Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2009:111 First vendor Publication 2009-05-12
Vendor Mandriva Last vendor Modification 2009-05-12
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312, CVE-2009-1313)

This update provides the latest Mozilla Firefox 3.x to correct these issues.

Additionally, some packages which require so, have been rebuilt and are being provided as updates.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:111

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-399 Resource Management Errors
33 % CWE-16 Configuration
17 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
8 % CWE-200 Information Exposure
8 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10106
 
Oval ID: oval:org.mitre.oval:def:10106
Title: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1302
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10110
 
Oval ID: oval:org.mitre.oval:def:10110
Title: The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
Description: The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1305
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10150
 
Oval ID: oval:org.mitre.oval:def:10150
Title: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Description: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1306
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10428
 
Oval ID: oval:org.mitre.oval:def:10428
Title: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1308
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10446
 
Oval ID: oval:org.mitre.oval:def:10446
Title: The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
Description: The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1313
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10939
 
Oval ID: oval:org.mitre.oval:def:10939
Title: Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.
Description: Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1311
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10972
 
Oval ID: oval:org.mitre.oval:def:10972
Title: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1307
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11396
 
Oval ID: oval:org.mitre.oval:def:11396
Title: The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
Description: The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0652
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11520
 
Oval ID: oval:org.mitre.oval:def:11520
Title: Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
Description: Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1310
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13364
 
Oval ID: oval:org.mitre.oval:def:13364
Title: USN-764-1 -- firefox-3.0, xulrunner-1.9 vulnerabilities
Description: Several flaws were discovered in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Firefox displayed certain Unicode characters which could be visually confused with punctuation in valid web addresses in the location bar. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Several flaws were discovered in the way Firefox processed malformed URI schemes. If a user were tricked into viewing a malicious website, a remote attacker could execute arbitrary JavaScript or steal private data. Cefn Hoile discovered Firefox did not adequately protect against embedded third-party stylesheets. An attacker could exploit this to perform script injection attacks using XBL bindings. Paolo Amadini discovered that Firefox would submit POST data when reloading an inner frame of a web page. If a user were tricked into viewing a malicious website, a remote attacker could steal private data
Family: unix Class: patch
Reference(s): USN-764-1
CVE-2009-1302
CVE-2009-1303
CVE-2009-1304
CVE-2009-1305
CVE-2009-0652
CVE-2009-1306
CVE-2009-1307
CVE-2009-1309
CVE-2009-1310
CVE-2009-1312
CVE-2009-1308
CVE-2009-1311
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13435
 
Oval ID: oval:org.mitre.oval:def:13435
Title: DSA-1797-1 xulrunner -- several
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0652 Moxie Marlinspike discovered that Unicode box drawing characters inside of internationalised domain names could be used for phishing attacks. CVE-2009-1302 Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the in the layout engine, which might allow the execution of arbitrary code. CVE-2009-1303 Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the in the layout engine, which might allow the execution of arbitrary code. CVE-2009-1304 Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-1305 Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-1306 Daniel Veditz discovered that the Content-Disposition: header is ignored within the jar: URI scheme. CVE-2009-1307 Gregory Fleischer discovered that the same-origin policy for Flash files is inproperly enforced for files loaded through the view-source scheme, which may result in bypass of cross-domain policy restrictions. CVE-2009-1308 Cefn Hoile discovered that sites, which allow the embedding of third-party stylesheets are vulnerable to cross-site scripting attacks through XBL bindings. CVE-2009-1309 "moz_bug_r_a4" discovered bypasses of the same-origin policy in the XMLHttpRequest Javascript API and the XPCNativeWrapper. CVE-2009-1311 Paolo Amadini discovered that incorrect handling of POST data when saving a web site with an embedded frame may lead to information disclosure. CVE-2009-1312 It was discovered that Iceweasel allows Refresh: headers to redirect to Javascript URIs, resulting in cross-site scripting. For the stable distribution, these problems have been fixed in version 1.9.0.9-0lenny2. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.0.9-1. We recommend that you upgrade your xulrunner packages.
Family: unix Class: patch
Reference(s): DSA-1797-1
CVE-2009-0652
CVE-2009-1302
CVE-2009-1303
CVE-2009-1304
CVE-2009-1305
CVE-2009-1306
CVE-2009-1307
CVE-2009-1308
CVE-2009-1309
CVE-2009-1311
CVE-2009-1312
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13637
 
Oval ID: oval:org.mitre.oval:def:13637
Title: USN-765-1 -- firefox-3.0, xulrunner-1.9 vulnerabilities
Description: It was discovered that the upstream security fixes in USN-764-1 introduced a regression which could cause the browser to crash. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
Family: unix Class: patch
Reference(s): USN-765-1
CVE-2009-1313
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21861
 
Oval ID: oval:org.mitre.oval:def:21861
Title: ELSA-2009:0436: firefox security update (Critical)
Description: Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.
Family: unix Class: patch
Reference(s): ELSA-2009:0436-02
CVE-2009-0652
CVE-2009-1302
CVE-2009-1303
CVE-2009-1304
CVE-2009-1305
CVE-2009-1306
CVE-2009-1307
CVE-2009-1308
CVE-2009-1309
CVE-2009-1310
CVE-2009-1311
CVE-2009-1312
Version: 53
Platform(s): Oracle Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22781
 
Oval ID: oval:org.mitre.oval:def:22781
Title: ELSA-2009:0449: firefox security update (Critical)
Description: The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
Family: unix Class: patch
Reference(s): ELSA-2009:0449-01
CVE-2009-1313
Version: 6
Platform(s): Oracle Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28736
 
Oval ID: oval:org.mitre.oval:def:28736
Title: RHSA-2009:0449 -- firefox security update (Critical)
Description: Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313)
Family: unix Class: patch
Reference(s): RHSA-2009:0449
CESA-2009:0449-CentOS 5
CVE-2009-1313
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29267
 
Oval ID: oval:org.mitre.oval:def:29267
Title: RHSA-2009:0436 -- firefox security update (Critical)
Description: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)
Family: unix Class: patch
Reference(s): RHSA-2009:0436
CESA-2009:0436-CentOS 5
CVE-2009-0652
CVE-2009-1302
CVE-2009-1303
CVE-2009-1304
CVE-2009-1305
CVE-2009-1306
CVE-2009-1307
CVE-2009-1308
CVE-2009-1309
CVE-2009-1310
CVE-2009-1311
CVE-2009-1312
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5265
 
Oval ID: oval:org.mitre.oval:def:5265
Title: Mozilla Seamonkey Multiple XSS Vulnerabilities
Description: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1309
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5319
 
Oval ID: oval:org.mitre.oval:def:5319
Title: Mozilla Thunderbird Memory corruption Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1304
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5480
 
Oval ID: oval:org.mitre.oval:def:5480
Title: Mozilla Seamonkey Memory corruption Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1304
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5527
 
Oval ID: oval:org.mitre.oval:def:5527
Title: Mozilla Firefox Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1302
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5591
 
Oval ID: oval:org.mitre.oval:def:5591
Title: Mozilla Thunderbird Multiple XSS Vulnerabilities
Description: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1309
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5810
 
Oval ID: oval:org.mitre.oval:def:5810
Title: Mozilla Seamonkey Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1303
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5933
 
Oval ID: oval:org.mitre.oval:def:5933
Title: Mozilla Seamonkey arbitrary code execution Vulnerability
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1307
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5992
 
Oval ID: oval:org.mitre.oval:def:5992
Title: Mozilla Firefox Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1303
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6015
 
Oval ID: oval:org.mitre.oval:def:6015
Title: Mozilla Firefox Memory corruption Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1304
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6021
 
Oval ID: oval:org.mitre.oval:def:6021
Title: Mozilla Firefox Cross Site Scripting Vulnerability
Description: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1306
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6064
 
Oval ID: oval:org.mitre.oval:def:6064
Title: Mozilla Firefox XSS Vulnerability
Description: Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1312
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6070
 
Oval ID: oval:org.mitre.oval:def:6070
Title: Mozilla Seamonkey Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1302
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6090
 
Oval ID: oval:org.mitre.oval:def:6090
Title: Mozilla Thunderbird DoS and Memory Corruption Vulnerability
Description: The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1305
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6131
 
Oval ID: oval:org.mitre.oval:def:6131
Title: Mozilla Seamonkey XSS Vulnerability
Description: Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1312
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6139
 
Oval ID: oval:org.mitre.oval:def:6139
Title: Mozilla Firefox Multiple XSS Vulnerabilities
Description: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1309
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6151
 
Oval ID: oval:org.mitre.oval:def:6151
Title: Mozilla Thunderbird Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1303
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6154
 
Oval ID: oval:org.mitre.oval:def:6154
Title: Mozilla Firefox arbitrary code execution Vulnerability
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1307
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6170
 
Oval ID: oval:org.mitre.oval:def:6170
Title: Mozilla Thunderbird Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1302
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6173
 
Oval ID: oval:org.mitre.oval:def:6173
Title: Mozilla Seamonkey XSS and arbitrary injection Vulnerabilities
Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1308
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6185
 
Oval ID: oval:org.mitre.oval:def:6185
Title: Mozilla Firefox XSS and arbitrary injection Vulnerabilities
Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1308
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6194
 
Oval ID: oval:org.mitre.oval:def:6194
Title: Mozilla Seamonkey Cross Site Scripting Vulnerability
Description: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1306
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6200
 
Oval ID: oval:org.mitre.oval:def:6200
Title: Mozilla Seamonkey Information Disclosure Vulnerability
Description: Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1311
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6222
 
Oval ID: oval:org.mitre.oval:def:6222
Title: Mozilla Firefox Information Disclosure Vulnerability
Description: Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1311
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6232
 
Oval ID: oval:org.mitre.oval:def:6232
Title: Mozilla Firefox DoS and Memory Corruption Vulnerability
Description: The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1305
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6242
 
Oval ID: oval:org.mitre.oval:def:6242
Title: Mozilla Firefox XSS nadn HTML injection Vulnerabilities
Description: Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1310
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6248
 
Oval ID: oval:org.mitre.oval:def:6248
Title: Mozilla Seamonkey DoS and Memory Corruption Vulnerability
Description: The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1305
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6266
 
Oval ID: oval:org.mitre.oval:def:6266
Title: Mozilla Thunderbird arbitrary code execution Vulnerability
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1307
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6296
 
Oval ID: oval:org.mitre.oval:def:6296
Title: Mozilla Thunderbird XSS and arbitrary injection Vulnerabilities
Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1308
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6312
 
Oval ID: oval:org.mitre.oval:def:6312
Title: Mozilla Thunderbird Cross Site Scripting Vulnerability
Description: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1306
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6646
 
Oval ID: oval:org.mitre.oval:def:6646
Title: Mozilla Thunderbird, Firefox and Seamonkey Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1303
Version: 17
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6710
 
Oval ID: oval:org.mitre.oval:def:6710
Title: Mozilla Thunderbird, Firefox and Seamonkey Cross Site Scripting Vulnerability
Description: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1306
Version: 17
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6731
 
Oval ID: oval:org.mitre.oval:def:6731
Title: Mozilla Firefox and Seamonkey XSS Vulnerability
Description: Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1312
Version: 10
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6831
 
Oval ID: oval:org.mitre.oval:def:6831
Title: Mozilla Firefox, Thunderbird, and Seamonkey Multiple XSS Vulnerabilities
Description: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1309
Version: 17
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6920
 
Oval ID: oval:org.mitre.oval:def:6920
Title: DSA-1797 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Moxie Marlinspike discovered that Unicode box drawing characters inside of internationalised domain names could be used for phishing attacks. Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the layout engine, which might allow the execution of arbitrary code. Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Daniel Veditz discovered that the Content-Disposition: header is ignored within the jar: URI scheme. Gregory Fleischer discovered that the same-origin policy for Flash files is inproperly enforced for files loaded through the view-source scheme, which may result in bypass of cross-domain policy restrictions. Cefn Hoile discovered that sites, which allow the embedding of third-party stylesheets are vulnerable to cross-site scripting attacks through XBL bindings. "moz_bug_r_a4" discovered bypasses of the same-origin policy in the XMLHttpRequest Javascript API and the XPCNativeWrapper. Paolo Amadini discovered that incorrect handling of POST data when saving a web site with an embedded frame may lead to information disclosure. It was discovered that Iceweasel allows Refresh: headers to redirect to Javascript URIs, resulting in cross-site scripting.
Family: unix Class: patch
Reference(s): DSA-1797
CVE-2009-0652
CVE-2009-1302
CVE-2009-1303
CVE-2009-1304
CVE-2009-1305
CVE-2009-1306
CVE-2009-1307
CVE-2009-1308
CVE-2009-1309
CVE-2009-1311
CVE-2009-1312
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6921
 
Oval ID: oval:org.mitre.oval:def:6921
Title: Mozilla Firefox, Thunderbird and Seamonkey DoS and Memory Corruption Vulnerability
Description: The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1305
Version: 17
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7008
 
Oval ID: oval:org.mitre.oval:def:7008
Title: Mozilla Thunderbird, Firefox and Seamonkey arbitrary code execution Vulnerability
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1307
Version: 17
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Thunderbird
Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7030
 
Oval ID: oval:org.mitre.oval:def:7030
Title: Mozilla Thunderbird, Seamonkey and Firefox Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1302
Version: 17
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Thunderbird
Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7235
 
Oval ID: oval:org.mitre.oval:def:7235
Title: Mozilla Firefox and Seamonkey Information Disclosure Vulnerability
Description: Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1311
Version: 10
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7285
 
Oval ID: oval:org.mitre.oval:def:7285
Title: Mozilla Thunderbird, Firefox and Seamonkey XSS and arbitrary injection Vulnerabilities
Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1308
Version: 17
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Thunderbird
Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7516
 
Oval ID: oval:org.mitre.oval:def:7516
Title: Mozilla Firefox, Thunderbird and Seamonkey Memory corruption Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1304
Version: 17
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9455
 
Oval ID: oval:org.mitre.oval:def:9455
Title: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1303
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9494
 
Oval ID: oval:org.mitre.oval:def:9494
Title: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Description: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1309
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9535
 
Oval ID: oval:org.mitre.oval:def:9535
Title: The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
Description: The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1304
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9818
 
Oval ID: oval:org.mitre.oval:def:9818
Title: Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.
Description: Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1312
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 171
Application 41
Application 86

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for firefox CESA-2009:0436 centos5 i386
File : nvt/gb_CESA-2009_0436_firefox_centos5_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:0436 centos4 i386
File : nvt/gb_CESA-2009_0436_firefox_centos4_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:0437-02 centos2 i386
File : nvt/gb_CESA-2009_0437-02_seamonkey_centos2_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2009:1126 centos5 i386
File : nvt/gb_CESA-2009_1126_thunderbird_centos5_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:0449 centos5 i386
File : nvt/gb_CESA-2009_0449_firefox_centos5_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:0449 centos4 i386
File : nvt/gb_CESA-2009_0449_firefox_centos4_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:0437 centos4 i386
File : nvt/gb_CESA-2009_0437_seamonkey_centos4_i386.nasl
2009-10-11 Name : SLES11: Security update for MozillaFirefox
File : nvt/sles11_MozillaFirefox1.nasl
2009-10-11 Name : SLES11: Security update for Mozilla Firefox
File : nvt/sles11_MozillaFirefox2.nasl
2009-10-11 Name : SLES11: Security update for Mozilla
File : nvt/sles11_mozilla-xulrunn.nasl
2009-10-10 Name : SLES9: Security update for epiphany
File : nvt/sles9p5059920.nasl
2009-09-15 Name : Debian Security Advisory DSA 1886-1 (iceweasel)
File : nvt/deb_1886_1.nasl
2009-07-29 Name : Ubuntu USN-802-1 (apache2)
File : nvt/ubuntu_802_1.nasl
2009-07-29 Name : Fedora Core 11 FEDORA-2009-7614 (seamonkey)
File : nvt/fcore_2009_7614.nasl
2009-07-29 Name : Fedora Core 10 FEDORA-2009-7567 (seamonkey)
File : nvt/fcore_2009_7567.nasl
2009-07-29 Name : Debian Security Advisory DSA 1830-1 (icedove)
File : nvt/deb_1830_1.nasl
2009-07-29 Name : Ubuntu USN-799-1 (dbus)
File : nvt/ubuntu_799_1.nasl
2009-07-29 Name : Ubuntu USN-801-1 (tiff)
File : nvt/ubuntu_801_1.nasl
2009-06-30 Name : Mandrake Security Advisory MDVSA-2009:141 (mozilla-thunderbird)
File : nvt/mdksa_2009_141.nasl
2009-06-30 Name : CentOS Security Advisory CESA-2009:1126 (thunderbird)
File : nvt/ovcesa2009_1126.nasl
2009-06-30 Name : Ubuntu USN-782-1 (thunderbird)
File : nvt/ubuntu_782_1.nasl
2009-06-30 Name : Ubuntu USN-792-1 (openssl)
File : nvt/ubuntu_792_1.nasl
2009-06-30 Name : RedHat Security Advisory RHSA-2009:1126
File : nvt/RHSA_2009_1126.nasl
2009-06-30 Name : RedHat Security Advisory RHSA-2009:1125
File : nvt/RHSA_2009_1125.nasl
2009-06-05 Name : Ubuntu USN-765-1 (xulrunner-1.9)
File : nvt/ubuntu_765_1.nasl
2009-06-05 Name : Ubuntu USN-766-1 (acpid)
File : nvt/ubuntu_766_1.nasl
2009-06-05 Name : Ubuntu USN-767-1 (freetype)
File : nvt/ubuntu_767_1.nasl
2009-06-05 Name : Ubuntu USN-771-1 (libmodplug)
File : nvt/ubuntu_771_1.nasl
2009-06-05 Name : Ubuntu USN-772-1 (mpfr)
File : nvt/ubuntu_772_1.nasl
2009-06-05 Name : Ubuntu USN-764-1 (xulrunner-1.9)
File : nvt/ubuntu_764_1.nasl
2009-06-05 Name : Ubuntu USN-763-1 (xine-lib)
File : nvt/ubuntu_763_1.nasl
2009-06-05 Name : Mandrake Security Advisory MDVSA-2009:111 (firefox)
File : nvt/mdksa_2009_111.nasl
2009-06-05 Name : Ubuntu USN-761-2 (php5)
File : nvt/ubuntu_761_2.nasl
2009-06-05 Name : Ubuntu USN-773-1 (pango1.0)
File : nvt/ubuntu_773_1.nasl
2009-05-25 Name : CentOS Security Advisory CESA-2009:0437 (seamonkey)
File : nvt/ovcesa2009_0437.nasl
2009-05-20 Name : Mandrake Security Advisory MDVSA-2009:111-1 (firefox)
File : nvt/mdksa_2009_111_1.nasl
2009-05-20 Name : SuSE Security Summary SUSE-SR:2009:010
File : nvt/suse_sr_2009_010.nasl
2009-05-11 Name : Debian Security Advisory DSA 1797-1 (xulrunner)
File : nvt/deb_1797_1.nasl
2009-05-07 Name : Mozilla Firefox DoS Vulnerability May-09 (Linux)
File : nvt/gb_firefox_dos_vuln_may09_lin.nasl
2009-05-07 Name : Mozilla Firefox DoS Vulnerability May-09 (Win)
File : nvt/gb_firefox_dos_vuln_may09_win.nasl
2009-05-05 Name : RedHat Security Advisory RHSA-2009:0449
File : nvt/RHSA_2009_0449.nasl
2009-05-05 Name : Fedora Core 9 FEDORA-2009-4078 (xulrunner)
File : nvt/fcore_2009_4078.nasl
2009-05-05 Name : Fedora Core 10 FEDORA-2009-4083 (epiphany)
File : nvt/fcore_2009_4083.nasl
2009-05-05 Name : CentOS Security Advisory CESA-2009:0449 (firefox)
File : nvt/ovcesa2009_0449.nasl
2009-04-30 Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Win)
File : nvt/secpod_firefox_mult_vuln_apr09_win.nasl
2009-04-30 Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Linux)
File : nvt/secpod_firefox_mult_vuln_apr09_lin.nasl
2009-04-30 Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Win)
File : nvt/secpod_thunderbird_mult_vuln_apr09_win.nasl
2009-04-30 Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Linux)
File : nvt/secpod_thunderbird_mult_vuln_apr09_lin.nasl
2009-04-30 Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Win)
File : nvt/secpod_seamonkey_mult_vuln_apr09_win.nasl
2009-04-30 Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Linux)
File : nvt/secpod_seamonkey_mult_vuln_apr09_lin.nasl
2009-04-28 Name : CentOS Security Advisory CESA-2009:0436 (firefox)
File : nvt/ovcesa2009_0436.nasl
2009-04-28 Name : RedHat Security Advisory RHSA-2009:0437
File : nvt/RHSA_2009_0437.nasl
2009-04-28 Name : Fedora Core 9 FEDORA-2009-3875 (firefox)
File : nvt/fcore_2009_3875.nasl
2009-04-28 Name : Fedora Core 10 FEDORA-2009-3893 (epiphany)
File : nvt/fcore_2009_3893.nasl
2009-04-28 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox38.nasl
2009-04-28 Name : CentOS Security Advisory CESA-2009:0437-02 (seamonkey)
File : nvt/ovcesa2009_0437_02.nasl
2009-04-28 Name : RedHat Security Advisory RHSA-2009:0436
File : nvt/RHSA_2009_0436.nasl
2009-02-26 Name : Firefox URL Spoofing And Phising Vulnerability (Win)
File : nvt/secpod_firefox_url_spoof_vuln_win.nasl
2009-02-26 Name : Firefox URL Spoofing And Phising Vulnerability (Linux)
File : nvt/secpod_firefox_url_spoof_vuln_lin.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-178-01 mozilla-thunderbird
File : nvt/esoft_slk_ssa_2009_178_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-176-01 seamonkey
File : nvt/esoft_slk_ssa_2009_176_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-118-01 mozilla-firefox
File : nvt/esoft_slk_ssa_2009_118_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
54174 Mozilla Firefox layout/generic/nsTextFrameThebes.cpp nsTextFrame::ClearTextRu...

53972 Mozilla Multiple Products nsAsyncInstantiateEvent::Run() Frame Handling Memor...

53971 Mozilla Multiple Products nsSVGElement::BindToTree svg Handling Memory Corrup...

53970 Mozilla Multiple Products js_FindPropertyHelper Error Condition JavaScript En...

53969 Mozilla Multiple Products JavaScript Engine gvar Optimization JSOP_DEFVAR Hea...

53968 Mozilla Multiple Products XMLHttpRequest Document Creation Principal-based Se...

53967 Mozilla Multiple Products js_CheckRedeclaration Shared Object Handling JavaSc...

53966 Mozilla Multiple Products gfxSkipCharsIterator::SetOffsets Memory Corruption

53965 Mozilla Multiple Products nsStyleContext::Destroy() DOMAttrModified Window Ha...

53964 Mozilla Multiple Products PL_DHashTableOperate / nsEditor::EndUpdateViewBatch...

53963 Mozilla Multiple Products XSLT Stylesheet Compiling Memory Corruption

53962 Mozilla Multiple Products nsComputedDOMStyle::GetWidth Memory Corruption

53961 Mozilla Multiple Products nsXULDocument::SynchronizeBroadcastListener Memory ...

53960 Mozilla Multiple Products IsBindingAncestor Frame Handling Memory Corruption

53959 Mozilla Multiple Products XPCNativeWrapper.toString XSS

53958 Mozilla Multiple Products view-source: Scheme Adobe Flash Same-origin Policy ...

53957 Mozilla Multiple Products jar Scheme Content-disposition Header Bypass

53955 Mozilla Multiple Products Third-party Stylesheet XBL Binding XSS

53954 Mozilla Firefox MozSearch Plugins Empty Search Page Manipulation Weakness

53953 Mozilla Firefox Inner Frame Saving Cross Site POST Request Disclosure

53952 Mozilla Multiple Products Server Refresh Header XSS

52659 Mozilla Firefox IDN Homoglyph Character Literal Rendering URI Spoofing Weakness

Snort® IPS/IDS

Date Description
2014-01-10 Mozilla Firefox ClearTextRun exploit attempt
RuleID : 17719 - Revision : 8 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox ClearTextRun exploit attempt
RuleID : 16284 - Revision : 8 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-1125.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0449.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0437.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0436.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090421_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20090625_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090421_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1886.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1830.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0449.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO
2009-10-30 Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-6538.nasl - Type : ACT_GATHER_INFO
2009-10-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-091007.nasl - Type : ACT_GATHER_INFO
2009-10-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-091007.nasl - Type : ACT_GATHER_INFO
2009-10-07 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12519.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaThunderbird-6347.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-090617.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-090617.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO
2009-07-17 Name : The remote Fedora host is missing a security update.
File : fedora_2009-7614.nasl - Type : ACT_GATHER_INFO
2009-07-17 Name : The remote Fedora host is missing a security update.
File : fedora_2009-7567.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-141.nasl - Type : ACT_GATHER_INFO
2009-06-28 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-178-01.nasl - Type : ACT_GATHER_INFO
2009-06-26 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-176-01.nasl - Type : ACT_GATHER_INFO
2009-06-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-782-1.nasl - Type : ACT_GATHER_INFO
2009-06-26 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-1125.nasl - Type : ACT_GATHER_INFO
2009-06-23 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1117.nasl - Type : ACT_GATHER_INFO
2009-06-23 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20022.nasl - Type : ACT_GATHER_INFO
2009-06-19 Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-6310.nasl - Type : ACT_GATHER_INFO
2009-05-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO
2009-05-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-111.nasl - Type : ACT_GATHER_INFO
2009-05-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1797.nasl - Type : ACT_GATHER_INFO
2009-04-29 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-118-01.nasl - Type : ACT_GATHER_INFO
2009-04-29 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-765-1.nasl - Type : ACT_GATHER_INFO
2009-04-28 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3010.nasl - Type : ACT_GATHER_INFO
2009-04-28 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-4083.nasl - Type : ACT_GATHER_INFO
2009-04-28 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-4078.nasl - Type : ACT_GATHER_INFO
2009-04-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0449.nasl - Type : ACT_GATHER_INFO
2009-04-27 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-3893.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-3875.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-764-1.nasl - Type : ACT_GATHER_INFO
2009-04-22 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_309.nasl - Type : ACT_GATHER_INFO
2009-04-22 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_3b18e2372f1511de96720030843d3802.nasl - Type : ACT_GATHER_INFO
2009-04-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO
2009-04-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO
2009-04-10 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1116.nasl - Type : ACT_GATHER_INFO
2009-03-20 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20021.nasl - Type : ACT_GATHER_INFO
2009-03-20 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1115.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:40:16
  • Multiple Updates