Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2009:185 | First vendor Publication | 2009-07-30 |
| Vendor | Mandriva | Last vendor Modification | 2009-07-30 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Security vulnerabilities have been discovered and corrected in Mozilla Firefox 3.0.x: Several flaws in Firefox browser and javascript engine could allow a malicious site to cause a denial-of-service of possibly remote code execution (CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838, CVE-2009-1841, CVE-2009-2043, CVE-2009-2044). Several flaws were discovered in Firefox which could lead to information disclosure and security bypass (CVE-2009-1834, CVE-2009-1835, CVE-2009-1836, CVE-2009-1839, CVE-2009-1840). Several flaws were discovered in the Firefox browser and JavaScript engines, which could allow a malicious website to cause a denial of service or possibly execute arbitrary code with user privileges. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2468) Attila Suszter discovered a flaw in the way Firefox processed Flash content, which could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2467) It was discovered that Firefox did not properly handle some SVG content, which could lead to a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-2469) A flaw was discovered in the JavaScript engine which could be used to perform cross-site scripting attacks. (CVE-2009-2472) This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:185 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 23 % | CWE-399 | Resource Management Errors |
| 23 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 14 % | CWE-20 | Improper Input Validation |
| 9 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 9 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 5 % | CWE-416 | Use After Free |
| 5 % | CWE-362 | Race Condition |
| 5 % | CWE-287 | Improper Authentication |
| 5 % | CWE-200 | Information Exposure |
| 5 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10030 | |||
| Oval ID: | oval:org.mitre.oval:def:10030 | ||
| Title: | Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation. | ||
| Description: | Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2469 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10237 | |||
| Oval ID: | oval:org.mitre.oval:def:10237 | ||
| Title: | Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." | ||
| Description: | Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1832 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10369 | |||
| Oval ID: | oval:org.mitre.oval:def:10369 | ||
| Title: | Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows. | ||
| Description: | Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2463 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10402 | |||
| Oval ID: | oval:org.mitre.oval:def:10402 | ||
| Title: | Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function. | ||
| Description: | Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2465 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10436 | |||
| Oval ID: | oval:org.mitre.oval:def:10436 | ||
| Title: | Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters. | ||
| Description: | Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1834 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10473 | |||
| Oval ID: | oval:org.mitre.oval:def:10473 | ||
| Title: | Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object. | ||
| Description: | Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2467 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10628 | |||
| Oval ID: | oval:org.mitre.oval:def:10628 | ||
| Title: | Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. | ||
| Description: | Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1837 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10906 | |||
| Oval ID: | oval:org.mitre.oval:def:10906 | ||
| Title: | The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition. | ||
| Description: | The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2462 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11080 | |||
| Oval ID: | oval:org.mitre.oval:def:11080 | ||
| Title: | The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. | ||
| Description: | The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1838 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11487 | |||
| Oval ID: | oval:org.mitre.oval:def:11487 | ||
| Title: | The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1833 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11764 | |||
| Oval ID: | oval:org.mitre.oval:def:11764 | ||
| Title: | Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | ||
| Description: | Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1836 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13378 | |||
| Oval ID: | oval:org.mitre.oval:def:13378 | ||
| Title: | DSA-1830-1 icedove -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0040 The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialised pointer in the png_read_png function, pCAL chunk handling, or setup of 16-bit gamma tables. CVE-2009-0352 It is possible to execute arbitrary code via vectors related to the layout engine. CVE-2009-0353 It is possible to execute arbitrary code via vectors related to the JavaScript engine. CVE-2009-0652 Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalised domain names. CVE-2009-0771 Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. CVE-2009-0772 The layout engine allows the execution of arbitrary code ia vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. CVE-2009-0773 The JavaScript engine is prone to the execution of arbitrary code via several vectors. CVE-2009-0774 The layout engine allows the execution of arbitrary code via vectors related to gczeal. CVE-2009-0776 Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. CVE-2009-1302 The browser engine is prone to a possible memory corruption via several vectors. CVE-2009-1303 The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. CVE-2009-1307 Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. CVE-2009-1832 The possible arbitrary execution of code was discovered via vectors involving "double frame construction." CVE-2009-1392 Several issues were discovered in the browser engine as used by icedove, which could lead to the possible execution of arbitrary code. CVE-2009-1836 Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. CVE-2009-1838 moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. CVE-2009-1841 moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. No CVE id yet Bernd Jendrissek discovered a potentially exploitable crash when viewing a multipart/alternative mail message with a text/enhanced part. For the stable distribution, these problems have been fixed in version 2.0.0.22-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported mail client. For the testing distribution these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 2.0.0.22-1. We recommend that you upgrade your icedove packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1830-1 CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1302 CVE-2009-1303 CVE-2009-1307 CVE-2009-1832 CVE-2009-1392 CVE-2009-1836 CVE-2009-1838 CVE-2009-1841 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13425 | |||
| Oval ID: | oval:org.mitre.oval:def:13425 | ||
| Title: | DSA-1820-1 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1392 Several issues in the browser engine have been discovered, which can result in the execution of arbitrary code. CVE-2009-1832 It is possible to execute arbitrary code via vectors involving "double frame construction." CVE-2009-1833 Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript engine, which could lead to the execution of arbitrary code. CVE-2009-1834 Pavel Cvrcek discovered a potential issue leading to a spoofing attack on the location bar related to certain invalid unicode characters. CVE-2009-1835 Gregory Fleischer discovered that it is possible to read arbitrary cookies via a crafted HTML document. CVE-2009-1836 Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. CVE-2009-1837 Jakob Balle and Carsten Eiram reported a race condition in the NPObjWrapper_NewResolve function that can be used to execute arbitrary code. CVE-2009-1838 moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. CVE-2009-1839 Adam Barth and Collin Jackson reported a potential privilege escalation when loading a file::resource via the location bar. CVE-2009-1840 Wladimir Palant discovered that it is possible to bypass access restrictions due to a lack of content policy check, when loading a script file into a XUL document. CVE-2009-1841 moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object’s chrome privileges. For the stable distribution, these problems have been fixed in version 1.9.0.11-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 1.9.0.11-1. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1820-1 CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13598 | |||
| Oval ID: | oval:org.mitre.oval:def:13598 | ||
| Title: | DSA-1931-1 nspr -- several | ||
| Description: | Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1563 A programming error in the string handling code may lead to the execution of arbitrary code. CVE-2009-2463 An integer overflow in the Base64 decoding functions may lead to the execution of arbitrary code. The old stable distribution doesn’t contain nspr. For the stable distribution, these problems have been fixed in version 4.7.1-5. For the unstable distribution these problems have been fixed in version 4.8.2-1. We recommend that you upgrade your NSPR packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1931-1 CVE-2009-1563 CVE-2009-2463 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nspr |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13773 | |||
| Oval ID: | oval:org.mitre.oval:def:13773 | ||
| Title: | DSA-1840-1 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2462 Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay and Blake Kaplan disocvered several issues in the browser engine that could potentially lead to the execution of arbitrary code. CVE-2009-2463 monarch2020 reported an integer overflow in a base64 decoding function. CVE-2009-2464 Christophe Charron reported a possibly exploitable crash occuring when multiple RDF files were loaded in a XUL tree element. CVE-2009-2465 Yongqian Li reported that an unsafe memory condition could be created by specially crafted document. CVE-2009-2466 Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten Book discovered several issues in the JavaScript engine that could possibly lead to the execution of arbitrary JavaScript. CVE-2009-2467 Attila Suszter discovered an issue related to a specially crafted Flash object, which could be used to run arbitrary code. CVE-2009-2469 PenPal discovered that it is possible to execute arbitrary code via a specially crafted SVG element. CVE-2009-2471 Blake Kaplan discovered a flaw in the JavaScript engine that might allow an attacker to execute arbitrary JavaScript with chrome privileges. CVE-2009-2472 moz_bug_r_a4 discovered an issue in the JavaScript engine that could be used to perform cross-site scripting attacks. For the stable distribution, these problems have been fixed in version 1.9.0.12-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 1.9.0.12-1. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1840-1 CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2471 CVE-2009-2472 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14001 | |||
| Oval ID: | oval:org.mitre.oval:def:14001 | ||
| Title: | USN-782-1 -- thunderbird vulnerabilities | ||
| Description: | Several flaws were discovered in the JavaScript engine of Thunderbird. If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the way Thunderbird processed malformed URI schemes. If a user were tricked into viewing a malicious website and had JavaScript and plugins enabled, a remote attacker could execute arbitrary JavaScript or steal private data. Cefn Hoile discovered Thunderbird did not adequately protect against embedded third-party stylesheets. If JavaScript were enabled, an attacker could exploit this to perform script injection attacks using XBL bindings. Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Thunderbird did not properly handle error responses when connecting to a proxy server. If a user had JavaScript enabled while using Thunderbird to view websites and a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. It was discovered that Thunderbird could be made to run scripts with elevated privileges. If a user had JavaScript enabled while having certain non-default add-ons installed and were tricked into viewing a malicious website, an attacker could cause a chrome privileged object, such as the browser sidebar, to run arbitrary code via interactions with the attacker controlled website | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-782-1 CVE-2009-1303 CVE-2009-1305 CVE-2009-1392 CVE-2009-1833 CVE-2009-1838 CVE-2009-1306 CVE-2009-1307 CVE-2009-1309 CVE-2009-1308 CVE-2009-1836 CVE-2009-1841 | Version: | 5 |
| Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22817 | |||
| Oval ID: | oval:org.mitre.oval:def:22817 | ||
| Title: | ELSA-2009:1095: firefox security update (Critical) | ||
| Description: | js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1095-01 CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 | Version: | 49 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:29396 | |||
| Oval ID: | oval:org.mitre.oval:def:29396 | ||
| Title: | RHSA-2009:1095 -- firefox security update (Critical) | ||
| Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838, CVE-2009-1841) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1095 CESA-2009:1095-CentOS 5 CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7832 | |||
| Oval ID: | oval:org.mitre.oval:def:7832 | ||
| Title: | DSA-1840 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay and Blake Kaplan discovered several issues in the browser engine that could potentially lead to the execution of arbitrary code. (MFSA 2009-34) monarch2020 reported an integer overflow in a base64 decoding function. (MFSA 2009-34) Christophe Charron reported a possibly exploitable crash occuring when multiple RDF files were loaded in a XUL tree element. (MFSA 2009-34) Yongqian Li reported that an unsafe memory condition could be created by specially crafted document. (MFSA 2009-34) Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten Book discovered several issues in the JavaScript engine that could possibly lead to the execution of arbitrary JavaScript. (MFSA 2009-34) Attila Suszter discovered an issue related to a specially crafted Flash object, which could be used to run arbitrary code. (MFSA 2009-35) PenPal discovered that it is possible to execute arbitrary code via a specially crafted SVG element. (MFSA 2009-37) Blake Kaplan discovered a flaw in the JavaScript engine that might allow an attacker to execute arbitrary JavaScript with chrome privileges. (MFSA 2009-39) moz_bug_r_a4 discovered an issue in the JavaScript engine that could be used to perform cross-site scripting attacks. (MFSA 2009-40) | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1840 CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2471 CVE-2009-2472 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7872 | |||
| Oval ID: | oval:org.mitre.oval:def:7872 | ||
| Title: | DSA-1820 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Several issues in the browser engine have been discovered, which can result in the execution of arbitrary code. (MFSA 2009-24) It is possible to execute arbitrary code via vectors involving "double frame construction." (MFSA 2009-24) Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript engine, which could lead to the execution of arbitrary code. (MFSA 2009-24) Pavel Cvrcek discovered a potential issue leading to a spoofing attack on the location bar related to certain invalid unicode characters. (MFSA 2009-25) Gregory Fleischer discovered that it is possible to read arbitrary cookies via a crafted HTML document. (MFSA 2009-26) Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. (MFSA 2009-27) Jakob Balle and Carsten Eiram reported a race condition in the NPObjWrapper_NewResolve function that can be used to execute arbitrary code. (MFSA 2009-28) moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. (MFSA 2009-29) Adam Barth and Collin Jackson reported a potential privilege escalation when loading a file::resource via the location bar. (MFSA 2009-30) Wladimir Palant discovered that it is possible to bypass access restrictions due to a lack of content policy check, when loading a script file into a XUL document. (MFSA 2009-31) moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. (MFSA 2009-32) | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1820 CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8036 | |||
| Oval ID: | oval:org.mitre.oval:def:8036 | ||
| Title: | DSA-1830 icedove -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialised pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. (MFSA 2009-10) It is possible to execute arbitrary code via vectors related to the layout engine. (MFSA 2009-01) It is possible to execute arbitrary code via vectors related to the JavaScript engine. (MFSA 2009-01) Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalised domain names. (MFSA 2009-15) Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. (MFSA 2009-07) The layout engine allows the execution of arbitrary code in vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. (MFSA 2009-07) The JavaScript engine is prone to the execution of arbitrary code via several vectors. (MFSA 2009-07) The layout engine allows the execution of arbitrary code via vectors related to gczeal. (MFSA 2009-07) Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. (MFSA 2009-09) The browser engine is prone to a possible memory corruption via several vectors. (MFSA 2009-14) The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. (MFSA 2009-14) Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. (MFSA 2009-17) The possible arbitrary execution of code was discovered via vectors involving "double frame construction." (MFSA 2009-24) Several issues were discovered in the browser engine as used by icedove, which could lead to the possible execution of arbitrary code. (MFSA 2009-24) Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. (MFSA 2009-27) moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage collection implementation. (MFSA 2009-29) moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. (MFSA 2009-32) Bernd Jendrissek discovered a potentially exploitable crash when viewing a multipart/alternative mail message with a text/enhanced part. (MFSA 2009-33) | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1830 CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1302 CVE-2009-1303 CVE-2009-1307 CVE-2009-1832 CVE-2009-1392 CVE-2009-1836 CVE-2009-1838 CVE-2009-1841 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8171 | |||
| Oval ID: | oval:org.mitre.oval:def:8171 | ||
| Title: | DSA-1931 nspr -- several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: A programming error in the string handling code may lead to the execution of arbitrary code. An integer overflow in the Base64 decoding functions may lead to the execution of arbitrary code. The old stable distribution (etch) doesn't contain nspr. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1931 CVE-2009-1563 CVE-2009-2463 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nspr |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9256 | |||
| Oval ID: | oval:org.mitre.oval:def:9256 | ||
| Title: | Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack. | ||
| Description: | Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1839 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9448 | |||
| Oval ID: | oval:org.mitre.oval:def:9448 | ||
| Title: | Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page. | ||
| Description: | Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1840 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9497 | |||
| Oval ID: | oval:org.mitre.oval:def:9497 | ||
| Title: | Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." | ||
| Description: | Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2472 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9501 | |||
| Oval ID: | oval:org.mitre.oval:def:9501 | ||
| Title: | The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors. | ||
| Description: | The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1392 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9594 | |||
| Oval ID: | oval:org.mitre.oval:def:9594 | ||
| Title: | The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element. | ||
| Description: | The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2464 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9803 | |||
| Oval ID: | oval:org.mitre.oval:def:9803 | ||
| Title: | Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning. | ||
| Description: | Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1835 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9815 | |||
| Oval ID: | oval:org.mitre.oval:def:9815 | ||
| Title: | js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | ||
| Description: | js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1841 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9820 | |||
| Oval ID: | oval:org.mitre.oval:def:9820 | ||
| Title: | The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT. | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2466 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386 File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1163 centos3 i386 File : nvt/gb_CESA-2009_1163_seamonkey_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:1162 centos5 i386 File : nvt/gb_CESA-2009_1162_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:1126 centos5 i386 File : nvt/gb_CESA-2009_1126_thunderbird_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1096 centos3 i386 File : nvt/gb_CESA-2009_1096_seamonkey_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:1095 centos5 i386 File : nvt/gb_CESA-2009_1095_firefox_centos5_i386.nasl |
| 2010-05-12 | Name : Mac OS X Security Update 2009-005 File : nvt/macosx_secupd_2009-005.nasl |
| 2010-04-29 | Name : Fedora Update for seamonkey FEDORA-2010-7100 File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl |
| 2010-04-06 | Name : Debian Security Advisory DSA 2025-1 (icedove) File : nvt/deb_2025_1.nasl |
| 2010-03-30 | Name : FreeBSD Ports: seamonkey, linux-seamonkey File : nvt/freebsd_seamonkey.nasl |
| 2010-03-22 | Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1 File : nvt/gb_ubuntu_USN_915_1.nasl |
| 2010-03-22 | Name : RedHat Update for thunderbird RHSA-2010:0154-02 File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl |
| 2010-03-22 | Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386 File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl |
| 2009-11-11 | Name : Debian Security Advisory DSA 1931-1 (nspr) File : nvt/deb_1931_1.nasl |
| 2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox3.nasl |
| 2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox4.nasl |
| 2009-10-10 | Name : SLES9: Security update for epiphany File : nvt/sles9p5059920.nasl |
| 2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:185 (firefox) File : nvt/mdksa_2009_185.nasl |
| 2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:182 (firefox) File : nvt/mdksa_2009_182.nasl |
| 2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7614 (seamonkey) File : nvt/fcore_2009_7614.nasl |
| 2009-07-29 | Name : CentOS Security Advisory CESA-2009:1163 (seamonkey) File : nvt/ovcesa2009_1163.nasl |
| 2009-07-29 | Name : CentOS Security Advisory CESA-2009:1162 (firefox) File : nvt/ovcesa2009_1162.nasl |
| 2009-07-29 | Name : Ubuntu USN-805-1 (ruby1.9) File : nvt/ubuntu_805_1.nasl |
| 2009-07-29 | Name : SuSE Security Advisory SUSE-SA:2009:039 (MozillaFirefox) File : nvt/suse_sa_2009_039.nasl |
| 2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1162 File : nvt/RHSA_2009_1162.nasl |
| 2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1163 File : nvt/RHSA_2009_1163.nasl |
| 2009-07-29 | Name : Debian Security Advisory DSA 1830-1 (icedove) File : nvt/deb_1830_1.nasl |
| 2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7567 (seamonkey) File : nvt/fcore_2009_7567.nasl |
| 2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7961 (blam) File : nvt/fcore_2009_7961.nasl |
| 2009-07-29 | Name : Ubuntu USN-798-1 (xulrunner-1.9) File : nvt/ubuntu_798_1.nasl |
| 2009-07-29 | Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl |
| 2009-07-29 | Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl |
| 2009-07-29 | Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl |
| 2009-07-29 | Name : Debian Security Advisory DSA 1840-1 (xulrunner) File : nvt/deb_1840_1.nasl |
| 2009-07-23 | Name : Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Win) File : nvt/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl |
| 2009-07-23 | Name : Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Linux) File : nvt/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl |
| 2009-07-23 | Name : Mozilla Firefox Multiple Vulnerabilities July-09 (Win) File : nvt/secpod_firefox_mult_vuln_jul09_win.nasl |
| 2009-07-23 | Name : Mozilla Firefox Multiple Vulnerabilities July-09 (Linux) File : nvt/secpod_firefox_mult_vuln_jul09_lin.nasl |
| 2009-07-23 | Name : Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Win) File : nvt/secpod_firefox_code_exec_vuln_jul09_win.nasl |
| 2009-07-23 | Name : Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Linux) File : nvt/secpod_firefox_code_exec_vuln_jul09_lin.nasl |
| 2009-06-30 | Name : Ubuntu USN-782-1 (thunderbird) File : nvt/ubuntu_782_1.nasl |
| 2009-06-30 | Name : Ubuntu USN-792-1 (openssl) File : nvt/ubuntu_792_1.nasl |
| 2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1126 File : nvt/RHSA_2009_1126.nasl |
| 2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1125 File : nvt/RHSA_2009_1125.nasl |
| 2009-06-30 | Name : Mandrake Security Advisory MDVSA-2009:141 (mozilla-thunderbird) File : nvt/mdksa_2009_141.nasl |
| 2009-06-30 | Name : CentOS Security Advisory CESA-2009:1126 (thunderbird) File : nvt/ovcesa2009_1126.nasl |
| 2009-06-23 | Name : Debian Security Advisory DSA 1820-1 (xulrunner) File : nvt/deb_1820_1.nasl |
| 2009-06-23 | Name : CentOS Security Advisory CESA-2009:1095 (firefox) File : nvt/ovcesa2009_1095.nasl |
| 2009-06-23 | Name : Fedora Core 9 FEDORA-2009-6411 (firefox) File : nvt/fcore_2009_6411.nasl |
| 2009-06-23 | Name : Fedora Core 10 FEDORA-2009-6366 (firefox) File : nvt/fcore_2009_6366.nasl |
| 2009-06-23 | Name : Mandrake Security Advisory MDVSA-2009:134 (firefox) File : nvt/mdksa_2009_134.nasl |
| 2009-06-23 | Name : SuSE Security Advisory SUSE-SA:2009:034 (MozillaFirefox) File : nvt/suse_sa_2009_034.nasl |
| 2009-06-23 | Name : Ubuntu USN-779-1 (xulrunner-1.9) File : nvt/ubuntu_779_1.nasl |
| 2009-06-16 | Name : Mozilla Seamonkey Multiple Vulnerability Jun-09 (Win) File : nvt/gb_seamonkey_mult_vuln_jun09_win.nasl |
| 2009-06-16 | Name : Mozilla Thunderbird Multiple Vulnerability Jun-09 (Win) File : nvt/gb_thunderbird_mult_vuln_jun09_win.nasl |
| 2009-06-16 | Name : Mozilla Thunderbird Multiple Vulnerability Jun-09 (Linux) File : nvt/gb_thunderbird_mult_vuln_jun09_lin.nasl |
| 2009-06-16 | Name : Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux) File : nvt/gb_seamonkey_mult_vuln_jun09_lin.nasl |
| 2009-06-16 | Name : Mozilla Firefox Multiple Vulnerability Jun-09 (Win) File : nvt/gb_firefox_mult_vuln_jun09_win.nasl |
| 2009-06-16 | Name : Mozilla Firefox Multiple Vulnerability Jun-09 (Linux) File : nvt/gb_firefox_mult_vuln_jun09_lin.nasl |
| 2009-06-15 | Name : CentOS Security Advisory CESA-2009:1096 (seamonkey) File : nvt/ovcesa2009_1096.nasl |
| 2009-06-15 | Name : RedHat Security Advisory RHSA-2009:1095 File : nvt/RHSA_2009_1095.nasl |
| 2009-06-15 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox39.nasl |
| 2009-06-15 | Name : RedHat Security Advisory RHSA-2009:1096 File : nvt/RHSA_2009_1096.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-178-01 mozilla-thunderbird File : nvt/esoft_slk_ssa_2009_178_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-176-01 seamonkey File : nvt/esoft_slk_ssa_2009_176_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-167-01 mozilla-firefox File : nvt/esoft_slk_ssa_2009_167_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 56471 | Mozilla Firefox on Linux BODY Element BACKGROUND Attribute Handling DoS |
| 56385 | Apple Mac OS X CoreGraphics Font Glyph Rendering Overflow |
| 56232 | Mozilla Firefox Multiple Method XPCCrossOriginWrapper Bypass |
| 56230 | Mozilla Multiple Products Base64 Decoding Unspecified DoS |
| 56229 | Mozilla Multiple Products nsXULTemplateQueryProcessorRDF::CheckIsSeparator XU... |
| 56228 | Mozilla Multiple Products Double Frame Element Construction Memory Corruption |
| 56227 | Mozilla Firefox Slow Script Dialog Navigation Flash Unloading Arbitrary Code ... |
| 56226 | Mozilla Firefox SVG Element watch / __defineSetter__ Functions Memory Corruption |
| 56225 | Mozilla Multiple Products JavaScript Engine MirrorWrappedNativeParent Functio... |
| 56224 | Mozilla Multiple Products Unspecified Stack Corruption Arbitrary Code Execution |
| 56223 | Mozilla Multiple Products JS_HashTableRawLookup Function DoS |
| 56222 | Mozilla Multiple Products Browser Engine Frame Handling Multiple Function DoS |
| 56221 | Mozilla Multiple Products Browser Engine nsDOMOfflineResourceList Event Dispa... |
| 56220 | Mozilla Multiple Products Browser Engine Bidi Resolver Document Reflow DoS |
| 56219 | Mozilla Multiple Products Browser Engine Frame Chain Synchronous Event Handli... |
| 56218 | Mozilla Multiple Products Browser Engine nsContentUtils::ComparePosition id A... |
| 55197 | Mozilla Firefox nsViewManager.cpp TinyMCE Interaction Remote DoS |
| 55164 | Mozilla Firefox xul.dll nsJSNPRuntime.cpp NPObjWrapper_NewResolve Function Ra... |
| 55163 | Mozilla Firefox Location Bar file: URL Principal Assocation Access Restrictio... |
| 55162 | Mozilla Multiple Products Invalid Unicode Character Title Bar Spoofing |
| 55161 | Mozilla Multiple Products file: Resource Cross Domain Arbitrary Cookie Access |
| 55160 | Mozilla Multiple Products Proxy Server CONNECT Response Manipulation SSL MiTM... |
| 55159 | Mozilla Multiple Products xpcwrappedjsclass.cpp JavaScript Chrome Privilege E... |
| 55158 | Mozilla Multiple Products XUL Document Script Loading Content Policy Bypass |
| 55157 | Mozilla Multiple Products Garbage-collection Implementation Crafted Event Han... |
| 55155 | Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption |
| 55154 | Mozilla Multiple Products JavaScript Engine jsinterp.c c.hasOwnProperty Memor... |
| 55153 | Mozilla Multiple Products JavaScript Engine jsxml.c ParseXMLSource Memory Cor... |
| 55152 | Mozilla Multiple Products JavaScript Engine js_LeaveSharpObject Memory Corrup... |
| 55148 | Mozilla Multiple Products Double Frame Construction Memory Corruption |
| 55147 | Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corruption |
| 55146 | Mozilla Multiple Products Browser Engine xulrunner nsWindow::SetCursor Functi... |
| 55145 | Mozilla Multiple Products Browser Engine nsHTMLEditor::HideResizers contentEd... |
| 55144 | Mozilla Multiple Products Browser Engine AtomTableClearEntry Multiple Method ... |
| 55143 | Mozilla Multiple Products Browser Engine nsListBoxBodyFrame::GetNextItemBox x... |
| 55142 | Mozilla Multiple Products Browser Engine PL_DHashTableFinish style Tag Handli... |
| 55141 | Mozilla Multiple Products Browser Engine IsPercentageAware Function Memory Co... |
| 55140 | Mozilla Multiple Products Browser Engine nsTextFrame::ClearTextRun Accessibil... |
| 55139 | Mozilla Multiple Products Browser Engine UnhookTextRunFromFrames / ClearAllTe... |
| 55138 | Mozilla Multiple Products Browser Engine nsEventStateManager::GetContentState... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Mozilla Firefox ConstructFrame with floating first-letter memory corruption a... RuleID : 17642 - Revision : 10 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox browser engine memory corruption attempt RuleID : 17613 - Revision : 11 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox defineSetter function pointer memory corruption attempt RuleID : 17422 - Revision : 12 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox defineSetter function pointer memory corruption attempt RuleID : 15872 - Revision : 11 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-05-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-13.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1096.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1163.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1162.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1125.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1095.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
| 2012-11-05 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090722_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-11-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090722_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090625_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090611_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090611_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090723_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090723_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090723_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090728_seamonkey_on_SL3_0.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO |
| 2010-05-20 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12616.nasl - Type : ACT_GATHER_INFO |
| 2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
| 2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO |
| 2010-04-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2025.nasl - Type : ACT_GATHER_INFO |
| 2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
| 2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
| 2010-03-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-03-19 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20024.nasl - Type : ACT_GATHER_INFO |
| 2010-03-19 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
| 2010-03-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO |
| 2010-03-19 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1119.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1840.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1830.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1931.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1162.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1095.nasl - Type : ACT_GATHER_INFO |
| 2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-6538.nasl - Type : ACT_GATHER_INFO |
| 2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-091007.nasl - Type : ACT_GATHER_INFO |
| 2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-091007.nasl - Type : ACT_GATHER_INFO |
| 2009-10-07 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12519.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-6379.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-6347.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090724.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-005.nasl - Type : ACT_GATHER_INFO |
| 2009-08-11 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4_0_3.nasl - Type : ACT_GATHER_INFO |
| 2009-07-31 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-182.nasl - Type : ACT_GATHER_INFO |
| 2009-07-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090724.nasl - Type : ACT_GATHER_INFO |
| 2009-07-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090724.nasl - Type : ACT_GATHER_INFO |
| 2009-07-24 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-7961.nasl - Type : ACT_GATHER_INFO |
| 2009-07-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1163.nasl - Type : ACT_GATHER_INFO |
| 2009-07-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-798-1.nasl - Type : ACT_GATHER_INFO |
| 2009-07-22 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3012.nasl - Type : ACT_GATHER_INFO |
| 2009-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1162.nasl - Type : ACT_GATHER_INFO |
| 2009-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1163.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO |
| 2009-07-17 | Name : The remote Windows host contains a web browser that is affected by multiple f... File : mozilla_firefox_351.nasl - Type : ACT_GATHER_INFO |
| 2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7614.nasl - Type : ACT_GATHER_INFO |
| 2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7567.nasl - Type : ACT_GATHER_INFO |
| 2009-06-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-178-01.nasl - Type : ACT_GATHER_INFO |
| 2009-06-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-141.nasl - Type : ACT_GATHER_INFO |
| 2009-06-26 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1125.nasl - Type : ACT_GATHER_INFO |
| 2009-06-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-782-1.nasl - Type : ACT_GATHER_INFO |
| 2009-06-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-176-01.nasl - Type : ACT_GATHER_INFO |
| 2009-06-23 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1117.nasl - Type : ACT_GATHER_INFO |
| 2009-06-23 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20022.nasl - Type : ACT_GATHER_INFO |
| 2009-06-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1820.nasl - Type : ACT_GATHER_INFO |
| 2009-06-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-134.nasl - Type : ACT_GATHER_INFO |
| 2009-06-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-167-01.nasl - Type : ACT_GATHER_INFO |
| 2009-06-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-6411.nasl - Type : ACT_GATHER_INFO |
| 2009-06-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-6366.nasl - Type : ACT_GATHER_INFO |
| 2009-06-15 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_da185955573811deb857000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2009-06-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-779-1.nasl - Type : ACT_GATHER_INFO |
| 2009-06-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1096.nasl - Type : ACT_GATHER_INFO |
| 2009-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1096.nasl - Type : ACT_GATHER_INFO |
| 2009-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1095.nasl - Type : ACT_GATHER_INFO |
| 2009-06-12 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3011.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2013-05-11 00:47:33 |
|
