Executive Summary
Summary | |
---|---|
Title | iceweasel security update |
Informations | |||
---|---|---|---|
Name | DSA-2699 | First vendor Publication | 2013-06-02 |
Vendor | Debian | Last vendor Modification | 2013-06-02 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary code, privilege escalation, information leaks or cross-site-scripting. We're changing the approach for security updates for Iceweasel, Icedove and Iceape in stable-security: Instead of backporting security fixes, we now provide releases based on the Extended Support Release branch. As such, this update introduces packages based on Firefox 17 and at some point in the future we will switch to the next ESR branch once ESR 17 has reached it's end of life. Some Xul extensions currently packaged in the Debian archive are not compatible with the new browser engine. Up-to-date and compatible versions can be retrieved from http://addons.mozilla.org as a short term solution. A solution to keep packaged extensions compatible with the Mozilla releases is still being sorted out. We don't have the resources to backport security fixes to the Iceweasel release in oldstable-security any longer. If you're up to the task and want to help, please get in touch with team@security.debian.org. Otherwise, we'll announce the end of security support for Iceweasel, Icedove and Iceape in Squeeze in the next update round. For the stable distribution (wheezy), these problems have been fixed in version 17.0.6esr-1~deb7u1. For the unstable distribution (sid), these problems have been fixed in version 17.0.6esr-1. We recommend that you upgrade your iceweasel packages. |
Original Source
Url : http://www.debian.org/security/2013/dsa-2699 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-399 | Resource Management Errors |
24 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12 % | CWE-416 | Use After Free |
12 % | CWE-264 | Permissions, Privileges, and Access Controls |
12 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
6 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
6 % | CWE-295 | Certificate Issues |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16182 | |||
Oval ID: | oval:org.mitre.oval:def:16182 | ||
Title: | DEPRECATED: The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. | ||
Description: | The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0796 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16219 | |||
Oval ID: | oval:org.mitre.oval:def:16219 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0783 | Version: | 21 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16383 | |||
Oval ID: | oval:org.mitre.oval:def:16383 | ||
Title: | Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties. | ||
Description: | Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0780 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16577 | |||
Oval ID: | oval:org.mitre.oval:def:16577 | ||
Title: | The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors. | ||
Description: | The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1678 | Version: | 16 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16629 | |||
Oval ID: | oval:org.mitre.oval:def:16629 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0788 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16666 | |||
Oval ID: | oval:org.mitre.oval:def:16666 | ||
Title: | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. | ||
Description: | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0776 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16737 | |||
Oval ID: | oval:org.mitre.oval:def:16737 | ||
Title: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0787 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16842 | |||
Oval ID: | oval:org.mitre.oval:def:16842 | ||
Title: | The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Description: | The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0795 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16861 | |||
Oval ID: | oval:org.mitre.oval:def:16861 | ||
Title: | The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Description: | The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0773 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16906 | |||
Oval ID: | oval:org.mitre.oval:def:16906 | ||
Title: | Heap-based buffer overflow in the nsSaveAsCharseterbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Description: | Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0782 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16909 | |||
Oval ID: | oval:org.mitre.oval:def:16909 | ||
Title: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0800 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16928 | |||
Oval ID: | oval:org.mitre.oval:def:16928 | ||
Title: | Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. | ||
Description: | Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0793 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16950 | |||
Oval ID: | oval:org.mitre.oval:def:16950 | ||
Title: | Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. | ||
Description: | Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0775 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16956 | |||
Oval ID: | oval:org.mitre.oval:def:16956 | ||
Title: | The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Description: | The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1676 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16976 | |||
Oval ID: | oval:org.mitre.oval:def:16976 | ||
Title: | Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent sensitive information from process memory via a crafted web site. | ||
Description: | Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1675 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16979 | |||
Oval ID: | oval:org.mitre.oval:def:16979 | ||
Title: | The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Description: | The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1677 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16988 | |||
Oval ID: | oval:org.mitre.oval:def:16988 | ||
Title: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1681 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17031 | |||
Oval ID: | oval:org.mitre.oval:def:17031 | ||
Title: | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1680 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17046 | |||
Oval ID: | oval:org.mitre.oval:def:17046 | ||
Title: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. | ||
Description: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1670 | Version: | 16 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17062 | |||
Oval ID: | oval:org.mitre.oval:def:17062 | ||
Title: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0801 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17085 | |||
Oval ID: | oval:org.mitre.oval:def:17085 | ||
Title: | Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1679 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17093 | |||
Oval ID: | oval:org.mitre.oval:def:17093 | ||
Title: | USN-1822-1 -- Firefox vulnerabilities | ||
Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1822-1 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1671 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 7 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.04 Ubuntu 12.10 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17147 | |||
Oval ID: | oval:org.mitre.oval:def:17147 | ||
Title: | Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video. | ||
Description: | Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1674 | Version: | 16 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17825 | |||
Oval ID: | oval:org.mitre.oval:def:17825 | ||
Title: | DSA-2699-1 iceweasel - several | ||
Description: | Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary code, privilege escalation, information leaks or cross-site-scripting. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2699-1 CVE-2013-0773 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 8 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17832 | |||
Oval ID: | oval:org.mitre.oval:def:17832 | ||
Title: | USN-1729-2 -- firefox regression | ||
Description: | Due to a regression, Firefox might crash or freeze under normal use. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1729-2 CVE-2013-0783 CVE-2013-0784 CVE-2013-0772 CVE-2013-0765 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17889 | |||
Oval ID: | oval:org.mitre.oval:def:17889 | ||
Title: | USN-1786-1 -- firefox vulnerabilities | ||
Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1786-1 CVE-2013-0788 CVE-2013-0789 CVE-2013-0791 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18057 | |||
Oval ID: | oval:org.mitre.oval:def:18057 | ||
Title: | USN-1758-1 -- firefox vulnerability | ||
Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1758-1 CVE-2013-0787 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18184 | |||
Oval ID: | oval:org.mitre.oval:def:18184 | ||
Title: | USN-1791-1 -- thunderbird vulnerabilities | ||
Description: | Several security issues were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1791-1 CVE-2013-0788 CVE-2013-0791 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18233 | |||
Oval ID: | oval:org.mitre.oval:def:18233 | ||
Title: | USN-1758-2 -- thunderbird vulnerability | ||
Description: | Thunderbird could be made to crash or run programs as your login. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1758-2 CVE-2013-0787 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18278 | |||
Oval ID: | oval:org.mitre.oval:def:18278 | ||
Title: | USN-1786-2 -- unity-firefox-extension update | ||
Description: | This update provides a compatible version of Unity Firefox Extension for Firefox 20. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1786-2 CVE-2013-0788 CVE-2013-0789 CVE-2013-0791 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 7 |
Platform(s): | Ubuntu 12.10 | Product(s): | unity-firefox-extension |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18282 | |||
Oval ID: | oval:org.mitre.oval:def:18282 | ||
Title: | USN-1823-1 -- thunderbird vulnerabilities | ||
Description: | Several security issues were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1823-1 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 7 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18301 | |||
Oval ID: | oval:org.mitre.oval:def:18301 | ||
Title: | USN-1729-1 -- firefox vulnerabilities | ||
Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1729-1 CVE-2013-0783 CVE-2013-0784 CVE-2013-0772 CVE-2013-0765 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20933 | |||
Oval ID: | oval:org.mitre.oval:def:20933 | ||
Title: | RHSA-2013:0627: thunderbird security update (Important) | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0627-01 CESA-2013:0627 CVE-2013-0787 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21004 | |||
Oval ID: | oval:org.mitre.oval:def:21004 | ||
Title: | RHSA-2013:0614: xulrunner security update (Critical) | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0614-01 CESA-2013:0614 CVE-2013-0787 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21038 | |||
Oval ID: | oval:org.mitre.oval:def:21038 | ||
Title: | RHSA-2013:0821: thunderbird security update (Important) | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0821-01 CESA-2013:0821 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 143 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21124 | |||
Oval ID: | oval:org.mitre.oval:def:21124 | ||
Title: | RHSA-2013:0271: firefox security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0271-02 CESA-2013:0271 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 73 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | devhelp firefox xulrunner yelp libproxy |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21139 | |||
Oval ID: | oval:org.mitre.oval:def:21139 | ||
Title: | RHSA-2013:0820: firefox security update (Critical) | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0820-01 CESA-2013:0820 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 143 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21148 | |||
Oval ID: | oval:org.mitre.oval:def:21148 | ||
Title: | RHSA-2013:0272: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0272-01 CESA-2013:0272 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 73 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21149 | |||
Oval ID: | oval:org.mitre.oval:def:21149 | ||
Title: | RHSA-2013:0696: firefox security update (Critical) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0696-01 CESA-2013:0696 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 73 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21181 | |||
Oval ID: | oval:org.mitre.oval:def:21181 | ||
Title: | RHSA-2013:0697: thunderbird security update (Important) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0697-01 CESA-2013:0697 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 73 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22674 | |||
Oval ID: | oval:org.mitre.oval:def:22674 | ||
Title: | DEPRECATED: ELSA-2013:0614: xulrunner security update (Critical) | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0614-01 CVE-2013-0787 | Version: | 7 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22867 | |||
Oval ID: | oval:org.mitre.oval:def:22867 | ||
Title: | DEPRECATED: ELSA-2013:0696: firefox security update (Critical) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0696-01 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22889 | |||
Oval ID: | oval:org.mitre.oval:def:22889 | ||
Title: | DEPRECATED: ELSA-2013:0821: thunderbird security update (Important) | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0821-01 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 46 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22971 | |||
Oval ID: | oval:org.mitre.oval:def:22971 | ||
Title: | DEPRECATED: ELSA-2013:0820: firefox security update (Critical) | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0820-01 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 46 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23124 | |||
Oval ID: | oval:org.mitre.oval:def:23124 | ||
Title: | DEPRECATED: ELSA-2013:0271: firefox security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0271-02 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | devhelp firefox xulrunner yelp libproxy |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23129 | |||
Oval ID: | oval:org.mitre.oval:def:23129 | ||
Title: | ELSA-2013:0614: xulrunner security update (Critical) | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0614-01 CVE-2013-0787 | Version: | 6 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23153 | |||
Oval ID: | oval:org.mitre.oval:def:23153 | ||
Title: | DEPRECATED: ELSA-2013:0272: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0272-01 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23187 | |||
Oval ID: | oval:org.mitre.oval:def:23187 | ||
Title: | DEPRECATED: ELSA-2013:0697: thunderbird security update (Important) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0697-01 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23364 | |||
Oval ID: | oval:org.mitre.oval:def:23364 | ||
Title: | DEPRECATED: ELSA-2013:0627: thunderbird security update (Important) | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0627-01 CVE-2013-0787 | Version: | 7 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23597 | |||
Oval ID: | oval:org.mitre.oval:def:23597 | ||
Title: | ELSA-2013:0627: thunderbird security update (Important) | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0627-01 CVE-2013-0787 | Version: | 6 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23946 | |||
Oval ID: | oval:org.mitre.oval:def:23946 | ||
Title: | ELSA-2013:0821: thunderbird security update (Important) | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0821-01 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 45 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23948 | |||
Oval ID: | oval:org.mitre.oval:def:23948 | ||
Title: | ELSA-2013:0697: thunderbird security update (Important) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0697-01 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 25 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23978 | |||
Oval ID: | oval:org.mitre.oval:def:23978 | ||
Title: | ELSA-2013:0696: firefox security update (Critical) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0696-01 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 25 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24014 | |||
Oval ID: | oval:org.mitre.oval:def:24014 | ||
Title: | ELSA-2013:0820: firefox security update (Critical) | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0820-01 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 45 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24061 | |||
Oval ID: | oval:org.mitre.oval:def:24061 | ||
Title: | ELSA-2013:0272: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0272-01 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 25 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26149 | |||
Oval ID: | oval:org.mitre.oval:def:26149 | ||
Title: | SUSE-SU-2013:0470-1 -- Security update for Mozilla Firefox | ||
Description: | MozillaFirefox has been updated to the 17.0.4ESR release which fixes one important security issue: * MFSA 2013-29 / CVE-2013-0787: VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. Security Issue reference: * CVE-2013-0787 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787 > | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0470-1 CVE-2013-0787 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26212 | |||
Oval ID: | oval:org.mitre.oval:def:26212 | ||
Title: | SUSE-SU-2013:0471-1 -- Security update for Mozilla Firefox | ||
Description: | MozillaFirefox has been updated to the 17.0.4ESR release. Besides the major version update from the 10ESR stable release line to the 17ESR stable release line, this update brings critical security and bugfixes. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0471-1 CVE-2013-0787 CVE-2013-0780 CVE-2013-0782 CVE-2013-0776 CVE-2013-0775 CVE-2013-0774 CVE-2013-0773 CVE-2013-0765 CVE-2013-0772 CVE-2013-0783 | Version: | 5 |
Platform(s): | SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 10 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26687 | |||
Oval ID: | oval:org.mitre.oval:def:26687 | ||
Title: | DEPRECATED: ELSA-2013-0614 -- xulrunner security update (critical) | ||
Description: | [17.0.3-2.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.3-2] - Added fix for #848644 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0614 CVE-2013-0787 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26956 | |||
Oval ID: | oval:org.mitre.oval:def:26956 | ||
Title: | DEPRECATED: ELSA-2013-0820 -- firefox security update (critical) | ||
Description: | firefox [17.0.6-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.6-1] - Update to 17.0.6 ESR [17.0.5-2] - Updated XulRunner check xulrunner [17.0.6-2.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.6-2] - Update to 17.0.6 ESR [17.0.5-2] - Updated nss and nspr versions | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0820 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27026 | |||
Oval ID: | oval:org.mitre.oval:def:27026 | ||
Title: | DEPRECATED: ELSA-2013-0696 -- firefox security update (critical) | ||
Description: | firefox [17.0.5-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.5-1] - Update to 17.0.5 ESR xulrunner [17.0.5-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.5-1] - Update to 17.0.5 ESR [17.0.3-3] - Added fix for rhbz#916180 - Wrong library directory reference in /usr/bin/xulrunner | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0696 CVE-2013-0796 CVE-2013-0800 CVE-2013-0795 CVE-2013-0788 CVE-2013-0793 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27364 | |||
Oval ID: | oval:org.mitre.oval:def:27364 | ||
Title: | DEPRECATED: ELSA-2013-0697 -- thunderbird security update (important) | ||
Description: | [17.0.5-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.5-1] - Update to 17.0.5 ESR | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0697 CVE-2013-0800 CVE-2013-0796 CVE-2013-0788 CVE-2013-0795 CVE-2013-0793 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27481 | |||
Oval ID: | oval:org.mitre.oval:def:27481 | ||
Title: | DEPRECATED: ELSA-2013-0821 -- thunderbird security update (important) | ||
Description: | [17.0.6-2.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.6-2] - Update to 17.0.6 ESR | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0821 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27532 | |||
Oval ID: | oval:org.mitre.oval:def:27532 | ||
Title: | DEPRECATED: ELSA-2013-0271 -- firefox security update (critical) | ||
Description: | firefox [17.0.3-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-4] - Added NM preferences [17.0.2-3] - Update to 17.0.2 ESR libproxy [0.3.0-4] - Rebuild against newer gecko xulrunner [17.0.3-1.0.2] - Increase release number and rebuild. [17.0.3-1.0.1] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-5] - Fixed NetworkManager preferences - Added fix for NM regression (mozbz#791626) [17.0.2-2] - Added fix for rhbz#816234 - NFS fix [17.0.2-1] - Update to 17.0.2 ESR [17.0.1-3] - Update to 17.0.1 ESR [17.0-1] - Update to 17.0 ESR [17.0-0.6.b5] - Update to 17 Beta 5 - Updated fix for rhbz#872752 - embeded crash [17.0-0.5.b4] - Added fix for rhbz#872752 - embeded crash [17.0-0.4.b4] - Update to 17 Beta 4 [17.0-0.3.b3] - Update to 17 Beta 3 - Updated ppc(64) patch (mozbz#746112) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0271 CVE-2013-0780 CVE-2013-0783 CVE-2013-0776 CVE-2013-0782 CVE-2013-0775 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | devhelp firefox xulrunner yelp libproxy |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27562 | |||
Oval ID: | oval:org.mitre.oval:def:27562 | ||
Title: | DEPRECATED: ELSA-2013-0272 -- thunderbird security update (critical) | ||
Description: | [17.0.3-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-2] - Update to 17.0.2 ESR [17.0-2] - Update to 17.0 ESR [17.0b2-0.1] - Update to 17.0b2 [17.0b1-0.1] - Rebase to 17 beta 1 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0272 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27638 | |||
Oval ID: | oval:org.mitre.oval:def:27638 | ||
Title: | DEPRECATED: ELSA-2013-0627 -- thunderbird security update (important) | ||
Description: | [17.0.3-2.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.3-2] - Added fix for #848644 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0627 CVE-2013-0787 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2014-08-19 | Firefox toString console.time Privileged Javascript Injection |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-0850-1.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-141.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-206.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-207.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-208.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-209.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-309.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-400.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-438.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-447.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-448.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-574.nasl - Type : ACT_GATHER_INFO |
2013-09-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-23.nasl - Type : ACT_GATHER_INFO |
2013-07-18 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130628-130702.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0271.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0272.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0614.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0627.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0696.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0697.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0820.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0821.nasl - Type : ACT_GATHER_INFO |
2013-07-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2720.nasl - Type : ACT_GATHER_INFO |
2013-06-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2699.nasl - Type : ACT_GATHER_INFO |
2013-05-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130516-130516.nasl - Type : ACT_GATHER_INFO |
2013-05-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130516-130517.nasl - Type : ACT_GATHER_INFO |
2013-05-29 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-20130516-8578.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4a1ca8a4bd8211e2b7a0d43d7e0c7c02.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_6_esr.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_21.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_6.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_6_esr.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1706_esr.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_21.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1706.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1706_esr.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130514_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130514_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0820.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0821.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0820.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0821.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1822-1.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1823-1.nasl - Type : ACT_GATHER_INFO |
2013-04-22 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4871.nasl - Type : ACT_GATHER_INFO |
2013-04-16 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4957.nasl - Type : ACT_GATHER_INFO |
2013-04-16 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4983.nasl - Type : ACT_GATHER_INFO |
2013-04-09 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130404-130404.nasl - Type : ACT_GATHER_INFO |
2013-04-09 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-20130404-8537.nasl - Type : ACT_GATHER_INFO |
2013-04-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1791-1.nasl - Type : ACT_GATHER_INFO |
2013-04-08 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_949764339c7411e2a9fcd43d7e0c7c02.nasl - Type : ACT_GATHER_INFO |
2013-04-05 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1786-1.nasl - Type : ACT_GATHER_INFO |
2013-04-05 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1786-2.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_5_esr.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_20.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_5.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_5_esr.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1705_esr.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_20.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1705.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1705_esr.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_217.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0696.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0697.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0696.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0697.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130402_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130402_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201303-130311.nasl - Type : ACT_GATHER_INFO |
2013-03-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-201303-8506.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0627.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130311_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1758-2.nasl - Type : ACT_GATHER_INFO |
2013-03-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0627.nasl - Type : ACT_GATHER_INFO |
2013-03-11 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_630c8c08880f11e2807fd43d7e0c7c02.nasl - Type : ACT_GATHER_INFO |
2013-03-11 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_4.nasl - Type : ACT_GATHER_INFO |
2013-03-11 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_4_esr.nasl - Type : ACT_GATHER_INFO |
2013-03-11 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1704.nasl - Type : ACT_GATHER_INFO |
2013-03-11 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1704_esr.nasl - Type : ACT_GATHER_INFO |
2013-03-11 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_2161.nasl - Type : ACT_GATHER_INFO |
2013-03-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0614.nasl - Type : ACT_GATHER_INFO |
2013-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0614.nasl - Type : ACT_GATHER_INFO |
2013-03-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130308_xulrunner_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-03-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201303-130305.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1758-1.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_4_esr.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_19_0_2.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1704_esr.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1902.nasl - Type : ACT_GATHER_INFO |
2013-03-01 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1729-2.nasl - Type : ACT_GATHER_INFO |
2013-02-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1748-1.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0272.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130219_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130219_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0271.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e3f0374a7ad611e284cdd43d7e0c7c02.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_17_0_3_esr.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_19_0.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_3.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_3_esr.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1703_esr.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_190.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1703.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1703_esr.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0271.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0272.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_216.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1729-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:31:56 |
|
2013-06-02 21:19:48 |
|