Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameMDVSA-2008:245First vendor Publication2008-12-17
VendorMandrivaLast vendor Modification2008-12-17
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.5 (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5505, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513).

This update provides the latest Mozilla Firefox 3.x to correct these issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:245

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls
CWE-399Resource Management Errors
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
CWE-200Information Exposure
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11053
 
Oval ID: oval:org.mitre.oval:def:11053
Title: The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.
Description: The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5500
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10257
 
Oval ID: oval:org.mitre.oval:def:10257
Title: The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure.
Description: The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5501
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10001
 
Oval ID: oval:org.mitre.oval:def:10001
Title: The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions.
Description: The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5502
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10443
 
Oval ID: oval:org.mitre.oval:def:10443
Title: Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.
Description: Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5505
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10512
 
Oval ID: oval:org.mitre.oval:def:10512
Title: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
Description: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
Family: unix Class: vulnerability
Reference(s): CVE-2008-5506
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9376
 
Oval ID: oval:org.mitre.oval:def:9376
Title: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
Description: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5507
Version: 6
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11040
 
Oval ID: oval:org.mitre.oval:def:11040
Title: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.
Description: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5508
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9662
 
Oval ID: oval:org.mitre.oval:def:9662
Title: The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
Description: The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5510
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11881
 
Oval ID: oval:org.mitre.oval:def:11881
Title: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."
Description: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."
Family: unix Class: vulnerability
Reference(s): CVE-2008-5511
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9814
 
Oval ID: oval:org.mitre.oval:def:9814
Title: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers."
Description: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers."
Family: unix Class: vulnerability
Reference(s): CVE-2008-5512
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8021
 
Oval ID: oval:org.mitre.oval:def:8021
Title: DSA-1696 icedove -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. (MFSA 2008-37) It was discovered that crashes in the Javascript engine could potentially lead to the execution of arbitrary code. (MFSA 2008-20) "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. (MFSA 2008-41) Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. (MFSA 2008-43) It was discovered that a directory traversal allows attackers to read arbitrary files via a certain character. (MFSA 2008-44) It was discovered that a directory traversal allows attackers to bypass security restrictions and obtain sensitive information. (MFSA 2008-44) It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. (MFSA 2008-46) Liu Die Yu and Boris Zbarsky discovered an information leak through local shortcut files. (MFSA 2008-47, MFSA 2008-59) Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. (MFSA 2008-48) Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. (MFSA 2008-50) It was discovered that crashes in the layout engine could lead to arbitrary code execution. (MFSA 2008-52) It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. (MFSA 2008-52) It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. (MFSA 2008-55) "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. (MFSA 2008-56) Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. (MFSA 2008-58) Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68)
Family: unix Class: patch
Reference(s): DSA-1696
CVE-2008-0016
CVE-2008-1380
CVE-2008-3835
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
CVE-2008-4070
CVE-2008-4582
CVE-2008-5012
CVE-2008-5014
CVE-2008-5017
CVE-2008-5018
CVE-2008-5021
CVE-2008-5022
CVE-2008-5024
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7950
 
Oval ID: oval:org.mitre.oval:def:7950
Title: DSA-1697 iceape -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. (MFSA 2008-37) It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code. (MFSA 2008-26) It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. (MFSA 2008-34) Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-21) Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. (MFSA 2008-21) "moz_bug_r_a4" discovered several cross-site scripting vulnerabilities. (MFSA 2008-22) Collin Jackson and Adam Barth discovered that Javascript code could be executed in the context or signed JAR archives. (MFSA 2008-23) "moz_bug_r_a4" discovered that XUL documements can escalate privileges by accessing the pre-compiled "fastload" file. (MFSA 2008-24) "moz_bug_r_a4" discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceape itself is not affected, but some addons are. (MFSA 2008-25) Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious web sites to force the browser to upload local files to the server, which could lead to information disclosure. (MFSA 2008-27) Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. (MFSA 2008-29) Masahiro Yamada discovered that file URLs in directory listings were insufficiently escaped. (MFSA 2008-30) John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings of secure connections. (MFSA 2008-31) It was discovered that URL shortcut files could be used to bypass the same-origin restrictions. This issue does not affect current Iceape, but might occur with additional extensions installed. (MFSA 2008-32) Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. (MFSA 2008-33) Billy Rios discovered that passing an URL containing a pipe symbol to Iceape can lead to Chrome privilege escalation. (MFSA 2008-35) "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38) "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. (MFSA 2008-39) Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. (MFSA 2008-40) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. (MFSA 2008-41) Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. (MFSA 2008-43) Boris Zbarsky discovered that resource: URLs allow directory traversal when using URL-encoded slashes. (MFSA 2008-44) Georgi Guninski discovered that resource: URLs could bypass local access restrictions. (MFSA 2008-44) Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. (MFSA 2008-45) It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. (MFSA 2008-46) Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. (MFSA 2008-48) It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. (MFSA 2008-49) Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. (MFSA 2008-50) It was discovered that crashes in the layout engine could lead to arbitrary code execution. (MFSA 2008-52) Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. (MFSA 2008-54) It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. (MFSA 2008-55) "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. (MFSA 2008-56) Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. (MFSA 2008-58) Liu Die Yu discovered an information leak through local shortcut files. (MFSA 2008-59) Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68)
Family: unix Class: patch
Reference(s): DSA-1697
CVE-2008-0016
CVE-2008-0304
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2810
CVE-2008-2811
CVE-2008-2933
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
CVE-2008-4070
CVE-2008-4582
CVE-2008-5012
CVE-2008-5013
CVE-2008-5014
CVE-2008-5017
CVE-2008-0017
CVE-2008-5021
CVE-2008-5024
CVE-2008-5022
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): iceape
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7636
 
Oval ID: oval:org.mitre.oval:def:7636
Title: DSA-1704 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68)
Family: unix Class: patch
Reference(s): DSA-1704
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17791
 
Oval ID: oval:org.mitre.oval:def:17791
Title: DSA-1704-1 xulrunner - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.
Family: unix Class: patch
Reference(s): DSA-1704-1
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16973
 
Oval ID: oval:org.mitre.oval:def:16973
Title: USN-690-3 -- firefox vulnerabilities
Description: Several flaws were discovered in the browser engine.
Family: unix Class: patch
Reference(s): USN-690-3
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5511
CVE-2008-5512
Version: 7
Platform(s): Ubuntu 6.06
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13754
 
Oval ID: oval:org.mitre.oval:def:13754
Title: DSA-1704-2 netatalk -- arbitrary code execution
Description: The update in DSA 1704-1 was incomplete as it missed to escape a few important characters which enabled an attacker to overwrite arbitrary files. It was discovered that netatalk, an implementation of the AppleTalk suite, is affected by a command injection vulnerability when processing PostScript streams via papd. This is leading to arbitrary remote code execution. Note that this only affects installations that are configured to use a pipe command in combination with wildcard symbols substituted with values of the printed job. For the stable distribution this problem has been fixed in version 2.0.3-4+etch2. For the unstable distribution this problem has been fixed in version 2.0.4~beta2-1.1. We recommend that you upgrade your netatalk package.
Family: unix Class: patch
Reference(s): DSA-1704-2
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): netatalk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13245
 
Oval ID: oval:org.mitre.oval:def:13245
Title: DSA-1697-1 iceape -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. CVE-2008-0304 It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code. CVE-2008-2785 It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. CVE-2008-2798 Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2008-2799 Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-2800 "moz_bug_r_a4" discovered several cross-site scripting vulnerabilities. CVE-2008-2801 Collin Jackson and Adam Barth discovered that Javascript code could be executed in the context or signed JAR archives. CVE-2008-2802 "moz_bug_r_a4" discovered that XUL documements can escalate privileges by accessing the pre-compiled "fastload" file. CVE-2008-2803 "moz_bug_r_a4" discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript function could lead to the execution of arbitrary code. Iceape itself is not affected, but some addons are. CVE-2008-2805 Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious web sites to force the browser to upload local files to the server, which could lead to information disclosure. CVE-2008-2807 Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. CVE-2008-2808 Masahiro Yamada discovered that file URLS in directory listings were insufficiently escaped. CVE-2008-2809 John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings of secure connections. CVE-2008-2810 It was discovered that URL shortcut files could be used to bypass the same-origin restrictions. This issue does not affect current Iceape, but might occur with additional extensions installed. CVE-2008-2811 Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. CVE-2008-2933 Billy Rios discovered that passing an URL containing a pipe symbol to Iceape can lead to Chrome privilege escalation. CVE-2008-3835 "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect could be bypassed. CVE-2008-3836 "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. CVE-2008-3837 Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. CVE-2008-4058 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4059 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4060 Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. CVE-2008-4067 Boris Zbarsky discovered that resource: URls allow directory traversal when using URL-encoded slashes. CVE-2008-4068 Georgi Guninski discovered that resource: URLs could bypass local access restrictions. CVE-2008-4069 Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. CVE-2008-4070 It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. CVE-2008-5013 It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. CVE-2008-0017 Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. CVE-2008-5022 "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners could be bypassed. CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. CVE-2008-4582 Liu Die Yu discovered an information leak through local shortcut files. CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. For the stable distribution these problems have been fixed in version 1.0.13~pre080614i-0etch1. For the upcoming stable distribution distribution these problems will be fixed soon. For the unstable distribution these problems have been fixed in version 1.1.14-1. We recommend that you upgrade your iceape packages.
Family: unix Class: patch
Reference(s): DSA-1697-1
CVE-2008-0016
CVE-2008-0304
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2810
CVE-2008-2811
CVE-2008-2933
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
CVE-2008-4070
CVE-2008-4582
CVE-2008-5012
CVE-2008-5013
CVE-2008-5014
CVE-2008-5017
CVE-2008-0017
CVE-2008-5021
CVE-2008-5024
CVE-2008-5022
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): iceape
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13233
 
Oval ID: oval:org.mitre.oval:def:13233
Title: USN-701-1 -- thunderbird vulnerabilities
Description: Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. If a user had Javascript enabled, an attacker could exploit this to read data from other domains. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. When Javascript is enabled, it�s possible that sensitive information could be revealed in the XMLHttpRequest response. Chris Evans discovered that Thunderbird did not properly protect a user�s data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker may be able to steal a limited amount of private data. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Kojima Hajime discovered that Thunderbird did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Several flaws were discovered in the Javascript engine. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker could exploit this to execute arbitrary Javascript code within the context of another website or with chrome privileges
Family: unix Class: patch
Reference(s): USN-701-1
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.10
Ubuntu 8.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13213
 
Oval ID: oval:org.mitre.oval:def:13213
Title: USN-701-2 -- mozilla-thunderbird vulnerabilities
Description: Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. If a user had Javascript enabled, an attacker could exploit this to read data from other domains. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. When Javascript is enabled, it�s possible that sensitive information could be revealed in the XMLHttpRequest response. Chris Evans discovered that Thunderbird did not properly protect a user�s data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker may be able to steal a limited amount of private data. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Several flaws were discovered in the Javascript engine. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker could exploit this to execute arbitrary Javascript code within the context of another website or with chrome privileges
Family: unix Class: patch
Reference(s): USN-701-2
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Ubuntu 6.06
Product(s): mozilla-thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12973
 
Oval ID: oval:org.mitre.oval:def:12973
Title: DSA-1696-1 icedove -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. CVE-2008-1380 It was discovered that crashes in the Javascript engine could potentially lead to the execution of arbitrary code. CVE-2008-3835 "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect could be bypassed. CVE-2008-4058 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4059 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4060 Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. CVE-2008-4067 It was discovered that a directory traversal allows attackers to read arbitrary files via a certain characters. CVE-2008-4068 It was discovered that a directory traversal allows attackers to bypass security restrictions and obtain sensitive information. CVE-2008-4070 It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. CVE-2008-4582 Liu Die Yu and Boris Zbarsky discovered an information leak through local shortcut files. CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. CVE-2008-5018 It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. CVE-2008-5022 "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners could be bypassed. CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. For the stable distribution these problems have been fixed in version 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1. Packages for s390 will be provided later. For the upcoming stable distribution these problems will be fixed soon. For the unstable distribution these problems have been fixed in version 2.0.0.19-1. We recommend that you upgrade your icedove packages.
Family: unix Class: patch
Reference(s): DSA-1696-1
CVE-2008-0016
CVE-2008-1380
CVE-2008-3835
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
CVE-2008-4070
CVE-2008-4582
CVE-2008-5012
CVE-2008-5014
CVE-2008-5017
CVE-2008-5018
CVE-2008-5021
CVE-2008-5022
CVE-2008-5024
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7805
 
Oval ID: oval:org.mitre.oval:def:7805
Title: DSA-1707 iceweasel -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) It was discovered that attackers could run arbitrary JavaScript with chrome privileges via vectors related to the feed preview. (MFSA 2008-62) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) Kojima Hajime and Jun Muto discovered that escaped null characters were ignored by the CSS parser and could lead to the bypass of protection mechanisms (MFSA 2008-67) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68) moz_bug_r_a4 discovered that the session-restore feature does not properly sanitise input leading to arbitrary injections. This issue could be used to perform an XSS attack or run arbitrary JavaScript with chrome privileges. (MFSA 2008-69)
Family: unix Class: patch
Reference(s): DSA-1707
CVE-2008-5500
CVE-2008-5503
CVE-2008-5504
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17937
 
Oval ID: oval:org.mitre.oval:def:17937
Title: USN-690-2 -- firefox vulnerabilities
Description: Several flaws were discovered in the browser engine.
Family: unix Class: patch
Reference(s): USN-690-2
CVE-2008-5500
CVE-2008-5503
CVE-2008-5504
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 7
Platform(s): Ubuntu 7.10
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17662
 
Oval ID: oval:org.mitre.oval:def:17662
Title: USN-690-1 -- firefox-3.0, xulrunner-1.9 vulnerabilities
Description: Several flaws were discovered in the browser engine.
Family: unix Class: patch
Reference(s): USN-690-1
CVE-2008-5500
CVE-2008-5501
CVE-2008-5502
CVE-2008-5505
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 7
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13605
 
Oval ID: oval:org.mitre.oval:def:13605
Title: DSA-1707-1 iceweasel -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. CVE-2008-5504 It was discovered that attackers could run arbitrary JavaScript with chrome privileges via vectors related to the feed preview. CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. CVE-2008-5510 Kojima Hajime and Jun Muto discovered that escaped null characters were ignored by the CSS parser and could lead to the bypass of protection mechanisms CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. CVE-2008-5513 moz_bug_r_a4 discovered that the session-restore feature does not properly sanitise input leading to arbitrary injections. This issue could be used to perform an XSS attack or run arbitrary JavaScript with chrome privileges. For the stable distribution these problems have been fixed in version 2.0.0.19-0etch1. For the testing distribution and the unstable distribution these problems have been fixed in version 3.0.5-1. Please note iceweasel in Lenny links dynamically against xulrunner. We recommend that you upgrade your iceweasel package.
Family: unix Class: patch
Reference(s): DSA-1707-1
CVE-2008-5500
CVE-2008-5503
CVE-2008-5504
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10389
 
Oval ID: oval:org.mitre.oval:def:10389
Title: Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
Description: Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5513
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22738
 
Oval ID: oval:org.mitre.oval:def:22738
Title: ELSA-2008:1036: firefox security update (Critical)
Description: Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
Family: unix Class: patch
Reference(s): ELSA-2008:1036-01
CVE-2008-5500
CVE-2008-5501
CVE-2008-5502
CVE-2008-5505
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 49
Platform(s): Oracle Linux 5
Product(s): firefox
nspr
nss
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22544
 
Oval ID: oval:org.mitre.oval:def:22544
Title: ELSA-2009:0002: thunderbird security update (Moderate)
Description: Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
Family: unix Class: patch
Reference(s): ELSA-2009:0002-01
CVE-2008-5500
CVE-2008-5501
CVE-2008-5502
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
CVE-2008-5513
Version: 45
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application24
Application25
Application10

OpenVAS Exploits

DateDescription
2011-08-09Name : CentOS Update for thunderbird CESA-2009:0002 centos4 i386
File : nvt/gb_CESA-2009_0002_thunderbird_centos4_i386.nasl
2011-08-09Name : CentOS Update for thunderbird CESA-2009:0002 centos5 i386
File : nvt/gb_CESA-2009_0002_thunderbird_centos5_i386.nasl
2009-10-13Name : SLES10: Security update for Epiphany
File : nvt/sles10_epiphany.nasl
2009-10-13Name : SLES10: Security update for MozillaFirefox
File : nvt/sles10_MozillaFirefox.nasl
2009-10-10Name : SLES9: Security update for Epiphany
File : nvt/sles9p5040940.nasl
2009-06-05Name : Ubuntu USN-707-1 (cupsys)
File : nvt/ubuntu_707_1.nasl
2009-06-03Name : Solaris Update for Mozilla 1.7 125539-06
File : nvt/gb_solaris_125539_06.nasl
2009-06-03Name : Solaris Update for Mozilla Firefox Web browser 125540-06
File : nvt/gb_solaris_125540_06.nasl
2009-06-03Name : Solaris Update for Mozilla 1.7 125541-04
File : nvt/gb_solaris_125541_04.nasl
2009-06-03Name : Solaris Update for Mozilla Thunderbird email client 125542-04
File : nvt/gb_solaris_125542_04.nasl
2009-04-09Name : Mandriva Update for mozilla-firefox MDVSA-2008:244 (mozilla-firefox)
File : nvt/gb_mandriva_MDVSA_2008_244.nasl
2009-04-09Name : Mandriva Update for firefox MDVSA-2008:245 (firefox)
File : nvt/gb_mandriva_MDVSA_2008_245.nasl
2009-03-23Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-690-1
File : nvt/gb_ubuntu_USN_690_1.nasl
2009-03-23Name : Ubuntu Update for firefox vulnerabilities USN-690-2
File : nvt/gb_ubuntu_USN_690_2.nasl
2009-03-23Name : Ubuntu Update for firefox vulnerabilities USN-690-3
File : nvt/gb_ubuntu_USN_690_3.nasl
2009-03-06Name : RedHat Update for firefox RHSA-2008:1036-01
File : nvt/gb_RHSA-2008_1036-01_firefox.nasl
2009-03-06Name : RedHat Update for seamonkey RHSA-2008:1037-01
File : nvt/gb_RHSA-2008_1037-01_seamonkey.nasl
2009-02-27Name : CentOS Update for seamonkey CESA-2008:1037-01 centos2 i386
File : nvt/gb_CESA-2008_1037-01_seamonkey_centos2_i386.nasl
2009-02-27Name : CentOS Update for seamonkey CESA-2008:1037 centos3 i386
File : nvt/gb_CESA-2008_1037_seamonkey_centos3_i386.nasl
2009-02-27Name : CentOS Update for seamonkey CESA-2008:1037 centos3 x86_64
File : nvt/gb_CESA-2008_1037_seamonkey_centos3_x86_64.nasl
2009-02-13Name : Ubuntu USN-717-3 (firefox)
File : nvt/ubuntu_717_3.nasl
2009-02-13Name : Fedora Update for seamonkey FEDORA-2008-11490
File : nvt/gb_fedora_2008_11490_seamonkey_fc10.nasl
2009-02-13Name : Fedora Update for Miro FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_Miro_fc10.nasl
2009-02-13Name : Fedora Update for blam FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_blam_fc10.nasl
2009-02-13Name : Fedora Update for devhelp FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_devhelp_fc10.nasl
2009-02-13Name : Fedora Update for epiphany-extensions FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_epiphany-extensions_fc10.nasl
2009-02-13Name : Fedora Update for epiphany FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_epiphany_fc10.nasl
2009-02-13Name : Fedora Update for evolution-rss FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_evolution-rss_fc10.nasl
2009-02-13Name : Fedora Update for firefox FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_firefox_fc10.nasl
2009-02-13Name : Fedora Update for galeon FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_galeon_fc10.nasl
2009-02-13Name : Fedora Update for gecko-sharp2 FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_gecko-sharp2_fc10.nasl
2009-02-13Name : Fedora Update for gnome-python2-extras FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_gnome-python2-extras_fc10.nasl
2009-02-13Name : Fedora Update for gnome-web-photo FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_gnome-web-photo_fc10.nasl
2009-02-13Name : Fedora Update for google-gadgets FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_google-gadgets_fc10.nasl
2009-02-13Name : Fedora Update for kazehakase FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_kazehakase_fc10.nasl
2009-02-13Name : Fedora Update for mozvoikko FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_mozvoikko_fc10.nasl
2009-02-13Name : Fedora Update for mugshot FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_mugshot_fc10.nasl
2009-02-13Name : Fedora Update for pcmanx-gtk2 FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_pcmanx-gtk2_fc10.nasl
2009-02-13Name : Fedora Update for ruby-gnome2 FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_ruby-gnome2_fc10.nasl
2009-02-13Name : Fedora Update for xulrunner FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_xulrunner_fc10.nasl
2009-02-13Name : Fedora Update for yelp FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_yelp_fc10.nasl
2009-02-13Name : Fedora Update for seamonkey FEDORA-2008-11534
File : nvt/gb_fedora_2008_11534_seamonkey_fc8.nasl
2009-02-13Name : Fedora Update for Miro FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_Miro_fc8.nasl
2009-02-13Name : Fedora Update for blam FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_blam_fc8.nasl
2009-02-13Name : Fedora Update for cairo-dock FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_cairo-dock_fc8.nasl
2009-02-13Name : Fedora Update for chmsee FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_chmsee_fc8.nasl
2009-02-13Name : Fedora Update for devhelp FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_devhelp_fc8.nasl
2009-02-13Name : Fedora Update for epiphany-extensions FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_epiphany-extensions_fc8.nasl
2009-02-13Name : Fedora Update for epiphany FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_epiphany_fc8.nasl
2009-02-13Name : Fedora Update for evolution-rss FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_evolution-rss_fc8.nasl
2009-02-13Name : Fedora Update for firefox FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_firefox_fc8.nasl
2009-02-13Name : Fedora Update for galeon FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_galeon_fc8.nasl
2009-02-13Name : Fedora Update for gnome-python2-extras FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_gnome-python2-extras_fc8.nasl
2009-02-13Name : Fedora Update for gnome-web-photo FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_gnome-web-photo_fc8.nasl
2009-02-13Name : Fedora Update for kazehakase FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_kazehakase_fc8.nasl
2009-02-13Name : Fedora Update for liferea FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_liferea_fc8.nasl
2009-02-13Name : Fedora Update for openvrml FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_openvrml_fc8.nasl
2009-02-13Name : Fedora Update for ruby-gnome2 FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_ruby-gnome2_fc8.nasl
2009-02-13Name : Fedora Update for yelp FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_yelp_fc8.nasl
2009-02-13Name : Fedora Update for seamonkey FEDORA-2008-11586
File : nvt/gb_fedora_2008_11586_seamonkey_fc9.nasl
2009-02-13Name : Fedora Update for Miro FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_Miro_fc9.nasl
2009-02-13Name : Fedora Update for blam FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_blam_fc9.nasl
2009-02-13Name : Fedora Update for cairo-dock FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_cairo-dock_fc9.nasl
2009-02-13Name : Fedora Update for chmsee FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_chmsee_fc9.nasl
2009-02-13Name : Fedora Update for devhelp FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_devhelp_fc9.nasl
2009-02-13Name : Fedora Update for epiphany-extensions FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_epiphany-extensions_fc9.nasl
2009-02-13Name : Fedora Update for epiphany FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_epiphany_fc9.nasl
2009-02-13Name : Fedora Update for evolution-rss FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_evolution-rss_fc9.nasl
2009-02-13Name : Fedora Update for firefox FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_firefox_fc9.nasl
2009-02-13Name : Fedora Update for galeon FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_galeon_fc9.nasl
2009-02-13Name : Fedora Update for gnome-python2-extras FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_gnome-python2-extras_fc9.nasl
2009-02-13Name : Fedora Update for gnome-web-photo FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_gnome-web-photo_fc9.nasl
2009-02-13Name : Fedora Update for google-gadgets FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_google-gadgets_fc9.nasl
2009-02-13Name : Fedora Update for gtkmozembedmm FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_gtkmozembedmm_fc9.nasl
2009-02-13Name : Fedora Update for kazehakase FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_kazehakase_fc9.nasl
2009-02-13Name : Fedora Update for mozvoikko FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_mozvoikko_fc9.nasl
2009-02-13Name : Fedora Update for mugshot FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_mugshot_fc9.nasl
2009-02-13Name : Fedora Update for ruby-gnome2 FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_ruby-gnome2_fc9.nasl
2009-02-13Name : Fedora Update for totem FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_totem_fc9.nasl
2009-02-13Name : Fedora Update for xulrunner FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_xulrunner_fc9.nasl
2009-02-13Name : Fedora Update for yelp FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_yelp_fc9.nasl
2009-01-23Name : SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2008:058
File : nvt/gb_suse_2008_058.nasl
2009-01-20Name : Ubuntu USN-708-1 (hplip)
File : nvt/ubuntu_708_1.nasl
2009-01-20Name : SuSE Security Advisory SUSE-SA:2009:002 (MozillaFirefox,MozillaThunderbird,mo...
File : nvt/suse_sa_2009_002.nasl
2009-01-20Name : Mandrake Security Advisory MDVSA-2009:012 (mozilla-thunderbird)
File : nvt/mdksa_2009_012.nasl
2009-01-20Name : Debian Security Advisory DSA 1704-1 (xulrunner)
File : nvt/deb_1704_1.nasl
2009-01-20Name : Debian Security Advisory DSA 1707-1 (iceweasel)
File : nvt/deb_1707_1.nasl
2009-01-13Name : Ubuntu USN-701-1 (thunderbird)
File : nvt/ubuntu_701_1.nasl
2009-01-13Name : Ubuntu USN-701-2 (mozilla-thunderbird)
File : nvt/ubuntu_701_2.nasl
2009-01-13Name : CentOS Security Advisory CESA-2009:0002 (thunderbird)
File : nvt/ovcesa2009_0002.nasl
2009-01-13Name : Debian Security Advisory DSA 1696-1 (icedove)
File : nvt/deb_1696_1.nasl
2009-01-13Name : Debian Security Advisory DSA 1697-1 (iceape)
File : nvt/deb_1697_1.nasl
2009-01-07Name : RedHat Security Advisory RHSA-2009:0002
File : nvt/RHSA_2009_0002.nasl
2008-12-23Name : Mozilla Seamonkey Multiple Vulnerabilities December-08 (Linux)
File : nvt/gb_seamonkey_mult_vuln_dec08_lin.nasl
2008-12-23Name : Mozilla Seamonkey Multiple Vulnerabilities December-08 (Win)
File : nvt/gb_seamonkey_mult_vuln_dec08_win.nasl
2008-12-23Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox36.nasl
2008-12-23Name : Mozilla Thunderbird Multiple Vulnerabilities December-08 (Linux)
File : nvt/gb_thunderbird_mult_vuln_dec08_lin.nasl
2008-12-23Name : Mozilla Thunderbird Multiple Vulnerabilities December-08 (Win)
File : nvt/gb_thunderbird_mult_vuln_dec08_win.nasl
2008-12-23Name : Mozilla Firefox Multiple Vulnerabilities December-08 (Linux)
File : nvt/gb_firefox_mult_vuln_dec08_lin.nasl
2008-12-23Name : Mozilla Firefox Multiple Vulnerabilities December-08 (Win)
File : nvt/gb_firefox_mult_vuln_dec08_win.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
51297Mozilla Firefox session-restore Data Restoration Same-origin Policy Bypass
51296Mozilla Multiple Products XPCNativeWrappers Pollution JavaScript Privilege Es...
51295Mozilla Multiple Products XBL Binding Unloaded Document XSS
51294Mozilla Multiple Products CSS Parser Escaped Null Character Protection Mechan...
51293Mozilla Multiple Products Whitespace / Control Character URL Handling Phishin...
51292Mozilla Multiple Products window.onerror DOM API Same-origin Policy Bypass In...
51291Mozilla Multiple Products XMLHttpRequest 302 Redirect Same-origin Policy Bypa...
51290Mozilla Firefox XUL Persist Attribute User Privacy Restriction Bypass
51287Mozilla Multiple Products Layout Engine FastAppendChar Function Memory Corrup...
51286Mozilla Multiple Products Layout Engine Assertion Failure Remote DoS
51285Mozilla Multiple Products Layout Engine nsEscapeHTML2 Overflow
51284Mozilla Multiple Products Layout Engine PresShell::InitialReflow XUL iframe O...

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-1036.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-1037.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-0002.nasl - Type : ACT_GATHER_INFO
2013-03-09Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-690-3.nasl - Type : ACT_GATHER_INFO
2013-03-09Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-701-2.nasl - Type : ACT_GATHER_INFO
2013-03-09Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-717-3.nasl - Type : ACT_GATHER_INFO
2013-01-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081216_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081216_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20090107_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-1036.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-0002.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12326.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_epiphany-5889.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-5890.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner181-081219.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner190-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner181-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner190-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-090108.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-090108.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-244.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-245.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-012.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-690-1.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-690-2.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2008-11490.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-11511.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-701-1.nasl - Type : ACT_GATHER_INFO
2009-01-16Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1707.nasl - Type : ACT_GATHER_INFO
2009-01-15Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1704.nasl - Type : ACT_GATHER_INFO
2009-01-09Name : The remote openSUSE host is missing a security update.
File : suse_MozillaThunderbird-5900.nasl - Type : ACT_GATHER_INFO
2009-01-08Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1696.nasl - Type : ACT_GATHER_INFO
2009-01-08Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1697.nasl - Type : ACT_GATHER_INFO
2009-01-08Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-0002.nasl - Type : ACT_GATHER_INFO
2009-01-07Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-5885.nasl - Type : ACT_GATHER_INFO
2009-01-07Name : The remote openSUSE host is missing a security update.
File : suse_mozilla-xulrunner181-5881.nasl - Type : ACT_GATHER_INFO
2009-01-02Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20019.nasl - Type : ACT_GATHER_INFO
2008-12-22Name : The remote Windows host contains a web browser that is affected by a cross do...
File : mozilla_firefox_20020.nasl - Type : ACT_GATHER_INFO
2008-12-21Name : The remote Fedora host is missing a security update.
File : fedora_2008-11534.nasl - Type : ACT_GATHER_INFO
2008-12-21Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-11551.nasl - Type : ACT_GATHER_INFO
2008-12-21Name : The remote Fedora host is missing a security update.
File : fedora_2008-11586.nasl - Type : ACT_GATHER_INFO
2008-12-21Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-11598.nasl - Type : ACT_GATHER_INFO
2008-12-21Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-5880.nasl - Type : ACT_GATHER_INFO
2008-12-21Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_29f5bfc5ce0411dda7210030843d3802.nasl - Type : ACT_GATHER_INFO
2008-12-17Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_305.nasl - Type : ACT_GATHER_INFO
2008-12-17Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-1037.nasl - Type : ACT_GATHER_INFO
2008-12-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1036.nasl - Type : ACT_GATHER_INFO
2008-12-17Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1037.nasl - Type : ACT_GATHER_INFO
2008-12-17Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1114.nasl - Type : ACT_GATHER_INFO
2008-12-17Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_20019.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:39:51
  • Multiple Updates