote attacker to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Thunderbird performed a cross-domain redirect. If a user had Javascript enabled, an attacker could bypass the same-origin policy in Thunderbird by utilizing nsIRDFService and steal private data from users authenticated to the redirected website | ||
Family: | unix | Class: | patch |
Reference(s): | USN-741-1 CVE-2009-0352 CVE-2009-0772 CVE-2009-0774 CVE-2009-0776 | Version: | 5 |
Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | mozilla-thunderbird thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13848 | |||
Oval ID: | oval:org.mitre.oval:def:13848 | ||
Title: | USN-728-3 -- firefox vulnerabilities | ||
Description: | Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Firefox performed a cross-domain redirect. An attacker could bypass the same-origin policy in Firefox by utilizing nsIRDFService and steal private data from users authenticated to the redirected website | ||
Family: | unix | Class: | patch |
Reference(s): | USN-728-3 CVE-2009-0772 CVE-2009-0774 CVE-2009-0776 | Version: | 5 |
Platform(s): | Ubuntu 6.06 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13894 | |||
Oval ID: | oval:org.mitre.oval:def:13894 | ||
Title: | USN-728-2 -- firefox vulnerabilities | ||
Description: | Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Firefox performed a cross-domain redirect. An attacker could bypass the same-origin policy in Firefox by utilizing nsIRDFService and steal private data from users authenticated to the redirected website | ||
Family: | unix | Class: | patch |
Reference(s): | USN-728-2 CVE-2009-0772 CVE-2009-0774 CVE-2009-0776 | Version: | 5 |
Platform(s): | Ubuntu 7.10 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14001 | |||
Oval ID: | oval:org.mitre.oval:def:14001 | ||
Title: | USN-782-1 -- thunderbird vulnerabilities | ||
Description: | Several flaws were discovered in the JavaScript engine of Thunderbird. If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the way Thunderbird processed malformed URI schemes. If a user were tricked into viewing a malicious website and had JavaScript and plugins enabled, a remote attacker could execute arbitrary JavaScript or steal private data. Cefn Hoile discovered Thunderbird did not adequately protect against embedded third-party stylesheets. If JavaScript were enabled, an attacker could exploit this to perform script injection attacks using XBL bindings. Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Thunderbird did not properly handle error responses when connecting to a proxy server. If a user had JavaScript enabled while using Thunderbird to view websites and a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. It was discovered that Thunderbird could be made to run scripts with elevated privileges. If a user had JavaScript enabled while having certain non-default add-ons installed and were tricked into viewing a malicious website, an attacker could cause a chrome privileged object, such as the browser sidebar, to run arbitrary code via interactions with the attacker controlled website | ||
Family: | unix | Class: | patch |
Reference(s): | USN-782-1 CVE-2009-1303 CVE-2009-1305 CVE-2009-1392 CVE-2009-1833 CVE-2009-1838 CVE-2009-1306 CVE-2009-1307 CVE-2009-1309 CVE-2009-1308 CVE-2009-1836 CVE-2009-1841 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20238 | |||
Oval ID: | oval:org.mitre.oval:def:20238 | ||
Title: | DSA-1751-1 xulrunner - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1751-1 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22628 | |||
Oval ID: | oval:org.mitre.oval:def:22628 | ||
Title: | ELSA-2009:1126: thunderbird security update (Moderate) | ||
Description: | Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1126-01 CVE-2009-1303 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1392 CVE-2009-1833 CVE-2009-1836 CVE-2009-1838 CVE-2009-2210 | Version: | 49 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22744 | |||
Oval ID: | oval:org.mitre.oval:def:22744 | ||
Title: | ELSA-2009:0333: libpng security update (Moderate) | ||
Description: | The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0333-01 CVE-2008-1382 CVE-2009-0040 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | libpng libpng10 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22778 | |||
Oval ID: | oval:org.mitre.oval:def:22778 | ||
Title: | ELSA-2009:0258: thunderbird security update (Moderate) | ||
Description: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0258-01 CVE-2009-0352 CVE-2009-0353 CVE-2009-0355 CVE-2009-0772 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 | Version: | 33 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22817 | |||
Oval ID: | oval:org.mitre.oval:def:22817 | ||
Title: | ELSA-2009:1095: firefox security update (Critical) | ||
Description: | js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1095-01 CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 | Version: | 49 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29166 | |||
Oval ID: | oval:org.mitre.oval:def:29166 | ||
Title: | RHSA-2009:0258 -- thunderbird security update (Moderate) | ||
Description: | An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0258 CESA-2009:0258-CentOS 5 CVE-2009-0352 CVE-2009-0353 CVE-2009-0355 CVE-2009-0772 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29183 | |||
Oval ID: | oval:org.mitre.oval:def:29183 | ||
Title: | RHSA-2009:1126 -- thunderbird security update (Moderate) | ||
Description: | An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833, CVE-2009-1838) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1126 CESA-2009:1126-CentOS 5 CVE-2009-1303 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1392 CVE-2009-1833 CVE-2009-1836 CVE-2009-1838 CVE-2009-2210 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29196 | |||
Oval ID: | oval:org.mitre.oval:def:29196 | ||
Title: | RHSA-2009:0333 -- libpng security update (Moderate) | ||
Description: | Updated libpng and libpng10 packages that fix a couple of security issues are now available for Red Hat Enterprise Linux 2.1, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to freerandom memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0333 CESA-2009:0333-CentOS 2 CVE-2008-1382 CVE-2009-0040 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 2 | Product(s): | libpng libpng10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29396 | |||
Oval ID: | oval:org.mitre.oval:def:29396 | ||
Title: | RHSA-2009:1095 -- firefox security update (Critical) | ||
Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838, CVE-2009-1841) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1095 CESA-2009:1095-CentOS 5 CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5250 | |||
Oval ID: | oval:org.mitre.oval:def:5250 | ||
Title: | Mozilla Seamonkey memory corruption Vulnerability | ||
Description: | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0771 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5527 | |||
Oval ID: | oval:org.mitre.oval:def:5527 | ||
Title: | Mozilla Firefox Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1302 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5703 | |||
Oval ID: | oval:org.mitre.oval:def:5703 | ||
Title: | Mozilla Thunderbird Denial of Service Vulnerability | ||
Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0772 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5810 | |||
Oval ID: | oval:org.mitre.oval:def:5810 | ||
Title: | Mozilla Seamonkey Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5856 | |||
Oval ID: | oval:org.mitre.oval:def:5856 | ||
Title: | Mozilla Seamonkey Denial of Service and arbitrary code execution Vulnerabilities | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0773 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5933 | |||
Oval ID: | oval:org.mitre.oval:def:5933 | ||
Title: | Mozilla Seamonkey arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5945 | |||
Oval ID: | oval:org.mitre.oval:def:5945 | ||
Title: | Mozilla Seamonkey Denial of Service Vulnerability | ||
Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0772 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5947 | |||
Oval ID: | oval:org.mitre.oval:def:5947 | ||
Title: | Mozilla Firefox gczeal (vector) Denial of Service Vulnerability | ||
Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0774 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5956 | |||
Oval ID: | oval:org.mitre.oval:def:5956 | ||
Title: | Mozilla Firefox security bypass Vulnerability | ||
Description: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0776 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5980 | |||
Oval ID: | oval:org.mitre.oval:def:5980 | ||
Title: | Mozilla Thunderbird Denial of Service and arbitrary code execution Vulnerabilities | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0773 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5992 | |||
Oval ID: | oval:org.mitre.oval:def:5992 | ||
Title: | Mozilla Firefox Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6017 | |||
Oval ID: | oval:org.mitre.oval:def:6017 | ||
Title: | Mozilla Seamonkey security bypass Vulnerability | ||
Description: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0776 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6057 | |||
Oval ID: | oval:org.mitre.oval:def:6057 | ||
Title: | Mozilla Seamonkey gczeal (vector) Denial of Service Vulnerability | ||
Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0774 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6070 | |||
Oval ID: | oval:org.mitre.oval:def:6070 | ||
Title: | Mozilla Seamonkey Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1302 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6097 | |||
Oval ID: | oval:org.mitre.oval:def:6097 | ||
Title: | Mozilla Firefox Denial of Service Vulnerability | ||
Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0772 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6121 | |||
Oval ID: | oval:org.mitre.oval:def:6121 | ||
Title: | Mozilla Thunderbird gczeal (vector) Denial of Service Vulnerability | ||
Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0774 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6141 | |||
Oval ID: | oval:org.mitre.oval:def:6141 | ||
Title: | Mozilla Firefox Denial of Service and arbitrary code execution Vulnerabilities | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0773 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6151 | |||
Oval ID: | oval:org.mitre.oval:def:6151 | ||
Title: | Mozilla Thunderbird Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6154 | |||
Oval ID: | oval:org.mitre.oval:def:6154 | ||
Title: | Mozilla Firefox arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6163 | |||
Oval ID: | oval:org.mitre.oval:def:6163 | ||
Title: | Mozilla Thunderbird memory corruption Vulnerability | ||
Description: | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0771 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6170 | |||
Oval ID: | oval:org.mitre.oval:def:6170 | ||
Title: | Mozilla Thunderbird Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1302 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6191 | |||
Oval ID: | oval:org.mitre.oval:def:6191 | ||
Title: | Mozilla Thunderbird security bypass Vulnerability | ||
Description: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0776 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6196 | |||
Oval ID: | oval:org.mitre.oval:def:6196 | ||
Title: | Mozilla Firefox memory corruption Vulnerability | ||
Description: | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0771 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6266 | |||
Oval ID: | oval:org.mitre.oval:def:6266 | ||
Title: | Mozilla Thunderbird arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6458 | |||
Oval ID: | oval:org.mitre.oval:def:6458 | ||
Title: | Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerability | ||
Description: | The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0040 | Version: | 1 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6557 | |||
Oval ID: | oval:org.mitre.oval:def:6557 | ||
Title: | DSA-1750 libpng -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: The png_handle_tRNS function allows attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. Certain chunk handlers allow attackers to cause a denial of service (crash) via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. libpng allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which trigger an access of uninitialised memory. The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. libpng allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialised pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1750 CVE-2007-2445 CVE-2007-5269 CVE-2008-1382 CVE-2008-5907 CVE-2008-6218 CVE-2009-0040 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6646 | |||
Oval ID: | oval:org.mitre.oval:def:6646 | ||
Title: | Mozilla Thunderbird, Firefox and Seamonkey Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6708 | |||
Oval ID: | oval:org.mitre.oval:def:6708 | ||
Title: | Mozilla Firefox, Thunderbird and Seamonkey Denial of Service and arbitrary code execution Vulnerabilities | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0773 | Version: | 19 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6755 | |||
Oval ID: | oval:org.mitre.oval:def:6755 | ||
Title: | Mozilla Firefox, Thunderbird and Seamonkey memory corruption Vulnerability | ||
Description: | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0771 | Version: | 19 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6811 | |||
Oval ID: | oval:org.mitre.oval:def:6811 | ||
Title: | Mozilla Firefox, Thunderbird and Seamonkey Denial of Service Vulnerability | ||
Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0772 | Version: | 19 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6945 | |||
Oval ID: | oval:org.mitre.oval:def:6945 | ||
Title: | Mozilla Firefox, Thunderbird and Seamonkey gczeal (vector) Denial of Service Vulnerability | ||
Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0774 | Version: | 19 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7008 | |||
Oval ID: | oval:org.mitre.oval:def:7008 | ||
Title: | Mozilla Thunderbird, Firefox and Seamonkey arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7030 | |||
Oval ID: | oval:org.mitre.oval:def:7030 | ||
Title: | Mozilla Thunderbird, Seamonkey and Firefox Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1302 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7390 | |||
Oval ID: | oval:org.mitre.oval:def:7390 | ||
Title: | Mozilla Firefox, Thunderbird and Seamonkey security bypass Vulnerability | ||
Description: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0776 | Version: | 19 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7872 | |||
Oval ID: | oval:org.mitre.oval:def:7872 | ||
Title: | DSA-1820 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Several issues in the browser engine have been discovered, which can result in the execution of arbitrary code. (MFSA 2009-24) It is possible to execute arbitrary code via vectors involving "double frame construction." (MFSA 2009-24) Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript engine, which could lead to the execution of arbitrary code. (MFSA 2009-24) Pavel Cvrcek discovered a potential issue leading to a spoofing attack on the location bar related to certain invalid unicode characters. (MFSA 2009-25) Gregory Fleischer discovered that it is possible to read arbitrary cookies via a crafted HTML document. (MFSA 2009-26) Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. (MFSA 2009-27) Jakob Balle and Carsten Eiram reported a race condition in the NPObjWrapper_NewResolve function that can be used to execute arbitrary code. (MFSA 2009-28) moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. (MFSA 2009-29) Adam Barth and Collin Jackson reported a potential privilege escalation when loading a file::resource via the location bar. (MFSA 2009-30) Wladimir Palant discovered that it is possible to bypass access restrictions due to a lack of content policy check, when loading a script file into a XUL document. (MFSA 2009-31) moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. (MFSA 2009-32) | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1820 CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7990 | |||
Oval ID: | oval:org.mitre.oval:def:7990 | ||
Title: | DSA-1751 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Martijn Wargers, Jesse Ruderman and Josh Soref discovered crashes in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. Gary Kwong, and Timothee Groleau discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. It was discovered that incorrect memory management in the DOM element handling may lead to the execution of arbitrary code. Georgi Guninski discovered a violation of the same-origin policy through RDFXMLDataSource and cross-domain redirects. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1751 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8036 | |||
Oval ID: | oval:org.mitre.oval:def:8036 | ||
Title: | DSA-1830 icedove -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialised pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. (MFSA 2009-10) It is possible to execute arbitrary code via vectors related to the layout engine. (MFSA 2009-01) It is possible to execute arbitrary code via vectors related to the JavaScript engine. (MFSA 2009-01) Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalised domain names. (MFSA 2009-15) Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. (MFSA 2009-07) The layout engine allows the execution of arbitrary code in vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. (MFSA 2009-07) The JavaScript engine is prone to the execution of arbitrary code via several vectors. (MFSA 2009-07) The layout engine allows the execution of arbitrary code via vectors related to gczeal. (MFSA 2009-07) Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. (MFSA 2009-09) The browser engine is prone to a possible memory corruption via several vectors. (MFSA 2009-14) The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. (MFSA 2009-14) Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. (MFSA 2009-17) The possible arbitrary execution of code was discovered via vectors involving "double frame construction." (MFSA 2009-24) Several issues were discovered in the browser engine as used by icedove, which could lead to the possible execution of arbitrary code. (MFSA 2009-24) Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. (MFSA 2009-27) moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage collection implementation. (MFSA 2009-29) moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. (MFSA 2009-32) Bernd Jendrissek discovered a potentially exploitable crash when viewing a multipart/alternative mail message with a text/enhanced part. (MFSA 2009-33) | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1830 CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1302 CVE-2009-1303 CVE-2009-1307 CVE-2009-1832 CVE-2009-1392 CVE-2009-1836 CVE-2009-1838 CVE-2009-1841 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | icedove |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9241 | |||
Oval ID: | oval:org.mitre.oval:def:9241 | ||
Title: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
Description: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0776 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9455 | |||
Oval ID: | oval:org.mitre.oval:def:9455 | ||
Title: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9501 | |||
Oval ID: | oval:org.mitre.oval:def:9501 | ||
Title: | The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors. | ||
Description: | The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1392 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9609 | |||
Oval ID: | oval:org.mitre.oval:def:9609 | ||
Title: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. | ||
Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0772 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9815 | |||
Oval ID: | oval:org.mitre.oval:def:9815 | ||
Title: | js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | ||
Description: | js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1841 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9994 | |||
Oval ID: | oval:org.mitre.oval:def:9994 | ||
Title: | Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. | ||
Description: | Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2210 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-10-03 | Name : Gentoo Security Advisory GLSA 201209-25 (vmware-server vmware-player vmware-w... File : nvt/glsa_201209_25.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0256 centos4 i386 File : nvt/gb_CESA-2009_0256_firefox_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0256 centos5 i386 File : nvt/gb_CESA-2009_0256_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0257-01 centos2 i386 File : nvt/gb_CESA-2009_0257-01_seamonkey_centos2_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0257 centos3 i386 File : nvt/gb_CESA-2009_0257_seamonkey_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0257 centos4 i386 File : nvt/gb_CESA-2009_0257_seamonkey_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:0258 centos4 i386 File : nvt/gb_CESA-2009_0258_thunderbird_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:0258 centos5 i386 File : nvt/gb_CESA-2009_0258_thunderbird_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0315 centos4 i386 File : nvt/gb_CESA-2009_0315_firefox_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0315 centos5 i386 File : nvt/gb_CESA-2009_0315_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0325-01 centos2 i386 File : nvt/gb_CESA-2009_0325-01_seamonkey_centos2_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0325 centos3 i386 File : nvt/gb_CESA-2009_0325_seamonkey_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0325 centos4 i386 File : nvt/gb_CESA-2009_0325_seamonkey_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for libpng CESA-2009:0333-01 centos2 i386 File : nvt/gb_CESA-2009_0333-01_libpng_centos2_i386.nasl |
2011-08-09 | Name : CentOS Update for libpng10 CESA-2009:0333 centos4 i386 File : nvt/gb_CESA-2009_0333_libpng10_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for libpng10 CESA-2009:0340 centos3 i386 File : nvt/gb_CESA-2009_0340_libpng10_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0436 centos4 i386 File : nvt/gb_CESA-2009_0436_firefox_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0436 centos5 i386 File : nvt/gb_CESA-2009_0436_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0437-02 centos2 i386 File : nvt/gb_CESA-2009_0437-02_seamonkey_centos2_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0437 centos4 i386 File : nvt/gb_CESA-2009_0437_seamonkey_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1095 centos5 i386 File : nvt/gb_CESA-2009_1095_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1096 centos3 i386 File : nvt/gb_CESA-2009_1096_seamonkey_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:1126 centos5 i386 File : nvt/gb_CESA-2009_1126_thunderbird_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1134 centos3 i386 File : nvt/gb_CESA-2009_1134_seamonkey_centos3_i386.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2010-05-12 | Name : Mac OS X 10.5.8 Update / Mac OS X Security Update 2009-003 File : nvt/macosx_upd_10_5_8_secupd_2009-003.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox3.nasl |
2009-10-13 | Name : SLES10: Security update for libpng File : nvt/sles10_libpng.nasl |
2009-10-13 | Name : SLES10: Security update for libpng File : nvt/sles10_libpng0.nasl |
2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox.nasl |
2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox1.nasl |
2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox3.nasl |
2009-10-11 | Name : SLES11: Security update for libpng File : nvt/sles11_libpng12-0.nasl |
2009-10-11 | Name : SLES11: Security update for Mozilla File : nvt/sles11_mozilla-xulrunn.nasl |
2009-10-10 | Name : SLES9: Security update for libpng File : nvt/sles9p5043440.nasl |
2009-10-10 | Name : SLES9: Security update for libpng File : nvt/sles9p5043680.nasl |
2009-10-10 | Name : SLES9: Security update for epiphany File : nvt/sles9p5059920.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:185 (firefox) File : nvt/mdksa_2009_185.nasl |
2009-07-29 | Name : Debian Security Advisory DSA 1830-1 (icedove) File : nvt/deb_1830_1.nasl |
2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7567 (seamonkey) File : nvt/fcore_2009_7567.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7614 (seamonkey) File : nvt/fcore_2009_7614.nasl |
2009-07-29 | Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl |
2009-07-29 | Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl |
2009-07-29 | Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl |
2009-07-06 | Name : RedHat Security Advisory RHSA-2009:1134 File : nvt/RHSA_2009_1134.nasl |
2009-07-06 | Name : CentOS Security Advisory CESA-2009:1134 (seamonkey) File : nvt/ovcesa2009_1134.nasl |
2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1125 File : nvt/RHSA_2009_1125.nasl |
2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1126 File : nvt/RHSA_2009_1126.nasl |
2009-06-30 | Name : Mandrake Security Advisory MDVSA-2009:141 (mozilla-thunderbird) File : nvt/mdksa_2009_141.nasl |
2009-06-30 | Name : CentOS Security Advisory CESA-2009:1126 (thunderbird) File : nvt/ovcesa2009_1126.nasl |
2009-06-30 | Name : Mozilla Thunderbird/Seamonkey DoS Vulnerability June-09 (Linux) File : nvt/secpod_mozilla_prdts_dos_vuln_jun09_lin.nasl |
2009-06-30 | Name : Mozilla Products DoS Vulnerability June-09 (Win) File : nvt/secpod_mozilla_prdts_dos_vuln_jun09_win.nasl |
2009-06-30 | Name : Ubuntu USN-782-1 (thunderbird) File : nvt/ubuntu_782_1.nasl |
2009-06-30 | Name : Ubuntu USN-792-1 (openssl) File : nvt/ubuntu_792_1.nasl |
2009-06-23 | Name : Debian Security Advisory DSA 1820-1 (xulrunner) File : nvt/deb_1820_1.nasl |
2009-06-23 | Name : Fedora Core 10 FEDORA-2009-6366 (firefox) File : nvt/fcore_2009_6366.nasl |
2009-06-23 | Name : Fedora Core 9 FEDORA-2009-6411 (firefox) File : nvt/fcore_2009_6411.nasl |
2009-06-23 | Name : Fedora Core 10 FEDORA-2009-6531 (libpng) File : nvt/fcore_2009_6531.nasl |
2009-06-23 | Name : Fedora Core 9 FEDORA-2009-6603 (libpng) File : nvt/fcore_2009_6603.nasl |
2009-06-23 | Name : Mandrake Security Advisory MDVSA-2009:134 (firefox) File : nvt/mdksa_2009_134.nasl |
2009-06-23 | Name : CentOS Security Advisory CESA-2009:1095 (firefox) File : nvt/ovcesa2009_1095.nasl |
2009-06-23 | Name : SuSE Security Advisory SUSE-SA:2009:034 (MozillaFirefox) File : nvt/suse_sa_2009_034.nasl |
2009-06-23 | Name : Ubuntu USN-779-1 (xulrunner-1.9) File : nvt/ubuntu_779_1.nasl |
2009-06-16 | Name : Mozilla Firefox Multiple Vulnerability Jun-09 (Linux) File : nvt/gb_firefox_mult_vuln_jun09_lin.nasl |
2009-06-16 | Name : Mozilla Firefox Multiple Vulnerability Jun-09 (Win) File : nvt/gb_firefox_mult_vuln_jun09_win.nasl |
2009-06-16 | Name : Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux) File : nvt/gb_seamonkey_mult_vuln_jun09_lin.nasl |
2009-06-16 | Name : Mozilla Seamonkey Multiple Vulnerability Jun-09 (Win) File : nvt/gb_seamonkey_mult_vuln_jun09_win.nasl |
2009-06-16 | Name : Mozilla Thunderbird Multiple Vulnerability Jun-09 (Linux) File : nvt/gb_thunderbird_mult_vuln_jun09_lin.nasl |
2009-06-16 | Name : Mozilla Thunderbird Multiple Vulnerability Jun-09 (Win) File : nvt/gb_thunderbird_mult_vuln_jun09_win.nasl |
2009-06-15 | Name : RedHat Security Advisory RHSA-2009:1095 File : nvt/RHSA_2009_1095.nasl |
2009-06-15 | Name : RedHat Security Advisory RHSA-2009:1096 File : nvt/RHSA_2009_1096.nasl |
2009-06-15 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox39.nasl |
2009-06-15 | Name : CentOS Security Advisory CESA-2009:1096 (seamonkey) File : nvt/ovcesa2009_1096.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:111 (firefox) File : nvt/mdksa_2009_111.nasl |
2009-06-05 | Name : Ubuntu USN-723-1 (git-core) File : nvt/ubuntu_723_1.nasl |
2009-06-05 | Name : Ubuntu USN-763-1 (xine-lib) File : nvt/ubuntu_763_1.nasl |
2009-06-05 | Name : Ubuntu USN-764-1 (xulrunner-1.9) File : nvt/ubuntu_764_1.nasl |
2009-06-05 | Name : Ubuntu USN-771-1 (libmodplug) File : nvt/ubuntu_771_1.nasl |
2009-06-05 | Name : Ubuntu USN-772-1 (mpfr) File : nvt/ubuntu_772_1.nasl |
2009-06-05 | Name : Ubuntu USN-773-1 (pango1.0) File : nvt/ubuntu_773_1.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:0437 (seamonkey) File : nvt/ovcesa2009_0437.nasl |
2009-05-20 | Name : Mandrake Security Advisory MDVSA-2009:111-1 (firefox) File : nvt/mdksa_2009_111_1.nasl |
2009-05-20 | Name : CentOS Security Advisory CESA-2009:0258 (thunderbird) File : nvt/ovcesa2009_0258.nasl |
2009-05-20 | Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl |
2009-05-11 | Name : Debian Security Advisory DSA 1797-1 (xulrunner) File : nvt/deb_1797_1.nasl |
2009-04-30 | Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_firefox_mult_vuln_apr09_lin.nasl |
2009-04-30 | Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_firefox_mult_vuln_apr09_win.nasl |
2009-04-30 | Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_seamonkey_mult_vuln_apr09_lin.nasl |
2009-04-30 | Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_seamonkey_mult_vuln_apr09_win.nasl |
2009-04-30 | Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_thunderbird_mult_vuln_apr09_lin.nasl |
2009-04-30 | Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_thunderbird_mult_vuln_apr09_win.nasl |
2009-04-28 | Name : RedHat Security Advisory RHSA-2009:0436 File : nvt/RHSA_2009_0436.nasl |
2009-04-28 | Name : RedHat Security Advisory RHSA-2009:0437 File : nvt/RHSA_2009_0437.nasl |
2009-04-28 | Name : Fedora Core 9 FEDORA-2009-3875 (firefox) File : nvt/fcore_2009_3875.nasl |
2009-04-28 | Name : Fedora Core 10 FEDORA-2009-3893 (epiphany) File : nvt/fcore_2009_3893.nasl |
2009-04-28 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox38.nasl |
2009-04-28 | Name : CentOS Security Advisory CESA-2009:0333 (libpng) File : nvt/ovcesa2009_0333.nasl |
2009-04-28 | Name : CentOS Security Advisory CESA-2009:0436 (firefox) File : nvt/ovcesa2009_0436.nasl |
2009-04-28 | Name : CentOS Security Advisory CESA-2009:0437-02 (seamonkey) File : nvt/ovcesa2009_0437_02.nasl |
2009-04-20 | Name : SuSE Security Advisory SUSE-SA:2009:023 (MozillaFirefox) File : nvt/suse_sa_2009_023.nasl |
2009-04-06 | Name : Fedora Core 9 FEDORA-2009-3101 (seamonkey) File : nvt/fcore_2009_3101.nasl |
2009-04-06 | Name : Fedora Core 10 FEDORA-2009-3161 (seamonkey) File : nvt/fcore_2009_3161.nasl |
2009-04-06 | Name : Mandrake Security Advisory MDVSA-2009:083 (mozilla-thunderbird) File : nvt/mdksa_2009_083.nasl |
2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0258 File : nvt/RHSA_2009_0258.nasl |
2009-03-31 | Name : Debian Security Advisory DSA 1750-1 (libpng) File : nvt/deb_1750_1.nasl |
2009-03-31 | Name : Fedora Core 10 FEDORA-2009-2882 (thunderbird) File : nvt/fcore_2009_2882.nasl |
2009-03-31 | Name : Fedora Core 9 FEDORA-2009-2884 (thunderbird) File : nvt/fcore_2009_2884.nasl |
2009-03-31 | Name : Ubuntu USN-741-1 (thunderbird) File : nvt/ubuntu_741_1.nasl |
2009-03-31 | Name : Ubuntu USN-742-1 (jasper) File : nvt/ubuntu_742_1.nasl |
2009-03-20 | Name : Gentoo Security Advisory GLSA 200903-28 (libpng) File : nvt/glsa_200903_28.nasl |
2009-03-20 | Name : Mandrake Security Advisory MDVSA-2009:075 (firefox) File : nvt/mdksa_2009_075.nasl |
2009-03-20 | Name : SuSE Security Advisory SUSE-SA:2009:012 (MozillaFirefox) File : nvt/suse_sa_2009_012.nasl |
2009-03-13 | Name : Fedora Core 10 FEDORA-2009-1976 (libpng10) File : nvt/fcore_2009_1976.nasl |
2009-03-13 | Name : Fedora Core 9 FEDORA-2009-2045 (libpng10) File : nvt/fcore_2009_2045.nasl |
2009-03-13 | Name : Fedora Core 9 FEDORA-2009-2421 (firefox) File : nvt/fcore_2009_2421.nasl |
2009-03-13 | Name : Fedora Core 10 FEDORA-2009-2422 (firefox) File : nvt/fcore_2009_2422.nasl |
2009-03-13 | Name : CentOS Security Advisory CESA-2009:0315 (firefox) File : nvt/ovcesa2009_0315.nasl |
2009-03-13 | Name : CentOS Security Advisory CESA-2009:0325-01 (seamonkey) File : nvt/ovcesa2009_0325_01.nasl |
2009-03-13 | Name : CentOS Security Advisory CESA-2009:0333-01 (libpng) File : nvt/ovcesa2009_0333_01.nasl |
2009-03-13 | Name : CentOS Security Advisory CESA-2009:0340 (libpng) File : nvt/ovcesa2009_0340.nasl |
2009-03-10 | Name : Mozilla Firefox Multiple Vulnerabilities Mar-09 (Linux) File : nvt/gb_firefox_mult_vuln_mar09_lin.nasl |
2009-03-10 | Name : Mozilla Firefox Multiple Vulnerabilities Mar-09 (Win) File : nvt/gb_firefox_mult_vuln_mar09_win.nasl |
2009-03-10 | Name : Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Linux) File : nvt/gb_seamonkey_mult_vuln_mar09_lin.nasl |
2009-03-10 | Name : Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Win) File : nvt/gb_seamonkey_mult_vuln_mar09_win.nasl |
2009-03-10 | Name : Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Linux) File : nvt/gb_thunderbird_mult_vuln_mar09_lin.nasl |
2009-03-10 | Name : Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Win) File : nvt/gb_thunderbird_mult_vuln_mar09_win.nasl |
2009-03-07 | Name : RedHat Security Advisory RHSA-2009:0315 File : nvt/RHSA_2009_0315.nasl |
2009-03-07 | Name : RedHat Security Advisory RHSA-2009:0325 File : nvt/RHSA_2009_0325.nasl |
2009-03-07 | Name : RedHat Security Advisory RHSA-2009:0333 File : nvt/RHSA_2009_0333.nasl |
2009-03-07 | Name : RedHat Security Advisory RHSA-2009:0340 File : nvt/RHSA_2009_0340.nasl |
2009-03-07 | Name : FreeBSD Ports: pngcrush File : nvt/freebsd_pngcrush.nasl |
2009-03-07 | Name : CentOS Security Advisory CESA-2009:0325 (seamonkey) File : nvt/ovcesa2009_0325.nasl |
2009-03-07 | Name : Ubuntu USN-728-1 (xulrunner-1.9) File : nvt/ubuntu_728_1.nasl |
2009-03-07 | Name : Ubuntu USN-728-2 (firefox) File : nvt/ubuntu_728_2.nasl |
2009-03-07 | Name : Ubuntu USN-728-3 (firefox) File : nvt/ubuntu_728_3.nasl |
2009-03-07 | Name : Ubuntu USN-730-1 (libpng) File : nvt/ubuntu_730_1.nasl |
2009-03-02 | Name : Fedora Core 10 FEDORA-2009-2112 (libpng) File : nvt/fcore_2009_2112.nasl |
2009-03-02 | Name : Fedora Core 9 FEDORA-2009-2128 (libpng) File : nvt/fcore_2009_2128.nasl |
2009-03-02 | Name : Fedora Core 10 FEDORA-2009-2131 (mingw32-libpng) File : nvt/fcore_2009_2131.nasl |
2009-03-02 | Name : Mandrake Security Advisory MDVSA-2009:051 (libpng) File : nvt/mdksa_2009_051.nasl |
2009-03-02 | Name : SuSE Security Summary SUSE-SR:2009:005 File : nvt/suse_sr_2009_005.nasl |
2009-02-26 | Name : Firefox URL Spoofing And Phising Vulnerability (Linux) File : nvt/secpod_firefox_url_spoof_vuln_lin.nasl |
2009-02-26 | Name : Firefox URL Spoofing And Phising Vulnerability (Win) File : nvt/secpod_firefox_url_spoof_vuln_win.nasl |
2009-02-23 | Name : Mandrake Security Advisory MDVSA-2009:044 (firefox) File : nvt/mdksa_2009_044.nasl |
2009-02-20 | Name : Mozilla Firefox Multiple Vulnerabilities Feb-09 (Linux) File : nvt/secpod_firefox_mult_vuln_feb09_lin.nasl |
2009-02-20 | Name : Mozilla Firefox Multiple Vulnerabilities Feb-09 (Win) File : nvt/secpod_firefox_mult_vuln_feb09_win.nasl |
2009-02-20 | Name : Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Linux) File : nvt/secpod_seamonkey_mult_vuln_feb09_lin.nasl |
2009-02-20 | Name : Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Win) File : nvt/secpod_seamonkey_mult_vuln_feb09_win.nasl |
2009-02-20 | Name : Mozilla Thunderbird Multiple Vulnerabilities Feb-09 (Linux) File : nvt/secpod_thunderbird_mult_vuln_feb09_lin.nasl |
2009-02-20 | Name : Mozilla Thunderbird Multiple Vulnerabilities Feb-09 (Win) File : nvt/secpod_thunderbird_mult_vuln_feb09_win.nasl |
2009-02-18 | Name : SuSE Security Advisory SUSE-SA:2009:009 (MozillaFirefox) File : nvt/suse_sa_2009_009.nasl |
2009-02-13 | Name : Fedora Core 10 FEDORA-2009-1398 (xulrunner) File : nvt/fcore_2009_1398.nasl |
2009-02-13 | Name : Fedora Core 9 FEDORA-2009-1399 (xulrunner) File : nvt/fcore_2009_1399.nasl |
2009-02-13 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox37.nasl |
2009-02-13 | Name : Ubuntu USN-717-1 (xulrunner-1.9) File : nvt/ubuntu_717_1.nasl |
2009-02-10 | Name : RedHat Security Advisory RHSA-2009:0256 File : nvt/RHSA_2009_0256.nasl |
2009-02-10 | Name : RedHat Security Advisory RHSA-2009:0257 File : nvt/RHSA_2009_0257.nasl |
2009-02-10 | Name : CentOS Security Advisory CESA-2009:0256 (firefox) File : nvt/ovcesa2009_0256.nasl |
2009-02-10 | Name : CentOS Security Advisory CESA-2009:0257 (seamonkey) File : nvt/ovcesa2009_0257.nasl |
2009-02-10 | Name : CentOS Security Advisory CESA-2009:0257-01 (seamonkey) File : nvt/ovcesa2009_0257_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-051-01 libpng File : nvt/esoft_slk_ssa_2009_051_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-083-02 seamonkey File : nvt/esoft_slk_ssa_2009_083_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-083-03 mozilla-thunderbird File : nvt/esoft_slk_ssa_2009_083_03.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-167-01 mozilla-firefox File : nvt/esoft_slk_ssa_2009_167_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-176-01 seamonkey File : nvt/esoft_slk_ssa_2009_176_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-178-01 mozilla-thunderbird File : nvt/esoft_slk_ssa_2009_178_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55532 | Mozilla Multiple Products Crafted multipart/alternative E-mail Message Remote... |
55160 | Mozilla Multiple Products Proxy Server CONNECT Response Manipulation SSL MiTM... |
55159 | Mozilla Multiple Products xpcwrappedjsclass.cpp JavaScript Chrome Privilege E... |
55157 | Mozilla Multiple Products Garbage-collection Implementation Crafted Event Han... |
55148 | Mozilla Multiple Products Double Frame Construction Memory Corruption |
55147 | Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corruption |
55146 | Mozilla Multiple Products Browser Engine xulrunner nsWindow::SetCursor Functi... |
55145 | Mozilla Multiple Products Browser Engine nsHTMLEditor::HideResizers contentEd... |
55144 | Mozilla Multiple Products Browser Engine AtomTableClearEntry Multiple Method ... |
55143 | Mozilla Multiple Products Browser Engine nsListBoxBodyFrame::GetNextItemBox x... |
55142 | Mozilla Multiple Products Browser Engine PL_DHashTableFinish style Tag Handli... |
55141 | Mozilla Multiple Products Browser Engine IsPercentageAware Function Memory Co... |
55140 | Mozilla Multiple Products Browser Engine nsTextFrame::ClearTextRun Accessibil... |
55139 | Mozilla Multiple Products Browser Engine UnhookTextRunFromFrames / ClearAllTe... |
55138 | Mozilla Multiple Products Browser Engine nsEventStateManager::GetContentState... |
53972 | Mozilla Multiple Products nsAsyncInstantiateEvent::Run() Frame Handling Memor... |
53971 | Mozilla Multiple Products nsSVGElement::BindToTree svg Handling Memory Corrup... |
53966 | Mozilla Multiple Products gfxSkipCharsIterator::SetOffsets Memory Corruption |
53965 | Mozilla Multiple Products nsStyleContext::Destroy() DOMAttrModified Window Ha... |
53964 | Mozilla Multiple Products PL_DHashTableOperate / nsEditor::EndUpdateViewBatch... |
53963 | Mozilla Multiple Products XSLT Stylesheet Compiling Memory Corruption |
53962 | Mozilla Multiple Products nsComputedDOMStyle::GetWidth Memory Corruption |
53961 | Mozilla Multiple Products nsXULDocument::SynchronizeBroadcastListener Memory ... |
53960 | Mozilla Multiple Products IsBindingAncestor Frame Handling Memory Corruption |
53958 | Mozilla Multiple Products view-source: Scheme Adobe Flash Same-origin Policy ... |
53317 | libpng 16-bit Gamma Table Handling Uninitialised Pointer Free Arbitrary Code ... |
53316 | libpng pCAL Chunk Handling Uninitialised Pointer Free Arbitrary Code Execution |
53315 | libpng png_read_png Function Uninitialised Pointer Free Arbitrary Code Execution |
52659 | Mozilla Firefox IDN Homoglyph Character Literal Rendering URI Spoofing Weakness |
52451 | Mozilla Multiple Products nsIRDFService Cross-domain Redirect Same-origin Pol... Multiple Mozilla products contain a flaw that may allow a malicious website operator to access private data from users redirected to another website. The issue is triggered by nsIRDFService allowing a malicious website operator to use a cross-domain redirect to steal arbitrary XML data from another domain, resulting in a loss of confidentiality. |
52449 | Mozilla Multiple Products JavaScript Engine Multiple Vector Unspecified DoS |
52448 | Mozilla Multiple Products JavaScript Engine jsopcode.cpp Multiple Vector Arbi... |
52447 | Mozilla Multiple Products JavaScript Engine jsarray.cpp ResizeSlots Function ... |
52446 | Mozilla Multiple Products Layout Engine gczeal Unspecified Code Execution |
52445 | Mozilla Multiple Products Layout Engine nsCSSStyleSheet::GetOwnerNode Functio... |
52444 | Mozilla Multiple Products Layout Engine Multiple Unspecified Memory Corruptions |
51940 | Mozilla Multiple Products Layout Engine nsStyleContext::Destroy Multiple Meth... |
51939 | Mozilla Multiple Products Layout Engine nsOverflowContinuationTracker::Insert... |
51938 | Mozilla Multiple Products Layout Engine nsContainerFrame::ReflowOverflowConta... |
51937 | Mozilla Multiple Products Layout Engine nsViewManager::Composite() Layout Obj... |
51936 | Mozilla Multiple Products Layout Engine nsTransactionItem.cpp PlaceholderTxn:... |
51935 | Mozilla Multiple Products Layout Engine nsAttributeTextNode GetStrokeDash* Me... |
51934 | Mozilla Multiple Products Layout Engine nsStyleContext::Release Memory Corrup... |
51933 | Mozilla Multiple Products Layout Engine nsContainerFrame.cpp Frame Tree Handl... |
51932 | Mozilla Multiple Products Layout Engine nsContentUtils::ComparePosition Memor... |
51931 | Mozilla Multiple Products Layout Engine File Open Dialog input type Manipulat... |
51929 | Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption |
Snort® IPS/IDS
Date | Description |
---|---|
2014-03-06 | Mozilla Firefox SVG data processing obfuscated memory corruption attempt RuleID : 29580 - Revision : 3 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox browser engine memory corruption attempt RuleID : 17613 - Revision : 11 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox Javascript array.splice memory corruption attempt RuleID : 17399 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox Javascript array.splice memory corruption attempt RuleID : 17398 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox SVG data processing memory corruption attempt RuleID : 15428 - Revision : 17 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL9988.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0256.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0257.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-0258.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0315.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0325.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0333.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0340.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1095.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1096.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1125.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1134.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-728-2.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-728-3.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-10-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-25.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090204_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090204_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090304_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090304_libpng_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090304_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090324_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090421_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090421_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090611_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090611_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090625_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090630_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1830.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0333.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1095.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-6538.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-091007.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-091007.nasl - Type : ACT_GATHER_INFO |
2009-10-07 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12519.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-6347.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12353.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12358.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090319.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpng-090317.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6187.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-6003.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-6024.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_8.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-003.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2009-0007.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090206.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090312.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpng-devel-090217.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpng-devel-090225.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-090617.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090206.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090312.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpng-devel-090217.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpng-devel-090225.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-090617.nasl - Type : ACT_GATHER_INFO |
2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7567.nasl - Type : ACT_GATHER_INFO |
2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7614.nasl - Type : ACT_GATHER_INFO |
2009-07-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1134.nasl - Type : ACT_GATHER_INFO |
2009-07-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1134.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-178-01.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-141.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-176-01.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1125.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-782-1.nasl - Type : ACT_GATHER_INFO |
2009-06-23 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20022.nasl - Type : ACT_GATHER_INFO |
2009-06-23 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1117.nasl - Type : ACT_GATHER_INFO |
2009-06-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1820.nasl - Type : ACT_GATHER_INFO |
2009-06-19 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-6310.nasl - Type : ACT_GATHER_INFO |
2009-06-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-134.nasl - Type : ACT_GATHER_INFO |
2009-06-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-167-01.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-6366.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-6411.nasl - Type : ACT_GATHER_INFO |
2009-06-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1096.nasl - Type : ACT_GATHER_INFO |
2009-06-15 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_da185955573811deb857000f20797ede.nasl - Type : ACT_GATHER_INFO |
2009-06-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-779-1.nasl - Type : ACT_GATHER_INFO |
2009-06-12 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3011.nasl - Type : ACT_GATHER_INFO |
2009-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1095.nasl - Type : ACT_GATHER_INFO |
2009-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1096.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4.0.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-0258.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-111.nasl - Type : ACT_GATHER_INFO |
2009-05-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1797.nasl - Type : ACT_GATHER_INFO |
2009-04-27 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3893.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-1398.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-1976.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2112.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2131.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-2422.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2882.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3161.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3875.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-044.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-051.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-075.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-083.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-717-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-728-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-730-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-741-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-764-1.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3b18e2372f1511de96720030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_309.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-6194.nasl - Type : ACT_GATHER_INFO |
2009-04-10 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1116.nasl - Type : ACT_GATHER_INFO |
2009-03-31 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3101.nasl - Type : ACT_GATHER_INFO |
2009-03-25 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-083-02.nasl - Type : ACT_GATHER_INFO |
2009-03-25 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-083-03.nasl - Type : ACT_GATHER_INFO |
2009-03-25 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0258.nasl - Type : ACT_GATHER_INFO |
2009-03-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1750.nasl - Type : ACT_GATHER_INFO |
2009-03-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1751.nasl - Type : ACT_GATHER_INFO |
2009-03-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2884.nasl - Type : ACT_GATHER_INFO |
2009-03-20 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20021.nasl - Type : ACT_GATHER_INFO |
2009-03-20 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1115.nasl - Type : ACT_GATHER_INFO |
2009-03-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-28.nasl - Type : ACT_GATHER_INFO |
2009-03-10 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2045.nasl - Type : ACT_GATHER_INFO |
2009-03-09 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-2421.nasl - Type : ACT_GATHER_INFO |
2009-03-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0315.nasl - Type : ACT_GATHER_INFO |
2009-03-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0325.nasl - Type : ACT_GATHER_INFO |
2009-03-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0340.nasl - Type : ACT_GATHER_INFO |
2009-03-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ea2411a408e811deb88a0022157515b2.nasl - Type : ACT_GATHER_INFO |
2009-03-05 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_307.nasl - Type : ACT_GATHER_INFO |
2009-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0315.nasl - Type : ACT_GATHER_INFO |
2009-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0325.nasl - Type : ACT_GATHER_INFO |
2009-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0333.nasl - Type : ACT_GATHER_INFO |
2009-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0340.nasl - Type : ACT_GATHER_INFO |
2009-02-27 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2128.nasl - Type : ACT_GATHER_INFO |
2009-02-27 | Name : The remote openSUSE host is missing a security update. File : suse_libpng-6021.nasl - Type : ACT_GATHER_INFO |
2009-02-24 | Name : The remote openSUSE host is missing a security update. File : suse_libpng-6001.nasl - Type : ACT_GATHER_INFO |
2009-02-23 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-051-01.nasl - Type : ACT_GATHER_INFO |
2009-02-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8b491182f84211dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-02-06 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-1399.nasl - Type : ACT_GATHER_INFO |
2009-02-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0256.nasl - Type : ACT_GATHER_INFO |
2009-02-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0257.nasl - Type : ACT_GATHER_INFO |
2009-02-04 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_306.nasl - Type : ACT_GATHER_INFO |
2009-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0256.nasl - Type : ACT_GATHER_INFO |
2009-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0257.nasl - Type : ACT_GATHER_INFO |
2008-03-04 | Name : The remote host is missing Sun Security Patch number 137080-11 File : solaris10_137080.nasl - Type : ACT_GATHER_INFO |
2008-03-04 | Name : The remote host is missing Sun Security Patch number 137081-11 File : solaris10_x86_137081.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:28:36 |
|