Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2009:339 | First vendor Publication | 2009-12-22 |
Vendor | Mandriva | Last vendor Modification | 2009-12-22 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Security issues were identified and fixed in firefox 3.0.x: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3979). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3980). Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3981). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user (CVE-2009-3983). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body (CVE-2009-3984). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654 (CVE-2009-3985). Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property (CVE-2009-3986). The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects (CVE-2009-3987). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally, some packages which require so, have been rebuilt and are being provided as updates. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:339 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-200 | Information Exposure |
25 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
25 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10047 | |||
Oval ID: | oval:org.mitre.oval:def:10047 | ||
Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3983 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10956 | |||
Oval ID: | oval:org.mitre.oval:def:10956 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3979 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11568 | |||
Oval ID: | oval:org.mitre.oval:def:11568 | ||
Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3986 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13666 | |||
Oval ID: | oval:org.mitre.oval:def:13666 | ||
Title: | DSA-1956-1 xulrunner -- several | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3986: David James discovered that the window.opener property allows Chrome privilege escalation. CVE-2009-3985: Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. CVE-2009-3984: Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. CVE-2009-3983: Takehiro Takahashi discovered that the NTLM implementaion is vulnerable to reflection attacks. CVE-2009-3981: Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3979: Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 1.9.0.16-1. For the unstable distribution, these problems have been fixed in version 1.9.1.6-1. We recommend that you upgrade your xulrunner packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1956-1 CVE-2009-3986 CVE-2009-3985 CVE-2009-3984 CVE-2009-3983 CVE-2009-3981 CVE-2009-3979 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22838 | |||
Oval ID: | oval:org.mitre.oval:def:22838 | ||
Title: | ELSA-2009:1674: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1674-01 CVE-2009-3979 CVE-2009-3981 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29342 | |||
Oval ID: | oval:org.mitre.oval:def:29342 | ||
Title: | RHSA-2009:1674 -- firefox security update (Critical) | ||
Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1674 CESA-2009:1674-CentOS 5 CVE-2009-3979 CVE-2009-3981 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7038 | |||
Oval ID: | oval:org.mitre.oval:def:7038 | ||
Title: | DSA-1956 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: David James discovered that the window.opener property allows Chrome privilege escalation. Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. Takehiro Takahashi discovered that the NTLM implementation is vulnerable to reflection attacks. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1956 CVE-2009-3986 CVE-2009-3985 CVE-2009-3984 CVE-2009-3983 CVE-2009-3981 CVE-2009-3979 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7958 | |||
Oval ID: | oval:org.mitre.oval:def:7958 | ||
Title: | Mozilla Firefox and SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability | ||
Description: | The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3987 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8240 | |||
Oval ID: | oval:org.mitre.oval:def:8240 | ||
Title: | Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3983 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8379 | |||
Oval ID: | oval:org.mitre.oval:def:8379 | ||
Title: | Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3984 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8480 | |||
Oval ID: | oval:org.mitre.oval:def:8480 | ||
Title: | Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3985 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8487 | |||
Oval ID: | oval:org.mitre.oval:def:8487 | ||
Title: | Mozilla Firefox and SeaMonkey Multiple Remote Memory Corruption Vulnerabilities | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3979 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8489 | |||
Oval ID: | oval:org.mitre.oval:def:8489 | ||
Title: | Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3986 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8503 | |||
Oval ID: | oval:org.mitre.oval:def:8503 | ||
Title: | Mozilla Firefox 3.5 and SeaMonkey Multiple Remote Memory Corruption Vulnerabilities | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3980 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8523 | |||
Oval ID: | oval:org.mitre.oval:def:8523 | ||
Title: | Mozilla Firefox 3.0 and SeaMonkey Remote Memory Corruption Vulnerability | ||
Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3981 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8584 | |||
Oval ID: | oval:org.mitre.oval:def:8584 | ||
Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3981 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9686 | |||
Oval ID: | oval:org.mitre.oval:def:9686 | ||
Title: | Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. | ||
Description: | Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2654 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9791 | |||
Oval ID: | oval:org.mitre.oval:def:9791 | ||
Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3984 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9911 | |||
Oval ID: | oval:org.mitre.oval:def:9911 | ||
Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3985 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-12-18 | Mozilla Firefox Location Bar Spoofing Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1673 centos4 i386 File : nvt/gb_CESA-2009_1673_seamonkey_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1432 centos3 i386 File : nvt/gb_CESA-2009_1432_seamonkey_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1431 centos4 i386 File : nvt/gb_CESA-2009_1431_seamonkey_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1430 centos5 i386 File : nvt/gb_CESA-2009_1430_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1430 centos4 i386 File : nvt/gb_CESA-2009_1430_firefox_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1674 centos4 i386 File : nvt/gb_CESA-2009_1674_firefox_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1674 centos5 i386 File : nvt/gb_CESA-2009_1674_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386 File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl |
2010-04-29 | Name : Fedora Update for seamonkey FEDORA-2010-7100 File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl |
2010-03-30 | Name : FreeBSD Ports: seamonkey, linux-seamonkey File : nvt/freebsd_seamonkey.nasl |
2010-03-22 | Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386 File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl |
2010-03-22 | Name : RedHat Update for thunderbird RHSA-2010:0154-02 File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl |
2010-03-22 | Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1 File : nvt/gb_ubuntu_USN_915_1.nasl |
2010-01-15 | Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-877-1 File : nvt/gb_ubuntu_USN_877_1.nasl |
2010-01-15 | Name : Ubuntu Update for firefox-3.5, xulrunner-1.9.1 regression USN-878-1 File : nvt/gb_ubuntu_USN_878_1.nasl |
2009-12-30 | Name : Ubuntu USN-874-1 (xulrunner-1.9.1) File : nvt/ubuntu_874_1.nasl |
2009-12-30 | Name : Mandriva Security Advisory MDVSA-2009:339 (firefox) File : nvt/mdksa_2009_339.nasl |
2009-12-30 | Name : CentOS Security Advisory CESA-2009:1673 (seamonkey) File : nvt/ovcesa2009_1673.nasl |
2009-12-30 | Name : CentOS Security Advisory CESA-2009:1674 (firefox) File : nvt/ovcesa2009_1674.nasl |
2009-12-30 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox43.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13366 (gnome-python2-extras) File : nvt/fcore_2009_13366.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13362 (seamonkey) File : nvt/fcore_2009_13362.nasl |
2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13333 (firefox) File : nvt/fcore_2009_13333.nasl |
2009-12-30 | Name : Ubuntu USN-873-1 (xulrunner-1.9) File : nvt/ubuntu_873_1.nasl |
2009-12-30 | Name : Debian Security Advisory DSA 1956-1 (xulrunner) File : nvt/deb_1956_1.nasl |
2009-12-30 | Name : SuSE Security Advisory SUSE-SA:2009:063 (MozillaFirefox) File : nvt/suse_sa_2009_063.nasl |
2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1674 File : nvt/RHSA_2009_1674.nasl |
2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1673 File : nvt/RHSA_2009_1673.nasl |
2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_firefox_mult_vuln_dec09_win01.nasl |
2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_firefox_mult_vuln_dec09_lin02.nasl |
2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_firefox_mult_vuln_dec09_lin01.nasl |
2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_firefox_mult_vuln_dec09_win02.nasl |
2009-12-23 | Name : Seamonkey Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_seamonkey_mult_vuln_dec09_lin.nasl |
2009-12-23 | Name : Seamonkey Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_seamonkey_mult_vuln_dec09_win.nasl |
2009-12-23 | Name : Thunderbird Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_thunderbird_mult_vuln_dec09_lin.nasl |
2009-12-23 | Name : Thunderbird Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_thunderbird_mult_vuln_dec09_win.nasl |
2009-10-27 | Name : SuSE Security Advisory SUSE-SA:2009:048 (MozillaFirefox) File : nvt/suse_sa_2009_048.nasl |
2009-10-13 | Name : SLES10: Security update for Mozilla Firefox File : nvt/sles10_MozillaFirefox2.nasl |
2009-10-11 | Name : SLES11: Security update for Mozilla Firefox File : nvt/sles11_MozillaFirefox5.nasl |
2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1431 File : nvt/RHSA_2009_1431.nasl |
2009-09-15 | Name : CentOS Security Advisory CESA-2009:1432 (seamonkey) File : nvt/ovcesa2009_1432.nasl |
2009-09-15 | Name : CentOS Security Advisory CESA-2009:1431 (seamonkey) File : nvt/ovcesa2009_1431.nasl |
2009-09-15 | Name : CentOS Security Advisory CESA-2009:1430 (seamonkey) File : nvt/ovcesa2009_1430.nasl |
2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1432 File : nvt/RHSA_2009_1432.nasl |
2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1430 File : nvt/RHSA_2009_1430.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1873-1 (xulrunner) File : nvt/deb_1873_1.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:198 (firefox) File : nvt/mdksa_2009_198.nasl |
2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8288 (perl-Gtk2-MozEmbed) File : nvt/fcore_2009_8288.nasl |
2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8279 (xulrunner) File : nvt/fcore_2009_8279.nasl |
2009-08-17 | Name : Ubuntu USN-811-1 (xulrunner-1.9) File : nvt/ubuntu_811_1.nasl |
2009-08-07 | Name : Mozilla Firefox Multiple Memory Corruption Vulnerabilities Aug-09 (Win) File : nvt/gb_firefox_mult_mem_crptn_vuln_aug09_win.nasl |
2009-08-07 | Name : Mozilla Firefox Multiple Memory Corruption Vulnerabilities Aug-09 (Linux) File : nvt/gb_firefox_mult_mem_crptn_vuln_aug09_lin.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61101 | Mozilla Multiple Browser NTLM Reflection Authentication Credential Disclosure |
61100 | Mozilla Multiple Browsers document.location 204 Response SSL Status Spoofing |
61099 | Mozilla Multiple Browsers document.location Blank Page Content Spoofing |
61097 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption |
61096 | Mozilla Firefox Browser Engine Unspecified Memory Corruption |
61095 | Mozilla Multiple Browsers Chrome window.opener Property Privilege Escalation |
61094 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption |
61092 | Mozilla Multiple Browsers GeckoActiveXObject Exception Message COM Object Enu... |
56717 | Mozilla Firefox window.open() Invalid URL Document Content / SSL Status Spoofing |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | multiple products GeckoActiveX COM object recon attempt RuleID : 21165 - Revision : 4 - Type : FILE-OTHER |
2014-01-10 | Mozilla Firefox location spoofing attempt via invalid window.open characters RuleID : 15873 - Revision : 12 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1430.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1673.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1674.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091216_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091215_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090909_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090909_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6735.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6734.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-338.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12616.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO |
2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2010-03-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1119.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote SuSE system is missing a security patch for MozillaThunderbird File : suse_11_2_MozillaThunderbird-100305.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1956.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1873.nasl - Type : ACT_GATHER_INFO |
2010-01-22 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_301.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-878-1.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-877-1.nasl - Type : ACT_GATHER_INFO |
2010-01-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-091223.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-091221.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6733.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6736.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-339.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-091217.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-874-1.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-873-1.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1674.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1673.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-13366.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13362.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-13333.nasl - Type : ACT_GATHER_INFO |
2009-12-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_01c57d20ea2611debd3900248c9b4be7.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1674.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_201.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3016.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1673.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_356.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-6495.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090812.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6433.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090812.nasl - Type : ACT_GATHER_INFO |
2009-08-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090812.nasl - Type : ACT_GATHER_INFO |
2009-08-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-198.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-811-1.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-8288.nasl - Type : ACT_GATHER_INFO |
2009-08-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-8279.nasl - Type : ACT_GATHER_INFO |
2009-08-04 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_352.nasl - Type : ACT_GATHER_INFO |
2009-08-04 | Name : The remote Windows host contains a web browser that is affected by multiple f... File : mozilla_firefox_3013.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:41:07 |
|