MDVSA-2009:134

Executive Summary

Informations
Name	MDVSA-2009:134	First vendor Publication	2009-06-17
Vendor	Mandriva	Last vendor Modification	2009-06-17
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Security vulnerabilities have been discovered and corrected in Mozilla Firefox 3.x:

CVE-2009-1392: Firefox browser engine crashes CVE-2009-1832: Firefox double frame construction flaw CVE-2009-1833: Firefox JavaScript engine crashes CVE-2009-1834: Firefox URL spoofing with invalid unicode characters CVE-2009-1835: Firefox Arbitrary domain cookie access by local file: resources CVE-2009-1836: Firefox SSL tampering via non-200 responses to proxy CONNECT requests CVE-2009-1837: Firefox Race condition while accessing the private data of a NPObject JS wrapper class object CVE-2009-1838: Firefox arbitrary code execution flaw CVE-2009-1839: Firefox information disclosure flaw CVE-2009-1840: Firefox XUL scripts skip some security checks CVE-2009-1841: Firefox JavaScript arbitrary code execution CVE-2009-2043: firefox - remote TinyMCE denial of service CVE-2009-2044: firefox - remote GIF denial of service CVE-2009-2061: firefox - man-in-the-middle exploit CVE-2009-2065: firefox - man-in-the-middle exploit

This update provides the latest Mozilla Firefox 3.x to correct these issues.

Additionally, some packages which require so, have been rebuilt and are being provided as updates.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:134

CWE : Common Weakness Enumeration

id	Name
CWE-94	Failure to Control Generation of Code ('Code Injection')
CWE-20	Improper Input Validation
CWE-287	Improper Authentication
CWE-264	Permissions, Privileges, and Access Controls
CWE-362	Race Condition
CWE-310	Cryptographic Issues
CWE-200	Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9501

Oval ID:	oval:org.mitre.oval:def:9501
Title:	The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.
Description:	The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1392	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.9-0.38.el3 AND seamonkey-js-debugger is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nss-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nspr-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey-mail is earlier than 0:1.0.9-0.38.el3 AND seamonkey-chat is earlier than 0:1.0.9-0.38.el3 AND seamonkey-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey-dom-inspector is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nss is earlier than 0:1.0.9-0.38.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section seamonkey-js-debugger is earlier than 0:1.0.9-43.el4_8 AND thunderbird is earlier than 0:1.5.0.12-23.el4 AND seamonkey is earlier than 0:1.0.9-43.el4_8 AND firefox is earlier than 0:3.0.11-4.el4 AND seamonkey-mail is earlier than 0:1.0.9-43.el4_8 AND seamonkey-chat is earlier than 0:1.0.9-43.el4_8 AND seamonkey-devel is earlier than 0:1.0.9-43.el4_8 AND seamonkey-dom-inspector is earlier than 0:1.0.9-43.el4_8 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.11-3.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.11-3.el5_3 AND firefox is earlier than 0:3.0.11-2.el5_3 AND thunderbird is earlier than 0:2.0.0.22-2.el5_3 AND xulrunner is earlier than 0:1.9.0.11-3.el5_3

Definition Id: oval:org.mitre.oval:def:10237

Oval ID:	oval:org.mitre.oval:def:10237
Title:	Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction."
Description:	Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction."
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1832	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND firefox is earlier than 0:3.0.11-4.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.11-3.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.11-3.el5_3 AND firefox is earlier than 0:3.0.11-2.el5_3 AND xulrunner is earlier than 0:1.9.0.11-3.el5_3

Definition Id: oval:org.mitre.oval:def:11487

Oval ID:	oval:org.mitre.oval:def:11487
Title:	The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.
Description:	The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1833	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.9-0.38.el3 AND seamonkey-js-debugger is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nss-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nspr-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey-mail is earlier than 0:1.0.9-0.38.el3 AND seamonkey-chat is earlier than 0:1.0.9-0.38.el3 AND seamonkey-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey-dom-inspector is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nss is earlier than 0:1.0.9-0.38.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section seamonkey-js-debugger is earlier than 0:1.0.9-43.el4_8 AND thunderbird is earlier than 0:1.5.0.12-23.el4 AND seamonkey is earlier than 0:1.0.9-43.el4_8 AND firefox is earlier than 0:3.0.11-4.el4 AND seamonkey-mail is earlier than 0:1.0.9-43.el4_8 AND seamonkey-chat is earlier than 0:1.0.9-43.el4_8 AND seamonkey-devel is earlier than 0:1.0.9-43.el4_8 AND seamonkey-dom-inspector is earlier than 0:1.0.9-43.el4_8 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.11-3.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.11-3.el5_3 AND firefox is earlier than 0:3.0.11-2.el5_3 AND thunderbird is earlier than 0:2.0.0.22-2.el5_3 AND xulrunner is earlier than 0:1.9.0.11-3.el5_3

Definition Id: oval:org.mitre.oval:def:10436

Oval ID:	oval:org.mitre.oval:def:10436
Title:	Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.
Description:	Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1834	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND firefox is earlier than 0:3.0.11-4.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.11-3.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.11-3.el5_3 AND firefox is earlier than 0:3.0.11-2.el5_3 AND xulrunner is earlier than 0:1.9.0.11-3.el5_3

Definition Id: oval:org.mitre.oval:def:9803

Oval ID:	oval:org.mitre.oval:def:9803
Title:	Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.
Description:	Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1835	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.9-0.38.el3 AND seamonkey-js-debugger is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nss-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nspr-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey-mail is earlier than 0:1.0.9-0.38.el3 AND seamonkey-chat is earlier than 0:1.0.9-0.38.el3 AND seamonkey-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey-dom-inspector is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nss is earlier than 0:1.0.9-0.38.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section firefox is earlier than 0:3.0.11-4.el4 AND seamonkey-mail is earlier than 0:1.0.9-43.el4_8 AND seamonkey-js-debugger is earlier than 0:1.0.9-43.el4_8 AND seamonkey-chat is earlier than 0:1.0.9-43.el4_8 AND seamonkey-dom-inspector is earlier than 0:1.0.9-43.el4_8 AND seamonkey-devel is earlier than 0:1.0.9-43.el4_8 AND seamonkey is earlier than 0:1.0.9-43.el4_8 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.11-3.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.11-3.el5_3 AND firefox is earlier than 0:3.0.11-2.el5_3 AND xulrunner is earlier than 0:1.9.0.11-3.el5_3

Definition Id: oval:org.mitre.oval:def:11764

Oval ID:	oval:org.mitre.oval:def:11764
Title:	Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Description:	Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1836	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND firefox is earlier than 0:3.0.11-4.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.11-3.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.11-3.el5_3 AND firefox is earlier than 0:3.0.11-2.el5_3 AND thunderbird is earlier than 0:2.0.0.22-2.el5_3 AND xulrunner is earlier than 0:1.9.0.11-3.el5_3

Definition Id: oval:org.mitre.oval:def:10628

Oval ID:	oval:org.mitre.oval:def:10628
Title:	Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
Description:	Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1837	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND firefox is earlier than 0:3.0.11-4.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.11-3.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.11-3.el5_3 AND firefox is earlier than 0:3.0.11-2.el5_3 AND xulrunner is earlier than 0:1.9.0.11-3.el5_3

Definition Id: oval:org.mitre.oval:def:11080

Oval ID:	oval:org.mitre.oval:def:11080
Title:	The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
Description:	The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1838	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.9-0.38.el3 AND seamonkey-js-debugger is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nss-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nspr-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey-mail is earlier than 0:1.0.9-0.38.el3 AND seamonkey-chat is earlier than 0:1.0.9-0.38.el3 AND seamonkey-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey-dom-inspector is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nss is earlier than 0:1.0.9-0.38.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section seamonkey-js-debugger is earlier than 0:1.0.9-43.el4_8 AND thunderbird is earlier than 0:1.5.0.12-23.el4 AND seamonkey is earlier than 0:1.0.9-43.el4_8 AND firefox is earlier than 0:3.0.11-4.el4 AND seamonkey-mail is earlier than 0:1.0.9-43.el4_8 AND seamonkey-chat is earlier than 0:1.0.9-43.el4_8 AND seamonkey-devel is earlier than 0:1.0.9-43.el4_8 AND seamonkey-dom-inspector is earlier than 0:1.0.9-43.el4_8 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.11-3.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.11-3.el5_3 AND firefox is earlier than 0:3.0.11-2.el5_3 AND thunderbird is earlier than 0:2.0.0.22-2.el5_3 AND xulrunner is earlier than 0:1.9.0.11-3.el5_3

Definition Id: oval:org.mitre.oval:def:9256

Oval ID:	oval:org.mitre.oval:def:9256
Title:	Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.
Description:	Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1839	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND firefox is earlier than 0:3.0.11-4.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.11-3.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.11-3.el5_3 AND firefox is earlier than 0:3.0.11-2.el5_3 AND xulrunner is earlier than 0:1.9.0.11-3.el5_3

Definition Id: oval:org.mitre.oval:def:9448

Oval ID:	oval:org.mitre.oval:def:9448
Title:	Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.
Description:	Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1840	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND firefox is earlier than 0:3.0.11-4.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.11-3.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.11-3.el5_3 AND firefox is earlier than 0:3.0.11-2.el5_3 AND xulrunner is earlier than 0:1.9.0.11-3.el5_3

Definition Id: oval:org.mitre.oval:def:9815

Oval ID:	oval:org.mitre.oval:def:9815
Title:	js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.
Description:	js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-1841	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.9-0.38.el3 AND seamonkey-js-debugger is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nss-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nspr-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey-mail is earlier than 0:1.0.9-0.38.el3 AND seamonkey-chat is earlier than 0:1.0.9-0.38.el3 AND seamonkey-devel is earlier than 0:1.0.9-0.38.el3 AND seamonkey-dom-inspector is earlier than 0:1.0.9-0.38.el3 AND seamonkey-nss is earlier than 0:1.0.9-0.38.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section firefox is earlier than 0:3.0.11-4.el4 AND seamonkey-mail is earlier than 0:1.0.9-43.el4_8 AND seamonkey-js-debugger is earlier than 0:1.0.9-43.el4_8 AND seamonkey-chat is earlier than 0:1.0.9-43.el4_8 AND seamonkey-dom-inspector is earlier than 0:1.0.9-43.el4_8 AND seamonkey-devel is earlier than 0:1.0.9-43.el4_8 AND seamonkey is earlier than 0:1.0.9-43.el4_8 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.11-3.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.11-3.el5_3 AND firefox is earlier than 0:3.0.11-2.el5_3 AND xulrunner is earlier than 0:1.9.0.11-3.el5_3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mozilla Firefox cpe:/a:mozilla:firefox:3.1:beta1 cpe:/a:mozilla:firefox:3.0beta5 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0:beta5 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:3.0:beta2 cpe:/a:mozilla:firefox:3.0:alpha cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.21 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0_8 cpe:/a:mozilla:firefox:2.0_.9 cpe:/a:mozilla:firefox:2.0_.7 cpe:/a:mozilla:firefox:2.0_.6 cpe:/a:mozilla:firefox:2.0_.5 cpe:/a:mozilla:firefox:2.0_.4 cpe:/a:mozilla:firefox:2.0_.10 cpe:/a:mozilla:firefox:2.0_.1 cpe:/a:mozilla:firefox:2.0:rc3 cpe:/a:mozilla:firefox:2.0:beta1 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:2.0:rc2 cpe:/a:mozilla:firefox:2.0:beta_1 cpe:/a:mozilla:firefox:1.8 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.4.1 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.6::linux cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0:preview_release cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:firefox:0.9_rc cpe:/a:mozilla:firefox:0.9 cpe:/a:mozilla:firefox:0.9:rc cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:0.7.1 cpe:/a:mozilla:firefox:0.7 cpe:/a:mozilla:firefox:0.6.1 cpe:/a:mozilla:firefox:0.6 cpe:/a:mozilla:firefox:0.5 cpe:/a:mozilla:firefox:0.4 cpe:/a:mozilla:firefox:0.3 cpe:/a:mozilla:firefox:0.2 cpe:/a:mozilla:firefox:0.10.1 cpe:/a:mozilla:firefox:0.10 cpe:/a:mozilla:firefox:0.1 cpe:/a:mozilla:firefox:preview_release cpe:/a:mozilla:firefox	106
Application	Mozilla Seamonkey cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.5:1.1.10 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1::beta cpe:/a:mozilla:seamonkey:1.1::alpha cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.0.99 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0::alpha cpe:/a:mozilla:seamonkey:1.0::beta cpe:/a:mozilla:seamonkey:1.0::dev cpe:/a:mozilla:seamonkey	33
Application	Mozilla Thunderbird cpe:/a:mozilla:thunderbird:2.0.14 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.15 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.13 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.11 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0_8 cpe:/a:mozilla:thunderbird:2.0_.9 cpe:/a:mozilla:thunderbird:2.0_.6 cpe:/a:mozilla:thunderbird:2.0_.5 cpe:/a:mozilla:thunderbird:2.0_.4 cpe:/a:mozilla:thunderbird:2.0_.14 cpe:/a:mozilla:thunderbird:2.0_.13 cpe:/a:mozilla:thunderbird:2.0_.12 cpe:/a:mozilla:thunderbird:1.7.3 cpe:/a:mozilla:thunderbird:1.7.1 cpe:/a:mozilla:thunderbird:1.5.2 cpe:/a:mozilla:thunderbird:1.5.1 cpe:/a:mozilla:thunderbird:1.5.0.9 cpe:/a:mozilla:thunderbird:1.5.0.8 cpe:/a:mozilla:thunderbird:1.5.0.7 cpe:/a:mozilla:thunderbird:1.5.0.6 cpe:/a:mozilla:thunderbird:1.5.0.5 cpe:/a:mozilla:thunderbird:1.5.0.4 cpe:/a:mozilla:thunderbird:1.5.0.3 cpe:/a:mozilla:thunderbird:1.5.0.2 cpe:/a:mozilla:thunderbird:1.5.0.14 cpe:/a:mozilla:thunderbird:1.5.0.13 cpe:/a:mozilla:thunderbird:1.5.0.12 cpe:/a:mozilla:thunderbird:1.5.0.11 cpe:/a:mozilla:thunderbird:1.5.0.10 cpe:/a:mozilla:thunderbird:1.5.0.1 cpe:/a:mozilla:thunderbird:1.5:beta2 cpe:/a:mozilla:thunderbird:1.5 cpe:/a:mozilla:thunderbird:1.0.8 cpe:/a:mozilla:thunderbird:1.0.7 cpe:/a:mozilla:thunderbird:1.0.6 cpe:/a:mozilla:thunderbird:1.0.5:beta cpe:/a:mozilla:thunderbird:1.0.5 cpe:/a:mozilla:thunderbird:1.0.4 cpe:/a:mozilla:thunderbird:1.0.3 cpe:/a:mozilla:thunderbird:1.0.2 cpe:/a:mozilla:thunderbird:1.0.1 cpe:/a:mozilla:thunderbird:1.0 cpe:/a:mozilla:thunderbird:0.9 cpe:/a:mozilla:thunderbird:0.8 cpe:/a:mozilla:thunderbird:0.7.3 cpe:/a:mozilla:thunderbird:0.7.2 cpe:/a:mozilla:thunderbird:0.7.1 cpe:/a:mozilla:thunderbird:0.7 cpe:/a:mozilla:thunderbird:0.6 cpe:/a:mozilla:thunderbird:0.5 cpe:/a:mozilla:thunderbird:0.4 cpe:/a:mozilla:thunderbird:0.3 cpe:/a:mozilla:thunderbird:0.2 cpe:/a:mozilla:thunderbird:0.1 cpe:/a:mozilla:thunderbird	71

Open Source Vulnerability Database (OSVDB)

id	Description
56484	Mozilla Firefox iFrame HTTP / HTTPS Content Detection Weakness
56471	Mozilla Firefox on Linux BODY Element BACKGROUND Attribute Handling DoS
55197	Mozilla Firefox nsViewManager.cpp TinyMCE Interaction Remote DoS
55164	Mozilla Firefox xul.dll nsJSNPRuntime.cpp NPObjWrapper_NewResolve Function Ra...
55163	Mozilla Firefox Location Bar file: URL Principal Assocation Access Restrictio...
55162	Mozilla Multiple Products Invalid Unicode Character Title Bar Spoofing
55161	Mozilla Multiple Products file: Resource Cross Domain Arbitrary Cookie Access
55160	Mozilla Multiple Products Proxy Server CONNECT Response Manipulation SSL MiTM...
55159	Mozilla Multiple Products xpcwrappedjsclass.cpp JavaScript Chrome Privilege E...
55158	Mozilla Multiple Products XUL Document Script Loading Content Policy Bypass
55157	Mozilla Multiple Products Garbage-collection Implementation Crafted Event Han...
55155	Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption
55154	Mozilla Multiple Products JavaScript Engine jsinterp.c c.hasOwnProperty Memor...
55153	Mozilla Multiple Products JavaScript Engine jsxml.c ParseXMLSource Memory Cor...
55152	Mozilla Multiple Products JavaScript Engine js_LeaveSharpObject Memory Corrup...
55148	Mozilla Multiple Products Double Frame Construction Memory Corruption
55147	Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corruption
55146	Mozilla Multiple Products Browser Engine xulrunner nsWindow::SetCursor Functi...
55145	Mozilla Multiple Products Browser Engine nsHTMLEditor::HideResizers contentEd...
55144	Mozilla Multiple Products Browser Engine AtomTableClearEntry Multiple Method ...
55143	Mozilla Multiple Products Browser Engine nsListBoxBodyFrame::GetNextItemBox x...
55142	Mozilla Multiple Products Browser Engine PL_DHashTableFinish style Tag Handli...
55141	Mozilla Multiple Products Browser Engine IsPercentageAware Function Memory Co...
55140	Mozilla Multiple Products Browser Engine nsTextFrame::ClearTextRun Accessibil...
55139	Mozilla Multiple Products Browser Engine UnhookTextRunFromFrames / ClearAllTe...
55138	Mozilla Multiple Products Browser Engine nsEventStateManager::GetContentState...
55133	Mozilla Firefox HTTP Host Header Proxy Server CONNECT Response Document Conte...

Type	Count
Oval ID(s)	11
CPE ID(s)	210
osvdb(s)	27

Related	Severity
CVE-2009-2061	(Critical)
CVE-2009-1841	(Critical)
CVE-2009-1840	(Critical)
CVE-2009-1838	(Critical)
CVE-2009-1837	(Critical)
CVE-2009-1833	(Critical)
CVE-2009-1832	(Critical)
CVE-2009-1392	(Critical)
CVE-2009-2065	(Medium)
CVE-2009-1836	(Medium)
CVE-2009-1839	(Medium)
CVE-2009-2044	(Medium)
CVE-2009-2043	(Medium)
CVE-2009-1835	(Medium)
CVE-2009-1834	(Medium)