Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2009:111 | First vendor Publication | 2009-05-12 |
Vendor | Mandriva | Last vendor Modification | 2009-05-12 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312, CVE-2009-1313) This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:111 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-16 | Configuration |
17 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
8 % | CWE-200 | Information Exposure |
8 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10106 | |||
Oval ID: | oval:org.mitre.oval:def:10106 | ||
Title: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1302 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10110 | |||
Oval ID: | oval:org.mitre.oval:def:10110 | ||
Title: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1305 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10150 | |||
Oval ID: | oval:org.mitre.oval:def:10150 | ||
Title: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1306 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10428 | |||
Oval ID: | oval:org.mitre.oval:def:10428 | ||
Title: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. | ||
Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1308 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10446 | |||
Oval ID: | oval:org.mitre.oval:def:10446 | ||
Title: | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||
Description: | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1313 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10939 | |||
Oval ID: | oval:org.mitre.oval:def:10939 | ||
Title: | Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | ||
Description: | Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1311 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10972 | |||
Oval ID: | oval:org.mitre.oval:def:10972 | ||
Title: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11396 | |||
Oval ID: | oval:org.mitre.oval:def:11396 | ||
Title: | The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected. | ||
Description: | The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0652 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11520 | |||
Oval ID: | oval:org.mitre.oval:def:11520 | ||
Title: | Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. | ||
Description: | Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1310 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13435 | |||
Oval ID: | oval:org.mitre.oval:def:13435 | ||
Title: | DSA-1797-1 xulrunner -- several | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0652 Moxie Marlinspike discovered that Unicode box drawing characters inside of internationalised domain names could be used for phishing attacks. CVE-2009-1302 Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the in the layout engine, which might allow the execution of arbitrary code. CVE-2009-1303 Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the in the layout engine, which might allow the execution of arbitrary code. CVE-2009-1304 Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-1305 Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-1306 Daniel Veditz discovered that the Content-Disposition: header is ignored within the jar: URI scheme. CVE-2009-1307 Gregory Fleischer discovered that the same-origin policy for Flash files is inproperly enforced for files loaded through the view-source scheme, which may result in bypass of cross-domain policy restrictions. CVE-2009-1308 Cefn Hoile discovered that sites, which allow the embedding of third-party stylesheets are vulnerable to cross-site scripting attacks through XBL bindings. CVE-2009-1309 "moz_bug_r_a4" discovered bypasses of the same-origin policy in the XMLHttpRequest Javascript API and the XPCNativeWrapper. CVE-2009-1311 Paolo Amadini discovered that incorrect handling of POST data when saving a web site with an embedded frame may lead to information disclosure. CVE-2009-1312 It was discovered that Iceweasel allows Refresh: headers to redirect to Javascript URIs, resulting in cross-site scripting. For the stable distribution, these problems have been fixed in version 1.9.0.9-0lenny2. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.0.9-1. We recommend that you upgrade your xulrunner packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1797-1 CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1311 CVE-2009-1312 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21861 | |||
Oval ID: | oval:org.mitre.oval:def:21861 | ||
Title: | ELSA-2009:0436: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0436-02 CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 | Version: | 53 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22781 | |||
Oval ID: | oval:org.mitre.oval:def:22781 | ||
Title: | ELSA-2009:0449: firefox security update (Critical) | ||
Description: | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0449-01 CVE-2009-1313 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28736 | |||
Oval ID: | oval:org.mitre.oval:def:28736 | ||
Title: | RHSA-2009:0449 -- firefox security update (Critical) | ||
Description: | Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0449 CESA-2009:0449-CentOS 5 CVE-2009-1313 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29267 | |||
Oval ID: | oval:org.mitre.oval:def:29267 | ||
Title: | RHSA-2009:0436 -- firefox security update (Critical) | ||
Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0436 CESA-2009:0436-CentOS 5 CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5265 | |||
Oval ID: | oval:org.mitre.oval:def:5265 | ||
Title: | Mozilla Seamonkey Multiple XSS Vulnerabilities | ||
Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1309 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5319 | |||
Oval ID: | oval:org.mitre.oval:def:5319 | ||
Title: | Mozilla Thunderbird Memory corruption Vulnerabilities | ||
Description: | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1304 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5480 | |||
Oval ID: | oval:org.mitre.oval:def:5480 | ||
Title: | Mozilla Seamonkey Memory corruption Vulnerabilities | ||
Description: | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1304 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5527 | |||
Oval ID: | oval:org.mitre.oval:def:5527 | ||
Title: | Mozilla Firefox Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1302 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5591 | |||
Oval ID: | oval:org.mitre.oval:def:5591 | ||
Title: | Mozilla Thunderbird Multiple XSS Vulnerabilities | ||
Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1309 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5810 | |||
Oval ID: | oval:org.mitre.oval:def:5810 | ||
Title: | Mozilla Seamonkey Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5933 | |||
Oval ID: | oval:org.mitre.oval:def:5933 | ||
Title: | Mozilla Seamonkey arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5992 | |||
Oval ID: | oval:org.mitre.oval:def:5992 | ||
Title: | Mozilla Firefox Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6015 | |||
Oval ID: | oval:org.mitre.oval:def:6015 | ||
Title: | Mozilla Firefox Memory corruption Vulnerabilities | ||
Description: | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1304 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6021 | |||
Oval ID: | oval:org.mitre.oval:def:6021 | ||
Title: | Mozilla Firefox Cross Site Scripting Vulnerability | ||
Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1306 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6064 | |||
Oval ID: | oval:org.mitre.oval:def:6064 | ||
Title: | Mozilla Firefox XSS Vulnerability | ||
Description: | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1312 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6070 | |||
Oval ID: | oval:org.mitre.oval:def:6070 | ||
Title: | Mozilla Seamonkey Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1302 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6090 | |||
Oval ID: | oval:org.mitre.oval:def:6090 | ||
Title: | Mozilla Thunderbird DoS and Memory Corruption Vulnerability | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1305 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6131 | |||
Oval ID: | oval:org.mitre.oval:def:6131 | ||
Title: | Mozilla Seamonkey XSS Vulnerability | ||
Description: | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1312 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6139 | |||
Oval ID: | oval:org.mitre.oval:def:6139 | ||
Title: | Mozilla Firefox Multiple XSS Vulnerabilities | ||
Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1309 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6151 | |||
Oval ID: | oval:org.mitre.oval:def:6151 | ||
Title: | Mozilla Thunderbird Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6154 | |||
Oval ID: | oval:org.mitre.oval:def:6154 | ||
Title: | Mozilla Firefox arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6170 | |||
Oval ID: | oval:org.mitre.oval:def:6170 | ||
Title: | Mozilla Thunderbird Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1302 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6173 | |||
Oval ID: | oval:org.mitre.oval:def:6173 | ||
Title: | Mozilla Seamonkey XSS and arbitrary injection Vulnerabilities | ||
Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1308 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6185 | |||
Oval ID: | oval:org.mitre.oval:def:6185 | ||
Title: | Mozilla Firefox XSS and arbitrary injection Vulnerabilities | ||
Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1308 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6194 | |||
Oval ID: | oval:org.mitre.oval:def:6194 | ||
Title: | Mozilla Seamonkey Cross Site Scripting Vulnerability | ||
Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1306 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6200 | |||
Oval ID: | oval:org.mitre.oval:def:6200 | ||
Title: | Mozilla Seamonkey Information Disclosure Vulnerability | ||
Description: | Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1311 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6222 | |||
Oval ID: | oval:org.mitre.oval:def:6222 | ||
Title: | Mozilla Firefox Information Disclosure Vulnerability | ||
Description: | Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1311 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6232 | |||
Oval ID: | oval:org.mitre.oval:def:6232 | ||
Title: | Mozilla Firefox DoS and Memory Corruption Vulnerability | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1305 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6242 | |||
Oval ID: | oval:org.mitre.oval:def:6242 | ||
Title: | Mozilla Firefox XSS nadn HTML injection Vulnerabilities | ||
Description: | Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1310 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6248 | |||
Oval ID: | oval:org.mitre.oval:def:6248 | ||
Title: | Mozilla Seamonkey DoS and Memory Corruption Vulnerability | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1305 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6266 | |||
Oval ID: | oval:org.mitre.oval:def:6266 | ||
Title: | Mozilla Thunderbird arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6296 | |||
Oval ID: | oval:org.mitre.oval:def:6296 | ||
Title: | Mozilla Thunderbird XSS and arbitrary injection Vulnerabilities | ||
Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1308 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6312 | |||
Oval ID: | oval:org.mitre.oval:def:6312 | ||
Title: | Mozilla Thunderbird Cross Site Scripting Vulnerability | ||
Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1306 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6646 | |||
Oval ID: | oval:org.mitre.oval:def:6646 | ||
Title: | Mozilla Thunderbird, Firefox and Seamonkey Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6710 | |||
Oval ID: | oval:org.mitre.oval:def:6710 | ||
Title: | Mozilla Thunderbird, Firefox and Seamonkey Cross Site Scripting Vulnerability | ||
Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1306 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6731 | |||
Oval ID: | oval:org.mitre.oval:def:6731 | ||
Title: | Mozilla Firefox and Seamonkey XSS Vulnerability | ||
Description: | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1312 | Version: | 10 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6831 | |||
Oval ID: | oval:org.mitre.oval:def:6831 | ||
Title: | Mozilla Firefox, Thunderbird, and Seamonkey Multiple XSS Vulnerabilities | ||
Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1309 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6920 | |||
Oval ID: | oval:org.mitre.oval:def:6920 | ||
Title: | DSA-1797 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Moxie Marlinspike discovered that Unicode box drawing characters inside of internationalised domain names could be used for phishing attacks. Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the layout engine, which might allow the execution of arbitrary code. Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Daniel Veditz discovered that the Content-Disposition: header is ignored within the jar: URI scheme. Gregory Fleischer discovered that the same-origin policy for Flash files is inproperly enforced for files loaded through the view-source scheme, which may result in bypass of cross-domain policy restrictions. Cefn Hoile discovered that sites, which allow the embedding of third-party stylesheets are vulnerable to cross-site scripting attacks through XBL bindings. "moz_bug_r_a4" discovered bypasses of the same-origin policy in the XMLHttpRequest Javascript API and the XPCNativeWrapper. Paolo Amadini discovered that incorrect handling of POST data when saving a web site with an embedded frame may lead to information disclosure. It was discovered that Iceweasel allows Refresh: headers to redirect to Javascript URIs, resulting in cross-site scripting. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1797 CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1311 CVE-2009-1312 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6921 | |||
Oval ID: | oval:org.mitre.oval:def:6921 | ||
Title: | Mozilla Firefox, Thunderbird and Seamonkey DoS and Memory Corruption Vulnerability | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1305 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7008 | |||
Oval ID: | oval:org.mitre.oval:def:7008 | ||
Title: | Mozilla Thunderbird, Firefox and Seamonkey arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7030 | |||
Oval ID: | oval:org.mitre.oval:def:7030 | ||
Title: | Mozilla Thunderbird, Seamonkey and Firefox Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1302 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7235 | |||
Oval ID: | oval:org.mitre.oval:def:7235 | ||
Title: | Mozilla Firefox and Seamonkey Information Disclosure Vulnerability | ||
Description: | Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1311 | Version: | 10 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7285 | |||
Oval ID: | oval:org.mitre.oval:def:7285 | ||
Title: | Mozilla Thunderbird, Firefox and Seamonkey XSS and arbitrary injection Vulnerabilities | ||
Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1308 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7516 | |||
Oval ID: | oval:org.mitre.oval:def:7516 | ||
Title: | Mozilla Firefox, Thunderbird and Seamonkey Memory corruption Vulnerabilities | ||
Description: | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1304 | Version: | 17 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9455 | |||
Oval ID: | oval:org.mitre.oval:def:9455 | ||
Title: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9494 | |||
Oval ID: | oval:org.mitre.oval:def:9494 | ||
Title: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1309 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9535 | |||
Oval ID: | oval:org.mitre.oval:def:9535 | ||
Title: | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. | ||
Description: | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1304 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9818 | |||
Oval ID: | oval:org.mitre.oval:def:9818 | ||
Title: | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||
Description: | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1312 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0436 centos5 i386 File : nvt/gb_CESA-2009_0436_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0436 centos4 i386 File : nvt/gb_CESA-2009_0436_firefox_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0437-02 centos2 i386 File : nvt/gb_CESA-2009_0437-02_seamonkey_centos2_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:1126 centos5 i386 File : nvt/gb_CESA-2009_1126_thunderbird_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0449 centos5 i386 File : nvt/gb_CESA-2009_0449_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0449 centos4 i386 File : nvt/gb_CESA-2009_0449_firefox_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0437 centos4 i386 File : nvt/gb_CESA-2009_0437_seamonkey_centos4_i386.nasl |
2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox1.nasl |
2009-10-11 | Name : SLES11: Security update for Mozilla Firefox File : nvt/sles11_MozillaFirefox2.nasl |
2009-10-11 | Name : SLES11: Security update for Mozilla File : nvt/sles11_mozilla-xulrunn.nasl |
2009-10-10 | Name : SLES9: Security update for epiphany File : nvt/sles9p5059920.nasl |
2009-09-15 | Name : Debian Security Advisory DSA 1886-1 (iceweasel) File : nvt/deb_1886_1.nasl |
2009-07-29 | Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7614 (seamonkey) File : nvt/fcore_2009_7614.nasl |
2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7567 (seamonkey) File : nvt/fcore_2009_7567.nasl |
2009-07-29 | Name : Debian Security Advisory DSA 1830-1 (icedove) File : nvt/deb_1830_1.nasl |
2009-07-29 | Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl |
2009-07-29 | Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl |
2009-06-30 | Name : Mandrake Security Advisory MDVSA-2009:141 (mozilla-thunderbird) File : nvt/mdksa_2009_141.nasl |
2009-06-30 | Name : CentOS Security Advisory CESA-2009:1126 (thunderbird) File : nvt/ovcesa2009_1126.nasl |
2009-06-30 | Name : Ubuntu USN-782-1 (thunderbird) File : nvt/ubuntu_782_1.nasl |
2009-06-30 | Name : Ubuntu USN-792-1 (openssl) File : nvt/ubuntu_792_1.nasl |
2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1126 File : nvt/RHSA_2009_1126.nasl |
2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1125 File : nvt/RHSA_2009_1125.nasl |
2009-06-05 | Name : Ubuntu USN-765-1 (xulrunner-1.9) File : nvt/ubuntu_765_1.nasl |
2009-06-05 | Name : Ubuntu USN-766-1 (acpid) File : nvt/ubuntu_766_1.nasl |
2009-06-05 | Name : Ubuntu USN-767-1 (freetype) File : nvt/ubuntu_767_1.nasl |
2009-06-05 | Name : Ubuntu USN-771-1 (libmodplug) File : nvt/ubuntu_771_1.nasl |
2009-06-05 | Name : Ubuntu USN-772-1 (mpfr) File : nvt/ubuntu_772_1.nasl |
2009-06-05 | Name : Ubuntu USN-764-1 (xulrunner-1.9) File : nvt/ubuntu_764_1.nasl |
2009-06-05 | Name : Ubuntu USN-763-1 (xine-lib) File : nvt/ubuntu_763_1.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:111 (firefox) File : nvt/mdksa_2009_111.nasl |
2009-06-05 | Name : Ubuntu USN-761-2 (php5) File : nvt/ubuntu_761_2.nasl |
2009-06-05 | Name : Ubuntu USN-773-1 (pango1.0) File : nvt/ubuntu_773_1.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:0437 (seamonkey) File : nvt/ovcesa2009_0437.nasl |
2009-05-20 | Name : Mandrake Security Advisory MDVSA-2009:111-1 (firefox) File : nvt/mdksa_2009_111_1.nasl |
2009-05-20 | Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl |
2009-05-11 | Name : Debian Security Advisory DSA 1797-1 (xulrunner) File : nvt/deb_1797_1.nasl |
2009-05-07 | Name : Mozilla Firefox DoS Vulnerability May-09 (Linux) File : nvt/gb_firefox_dos_vuln_may09_lin.nasl |
2009-05-07 | Name : Mozilla Firefox DoS Vulnerability May-09 (Win) File : nvt/gb_firefox_dos_vuln_may09_win.nasl |
2009-05-05 | Name : RedHat Security Advisory RHSA-2009:0449 File : nvt/RHSA_2009_0449.nasl |
2009-05-05 | Name : Fedora Core 9 FEDORA-2009-4078 (xulrunner) File : nvt/fcore_2009_4078.nasl |
2009-05-05 | Name : Fedora Core 10 FEDORA-2009-4083 (epiphany) File : nvt/fcore_2009_4083.nasl |
2009-05-05 | Name : CentOS Security Advisory CESA-2009:0449 (firefox) File : nvt/ovcesa2009_0449.nasl |
2009-04-30 | Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_firefox_mult_vuln_apr09_win.nasl |
2009-04-30 | Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_firefox_mult_vuln_apr09_lin.nasl |
2009-04-30 | Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_thunderbird_mult_vuln_apr09_win.nasl |
2009-04-30 | Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_thunderbird_mult_vuln_apr09_lin.nasl |
2009-04-30 | Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_seamonkey_mult_vuln_apr09_win.nasl |
2009-04-30 | Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_seamonkey_mult_vuln_apr09_lin.nasl |
2009-04-28 | Name : CentOS Security Advisory CESA-2009:0436 (firefox) File : nvt/ovcesa2009_0436.nasl |
2009-04-28 | Name : RedHat Security Advisory RHSA-2009:0437 File : nvt/RHSA_2009_0437.nasl |
2009-04-28 | Name : Fedora Core 9 FEDORA-2009-3875 (firefox) File : nvt/fcore_2009_3875.nasl |
2009-04-28 | Name : Fedora Core 10 FEDORA-2009-3893 (epiphany) File : nvt/fcore_2009_3893.nasl |
2009-04-28 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox38.nasl |
2009-04-28 | Name : CentOS Security Advisory CESA-2009:0437-02 (seamonkey) File : nvt/ovcesa2009_0437_02.nasl |
2009-04-28 | Name : RedHat Security Advisory RHSA-2009:0436 File : nvt/RHSA_2009_0436.nasl |
2009-02-26 | Name : Firefox URL Spoofing And Phising Vulnerability (Win) File : nvt/secpod_firefox_url_spoof_vuln_win.nasl |
2009-02-26 | Name : Firefox URL Spoofing And Phising Vulnerability (Linux) File : nvt/secpod_firefox_url_spoof_vuln_lin.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-178-01 mozilla-thunderbird File : nvt/esoft_slk_ssa_2009_178_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-176-01 seamonkey File : nvt/esoft_slk_ssa_2009_176_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-118-01 mozilla-firefox File : nvt/esoft_slk_ssa_2009_118_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54174 | Mozilla Firefox layout/generic/nsTextFrameThebes.cpp nsTextFrame::ClearTextRu... |
53972 | Mozilla Multiple Products nsAsyncInstantiateEvent::Run() Frame Handling Memor... |
53971 | Mozilla Multiple Products nsSVGElement::BindToTree svg Handling Memory Corrup... |
53970 | Mozilla Multiple Products js_FindPropertyHelper Error Condition JavaScript En... |
53969 | Mozilla Multiple Products JavaScript Engine gvar Optimization JSOP_DEFVAR Hea... |
53968 | Mozilla Multiple Products XMLHttpRequest Document Creation Principal-based Se... |
53967 | Mozilla Multiple Products js_CheckRedeclaration Shared Object Handling JavaSc... |
53966 | Mozilla Multiple Products gfxSkipCharsIterator::SetOffsets Memory Corruption |
53965 | Mozilla Multiple Products nsStyleContext::Destroy() DOMAttrModified Window Ha... |
53964 | Mozilla Multiple Products PL_DHashTableOperate / nsEditor::EndUpdateViewBatch... |
53963 | Mozilla Multiple Products XSLT Stylesheet Compiling Memory Corruption |
53962 | Mozilla Multiple Products nsComputedDOMStyle::GetWidth Memory Corruption |
53961 | Mozilla Multiple Products nsXULDocument::SynchronizeBroadcastListener Memory ... |
53960 | Mozilla Multiple Products IsBindingAncestor Frame Handling Memory Corruption |
53959 | Mozilla Multiple Products XPCNativeWrapper.toString XSS |
53958 | Mozilla Multiple Products view-source: Scheme Adobe Flash Same-origin Policy ... |
53957 | Mozilla Multiple Products jar Scheme Content-disposition Header Bypass |
53955 | Mozilla Multiple Products Third-party Stylesheet XBL Binding XSS |
53954 | Mozilla Firefox MozSearch Plugins Empty Search Page Manipulation Weakness |
53953 | Mozilla Firefox Inner Frame Saving Cross Site POST Request Disclosure |
53952 | Mozilla Multiple Products Server Refresh Header XSS |
52659 | Mozilla Firefox IDN Homoglyph Character Literal Rendering URI Spoofing Weakness |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla Firefox ClearTextRun exploit attempt RuleID : 17719 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox ClearTextRun exploit attempt RuleID : 16284 - Revision : 8 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1125.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0449.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090421_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090625_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090421_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1886.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1830.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0449.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-6538.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-091007.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-091007.nasl - Type : ACT_GATHER_INFO |
2009-10-07 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12519.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-6347.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-090617.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-090617.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7614.nasl - Type : ACT_GATHER_INFO |
2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7567.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-141.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-178-01.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-176-01.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-782-1.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1125.nasl - Type : ACT_GATHER_INFO |
2009-06-23 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1117.nasl - Type : ACT_GATHER_INFO |
2009-06-23 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20022.nasl - Type : ACT_GATHER_INFO |
2009-06-19 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-6310.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-111.nasl - Type : ACT_GATHER_INFO |
2009-05-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1797.nasl - Type : ACT_GATHER_INFO |
2009-04-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-118-01.nasl - Type : ACT_GATHER_INFO |
2009-04-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-765-1.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3010.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-4083.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-4078.nasl - Type : ACT_GATHER_INFO |
2009-04-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0449.nasl - Type : ACT_GATHER_INFO |
2009-04-27 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3893.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3875.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-764-1.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_309.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3b18e2372f1511de96720030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
2009-04-10 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1116.nasl - Type : ACT_GATHER_INFO |
2009-03-20 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20021.nasl - Type : ACT_GATHER_INFO |
2009-03-20 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1115.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:40:16 |
|