Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameMDVSA-2010:071First vendor Publication2010-04-13
VendorMandrivaLast vendor Modification2010-04-23
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been found and corrected in mozilla-thunderbird:

Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing (CVE-2009-0689).

Integer overflow in a base64 decoding function in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors (CVE-2009-2463).

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3072).

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2009-3075).

Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a dangling pointer vulnerability. (CVE-2009-3077)

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file (CVE-2009-3376).

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user (CVE-2009-3983).

Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing (CVE-2010-0163).

This update provides the latest version of Thunderbird which are not vulnerable to these issues.

Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products.

Additionally, some packages which require so, have been rebuilt and are being provided as updates.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:071

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-8Buffer Overflow in an API Call
CAPEC-9Buffer Overflow in Local Command-Line Utilities
CAPEC-10Buffer Overflow via Environment Variables
CAPEC-14Client-side Injection-induced Buffer Overflow
CAPEC-24Filter Failure through Buffer Overflow
CAPEC-42MIME Conversion
CAPEC-44Overflow Binary Resource File
CAPEC-45Buffer Overflow via Symbolic Links
CAPEC-46Overflow Variables and Tags
CAPEC-47Buffer Overflow via Parameter Expansion
CAPEC-100Overflow Buffers

CWE : Common Weakness Enumeration

%idName
20 %CWE-399Resource Management Errors
20 %CWE-189Numeric Errors (CWE/SANS Top 25)
20 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
20 %CWE-94Failure to Control Generation of Code ('Code Injection')
20 %CWE-16Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6541
 
Oval ID: oval:org.mitre.oval:def:6541
Title: Spoofed file extensions via a crafted filename containing Unicode character in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0
Description: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3376
Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11218
 
Oval ID: oval:org.mitre.oval:def:11218
Title: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
Description: Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3376
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9489
 
Oval ID: oval:org.mitre.oval:def:9489
Title: Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
Description: Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0629
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6724
 
Oval ID: oval:org.mitre.oval:def:6724
Title: DSA-2031 krb5 -- use-after-free
Description: Sol Jerome discovered that kadmind service in krb5, a system for authenticating users and services on a network, allows remote authenticated users to cause a denial of service via a request from a kadmin client that sends an invalid API version number.
Family: unix Class: patch
Reference(s): DSA-2031
CVE-2010-0629
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22037
 
Oval ID: oval:org.mitre.oval:def:22037
Title: RHSA-2010:0343: krb5 security and bug fix update (Important)
Description: Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
Family: unix Class: patch
Reference(s): RHSA-2010:0343-01
CESA-2010:0343
CVE-2010-0629
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20259
 
Oval ID: oval:org.mitre.oval:def:20259
Title: DSA-2031-1 krb5 - denial of service
Description: Sol Jerome discovered that kadmind service in krb5, a system for authenticating users and services on a network, allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
Family: unix Class: patch
Reference(s): DSA-2031-1
CVE-2010-0629
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23005
 
Oval ID: oval:org.mitre.oval:def:23005
Title: ELSA-2010:0343: krb5 security and bug fix update (Important)
Description: Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
Family: unix Class: patch
Reference(s): ELSA-2010:0343-01
CVE-2010-0629
Version: 6
Platform(s): Oracle Linux 5
Product(s): krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28012
 
Oval ID: oval:org.mitre.oval:def:28012
Title: DEPRECATED: ELSA-2010-0343 -- krb5 security and bug fix update (important)
Description: [1.6.1-36.el5_5.3] - add upstream patch to fix a few use-after-free bugs, including one in kadmind (CVE-2010-0629, #578185) [1.6.1-36.el5_5.2] - pull changes to libkrb5 to properly handle and chase off-path referrals back from 1.7 (#574387)
Family: unix Class: patch
Reference(s): ELSA-2010-0343
CVE-2010-0629
Version: 4
Platform(s): Oracle Linux 5
Product(s): krb5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6315
 
Oval ID: oval:org.mitre.oval:def:6315
Title: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow denial of service Vulnerability
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3072
Version: 6
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10349
 
Oval ID: oval:org.mitre.oval:def:10349
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3072
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9541
 
Oval ID: oval:org.mitre.oval:def:9541
Title: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Description: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0689
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6826
 
Oval ID: oval:org.mitre.oval:def:6826
Title: DSA-1998 kdelibs -- buffer overflow
Description: Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1998
CVE-2009-0689
Version: 7
Platform(s): Debian GNU/Linux 5.0
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6528
 
Oval ID: oval:org.mitre.oval:def:6528
Title: Mozilla Firefox Floating Point Memory Allocation Vulnerability
Description: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0689
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13490
 
Oval ID: oval:org.mitre.oval:def:13490
Title: USN-871-1 -- kdelibs vulnerability
Description: A buffer overflow was found in the KDE libraries when converting a string to a floating point number. If a user or application linked against kdelibs were tricked into processing crafted input, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that the KDE libraries could use KHTML to process an unknown MIME type. If a user or application linked against kdelibs were tricked into opening a crafted file, an attacker could potentially trigger XMLHTTPRequests to remote sites.
Family: unix Class: patch
Reference(s): USN-871-1
CVE-2009-0689
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12913
 
Oval ID: oval:org.mitre.oval:def:12913
Title: DSA-1998-1 kdelibs -- buffer overflow
Description: Maksymilian Arciemowicz discovered a buffer overflow in the internal string routines of the KDE core libraries, which could lead to the execution of arbitrary code. For the stable distribution, this problem has been fixed in version 4:3.5.10.dfsg.1-0lenny4. For the unstable distribution, this problem has been fixed in version 4:3.5.10.dfsg.1-3. We recommend that you upgrade your kdelibs packages.
Family: unix Class: patch
Reference(s): DSA-1998-1
CVE-2009-0689
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22669
 
Oval ID: oval:org.mitre.oval:def:22669
Title: ELSA-2009:1601: kdelibs security update (Critical)
Description: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family: unix Class: patch
Reference(s): ELSA-2009:1601-01
CVE-2009-0689
Version: 6
Platform(s): Oracle Linux 5
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24079
 
Oval ID: oval:org.mitre.oval:def:24079
Title: RHSA-2014:0311: php security update (Critical)
Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2009-0689) It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0311-00
CESA-2014:0311
CVE-2006-7243
CVE-2009-0689
Version: 11
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23947
 
Oval ID: oval:org.mitre.oval:def:23947
Title: ELSA-2014:0311: php security update (Critical)
Description: Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family: unix Class: patch
Reference(s): ELSA-2014:0311-00
CVE-2006-7243
CVE-2009-0689
Version: 7
Platform(s): Oracle Linux 5
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25660
 
Oval ID: oval:org.mitre.oval:def:25660
Title: SUSE-SU-2013:1828-1 -- Security update for ruby
Description: The following security issue has been fixed: * CVE-2013-4164: heap overflow in float point parsing
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1828-1
CVE-2013-4164
CVE-2009-0689
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): ruby
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29365
 
Oval ID: oval:org.mitre.oval:def:29365
Title: RHSA-2009:1601 -- kdelibs security update (Critical)
Description: Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-0689)
Family: unix Class: patch
Reference(s): RHSA-2009:1601
CESA-2009:1601-CentOS 5
CVE-2009-0689
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): kdelibs
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8171
 
Oval ID: oval:org.mitre.oval:def:8171
Title: DSA-1931 nspr -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: A programming error in the string handling code may lead to the execution of arbitrary code. An integer overflow in the Base64 decoding functions may lead to the execution of arbitrary code. The old stable distribution (etch) doesn't contain nspr.
Family: unix Class: patch
Reference(s): DSA-1931
CVE-2009-1563
CVE-2009-2463
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): nspr
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13598
 
Oval ID: oval:org.mitre.oval:def:13598
Title: DSA-1931-1 nspr -- several
Description: Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1563 A programming error in the string handling code may lead to the execution of arbitrary code. CVE-2009-2463 An integer overflow in the Base64 decoding functions may lead to the execution of arbitrary code. The old stable distribution doesn’t contain nspr. For the stable distribution, these problems have been fixed in version 4.7.1-5. For the unstable distribution these problems have been fixed in version 4.8.2-1. We recommend that you upgrade your NSPR packages.
Family: unix Class: patch
Reference(s): DSA-1931-1
CVE-2009-1563
CVE-2009-2463
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): nspr
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10369
 
Oval ID: oval:org.mitre.oval:def:10369
Title: Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.
Description: Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2463
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5717
 
Oval ID: oval:org.mitre.oval:def:5717
Title: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2 allow multiple DOS Vulnerabilities
Description: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3075
Version: 6
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11365
 
Oval ID: oval:org.mitre.oval:def:11365
Title: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.
Description: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3075
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6699
 
Oval ID: oval:org.mitre.oval:def:6699
Title: DSA-2025 icedove -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a "\0" character in a domain name in the subject's Common Name field of an X.509 certificate. Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. monarch2020 discovered an integer overflow in a base64 decoding function. Josh Soref discovered a crash in the BinHex decoder. Carsten Book reported a crash in the JavaScript engine. Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2025
CVE-2009-2408
CVE-2009-2404
CVE-2009-2463
CVE-2009-3072
CVE-2009-3075
CVE-2010-0163
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14259
 
Oval ID: oval:org.mitre.oval:def:14259
Title: Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.
Description: Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0163
Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13262
 
Oval ID: oval:org.mitre.oval:def:13262
Title: DSA-2025-1 icedove -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a "\0" character in a domain name in the subject's Common Name field of an X.509 certificate. CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. CVE-2009-2463 monarch2020 discovered an integer overflow n a base64 decoding function. CVE-2009-3072 Josh Soref discovered a crash in the BinHex decoder. CVE-2009-3075 Carsten Book reported a crash in the JavaScript engine. CVE-2010-0163 Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 2.0.0.24-0lenny1. Due to a problem with the archive system it is not possible to release all architectures. The missing architectures will be installed into the archive once they become available. For the testing distribution squeeze and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your icedove packages.
Family: unix Class: patch
Reference(s): DSA-2025-1
CVE-2009-2408
CVE-2009-2404
CVE-2009-2463
CVE-2009-3072
CVE-2009-3075
CVE-2010-0163
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13236
 
Oval ID: oval:org.mitre.oval:def:13236
Title: USN-915-1 -- thunderbird vulnerabilities
Description: Several flaws were discovered in the JavaScript engine of Thunderbird. If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Josh Soref discovered that the BinHex decoder used in Thunderbird contained a flaw. If a user were tricked into viewing malicious content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Thunderbird did not properly manage memory when using XUL tree elements. If a user were tricked into viewing malicious content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly display filenames containing right-to-left override characters. If a user were tricked into opening a malicious file with a crafted filename, an attacker could exploit this to trick the user into opening a different file than the user expected. Takehiro Takahashi discovered flaws in the NTLM implementation in Thunderbird. If an NTLM authenticated user opened content containing links to a malicious website, a remote attacker could send requests to other applications, authenticated as the user. Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain messages with attachments. A remote attacker could send specially crafted content and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program
Family: unix Class: patch
Reference(s): USN-915-1
CVE-2009-0689
CVE-2009-2463
CVE-2009-3075
CVE-2009-3072
CVE-2009-3077
CVE-2009-3376
CVE-2009-3983
CVE-2010-0163
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 9.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10805
 
Oval ID: oval:org.mitre.oval:def:10805
Title: Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.
Description: Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0163
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8240
 
Oval ID: oval:org.mitre.oval:def:8240
Title: Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
Description: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3983
Version: 15
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10047
 
Oval ID: oval:org.mitre.oval:def:10047
Title: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
Description: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3983
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5606
 
Oval ID: oval:org.mitre.oval:def:5606
Title: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow dangling pointer vulnerability
Description: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3077
Version: 6
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10730
 
Oval ID: oval:org.mitre.oval:def:10730
Title: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."
Description: Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."
Family: unix Class: vulnerability
Reference(s): CVE-2009-3077
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application8
Application186
Application55
Application79
Os10
Os1
Os1

ExploitDB Exploits

idDescription
2009-12-11Sunbird 0.9 Array Overrun (code execution) 0day
2009-11-19Opera 10.01 Remote Array Overrun
2009-11-19K-Meleon 1.5.3 Remote Array Overrun
2009-11-19SeaMonkey 1.1.8 Remote Array Overrun
2009-11-19KDE KDELibs 4.3.3 Remote Array Overrun

OpenVAS Exploits

DateDescription
2012-02-12Name : Gentoo Security Advisory GLSA 201201-13 (mit-krb5)
File : nvt/glsa_201201_13.nasl
2011-08-09Name : CentOS Update for kdelibs CESA-2009:1601 centos4 i386
File : nvt/gb_CESA-2009_1601_kdelibs_centos4_i386.nasl
2011-08-09Name : CentOS Update for kdelibs CESA-2009:1601 centos5 i386
File : nvt/gb_CESA-2009_1601_kdelibs_centos5_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:1673 centos4 i386
File : nvt/gb_CESA-2009_1673_seamonkey_centos4_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2009:1674 centos4 i386
File : nvt/gb_CESA-2009_1674_firefox_centos4_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2009:1674 centos5 i386
File : nvt/gb_CESA-2009_1674_firefox_centos5_i386.nasl
2011-08-09Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386
File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl
2011-08-09Name : CentOS Update for krb5-devel CESA-2010:0343 centos5 i386
File : nvt/gb_CESA-2010_0343_krb5-devel_centos5_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2009:1162 centos5 i386
File : nvt/gb_CESA-2009_1162_firefox_centos5_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:1163 centos3 i386
File : nvt/gb_CESA-2009_1163_seamonkey_centos3_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2009:1430 centos4 i386
File : nvt/gb_CESA-2009_1430_firefox_centos4_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2009:1430 centos5 i386
File : nvt/gb_CESA-2009_1430_firefox_centos5_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:1431 centos4 i386
File : nvt/gb_CESA-2009_1431_seamonkey_centos4_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:1432 centos3 i386
File : nvt/gb_CESA-2009_1432_seamonkey_centos3_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2009:1530 centos4 i386
File : nvt/gb_CESA-2009_1530_firefox_centos4_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:1531 centos3 i386
File : nvt/gb_CESA-2009_1531_seamonkey_centos3_i386.nasl
2011-08-09Name : CentOS Update for seamonkey CESA-2009:1531 centos4 i386
File : nvt/gb_CESA-2009_1531_seamonkey_centos4_i386.nasl
2010-08-20Name : CentOS Update for seamonkey CESA-2010:0499 centos3 i386
File : nvt/gb_CESA-2010_0499_seamonkey_centos3_i386.nasl
2010-06-28Name : RedHat Update for seamonkey RHSA-2010:0499-01
File : nvt/gb_RHSA-2010_0499-01_seamonkey.nasl
2010-05-28Name : Fedora Update for krb5 FEDORA-2010-8796
File : nvt/gb_fedora_2010_8796_krb5_fc11.nasl
2010-05-12Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002
File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2010-04-29Name : Fedora Update for seamonkey FEDORA-2010-7100
File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl
2010-04-21Name : FreeBSD Ports: krb5
File : nvt/freebsd_krb52.nasl
2010-04-16Name : Mandriva Update for krb5 MDVSA-2010:071 (krb5)
File : nvt/gb_mandriva_MDVSA_2010_071.nasl
2010-04-09Name : Fedora Update for krb5 FEDORA-2010-6108
File : nvt/gb_fedora_2010_6108_krb5_fc11.nasl
2010-04-09Name : Ubuntu Update for krb5 vulnerabilities USN-924-1
File : nvt/gb_ubuntu_USN_924_1.nasl
2010-04-09Name : RedHat Update for krb5 RHSA-2010:0343-01
File : nvt/gb_RHSA-2010_0343-01_krb5.nasl
2010-04-06Name : Debian Security Advisory DSA 2025-1 (icedove)
File : nvt/deb_2025_1.nasl
2010-03-30Name : Mozilla Products Denial Of Service Vulnerability (Linux)
File : nvt/secpod_mozilla_prdts_dos_vuln_lin_mar10.nasl
2010-03-30Name : Mozilla Products Denial Of Service Vulnerability (Win)
File : nvt/secpod_mozilla_prdts_dos_vuln_win_mar10.nasl
2010-03-30Name : FreeBSD Ports: seamonkey, linux-seamonkey
File : nvt/freebsd_seamonkey.nasl
2010-03-22Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386
File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl
2010-03-22Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1
File : nvt/gb_ubuntu_USN_915_1.nasl
2010-03-22Name : RedHat Update for thunderbird RHSA-2010:0154-02
File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl
2010-02-25Name : Debian Security Advisory DSA 1998-1 (kdelibs)
File : nvt/deb_1998_1.nasl
2010-02-19Name : Mandriva Update for eject MDVA-2010:071 (eject)
File : nvt/gb_mandriva_MDVA_2010_071.nasl
2010-01-29Name : Mandriva Update for kdelibs4 MDVSA-2010:027 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2010_027.nasl
2010-01-29Name : Mandriva Update for kdelibs4 MDVSA-2010:028 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2010_028.nasl
2010-01-15Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-877-1
File : nvt/gb_ubuntu_USN_877_1.nasl
2010-01-15Name : Ubuntu Update for firefox-3.5, xulrunner-1.9.1 regression USN-878-1
File : nvt/gb_ubuntu_USN_878_1.nasl
2009-12-30Name : CentOS Security Advisory CESA-2009:1673 (seamonkey)
File : nvt/ovcesa2009_1673.nasl
2009-12-30Name : CentOS Security Advisory CESA-2009:1674 (firefox)
File : nvt/ovcesa2009_1674.nasl
2009-12-30Name : Mandriva Security Advisory MDVSA-2009:339 (firefox)
File : nvt/mdksa_2009_339.nasl
2009-12-30Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox43.nasl
2009-12-30Name : SuSE Security Advisory SUSE-SA:2009:063 (MozillaFirefox)
File : nvt/suse_sa_2009_063.nasl
2009-12-30Name : Ubuntu USN-873-1 (xulrunner-1.9)
File : nvt/ubuntu_873_1.nasl
2009-12-30Name : Ubuntu USN-874-1 (xulrunner-1.9.1)
File : nvt/ubuntu_874_1.nasl
2009-12-30Name : Fedora Core 11 FEDORA-2009-13333 (firefox)
File : nvt/fcore_2009_13333.nasl
2009-12-30Name : Fedora Core 12 FEDORA-2009-13362 (seamonkey)
File : nvt/fcore_2009_13362.nasl
2009-12-30Name : Fedora Core 12 FEDORA-2009-13366 (gnome-python2-extras)
File : nvt/fcore_2009_13366.nasl
2009-12-30Name : RedHat Security Advisory RHSA-2009:1673
File : nvt/RHSA_2009_1673.nasl
2009-12-30Name : RedHat Security Advisory RHSA-2009:1674
File : nvt/RHSA_2009_1674.nasl
2009-12-30Name : Debian Security Advisory DSA 1956-1 (xulrunner)
File : nvt/deb_1956_1.nasl
2009-12-23Name : Seamonkey Multiple Vulnerabilities Dec-09 (Linux)
File : nvt/secpod_seamonkey_mult_vuln_dec09_lin.nasl
2009-12-23Name : Seamonkey Multiple Vulnerabilities Dec-09 (Win)
File : nvt/secpod_seamonkey_mult_vuln_dec09_win.nasl
2009-12-23Name : Firefox Multiple Vulnerabilities Dec-09 (Linux)
File : nvt/secpod_firefox_mult_vuln_dec09_lin01.nasl
2009-12-23Name : Firefox Multiple Vulnerabilities Dec-09 (Linux)
File : nvt/secpod_firefox_mult_vuln_dec09_lin02.nasl
2009-12-23Name : Firefox Multiple Vulnerabilities Dec-09 (Win)
File : nvt/secpod_firefox_mult_vuln_dec09_win01.nasl
2009-12-23Name : Firefox Multiple Vulnerabilities Dec-09 (Win)
File : nvt/secpod_firefox_mult_vuln_dec09_win02.nasl
2009-12-14Name : SLES11: Security update for kdelibs3
File : nvt/sles11_kdelibs3.nasl
2009-12-14Name : Mandriva Security Advisory MDVSA-2009:330 (kdelibs)
File : nvt/mdksa_2009_330.nasl
2009-12-10Name : Mandriva Security Advisory MDVSA-2009:290-1 (firefox)
File : nvt/mdksa_2009_290_1.nasl
2009-12-10Name : FreeBSD Ports: opera
File : nvt/freebsd_opera19.nasl
2009-12-03Name : RedHat Security Advisory RHSA-2009:1601
File : nvt/RHSA_2009_1601.nasl
2009-11-23Name : Ubuntu USN-853-1 (xulrunner-1.9.1)
File : nvt/ubuntu_853_1.nasl
2009-11-11Name : SLES10: Security update for Mozilla Firefox
File : nvt/sles10_MozillaFirefox7.nasl
2009-11-11Name : SLES11: Security update for Mozilla Firefox
File : nvt/sles11_MozillaFirefox7.nasl
2009-11-11Name : Mandriva Security Advisory MDVSA-2009:290 (firefox)
File : nvt/mdksa_2009_290.nasl
2009-11-11Name : CentOS Security Advisory CESA-2009:1530 (firefox)
File : nvt/ovcesa2009_1530.nasl
2009-11-11Name : CentOS Security Advisory CESA-2009:1531 (seamonkey)
File : nvt/ovcesa2009_1531.nasl
2009-11-11Name : Fedora Core 11 FEDORA-2009-10878 (chmsee)
File : nvt/fcore_2009_10878.nasl
2009-11-11Name : SLES11: Security update for Mozilla
File : nvt/sles11_mozilla-nspr.nasl
2009-11-11Name : Fedora Core 10 FEDORA-2009-10981 (blam)
File : nvt/fcore_2009_10981.nasl
2009-11-11Name : SLES11: Security update for Mozilla XULRunner
File : nvt/sles11_mozilla-xulrunn1.nasl
2009-11-11Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox42.nasl
2009-11-11Name : SLES10: Security update for mozilla-nspr
File : nvt/sles10_mozilla-nspr0.nasl
2009-11-11Name : SLES10: Security update for Mozilla XULRunner
File : nvt/sles10_mozilla-xulrunn0.nasl
2009-11-11Name : SuSE Security Advisory SUSE-SA:2009:052 (MozillaFirefox)
File : nvt/suse_sa_2009_052.nasl
2009-11-11Name : RedHat Security Advisory RHSA-2009:1530
File : nvt/RHSA_2009_1530.nasl
2009-11-11Name : RedHat Security Advisory RHSA-2009:1531
File : nvt/RHSA_2009_1531.nasl
2009-11-11Name : SuSE Security Summary SUSE-SR:2009:018
File : nvt/suse_sr_2009_018.nasl
2009-11-11Name : Debian Security Advisory DSA 1922-1 (xulrunner)
File : nvt/deb_1922_1.nasl
2009-11-11Name : Debian Security Advisory DSA 1931-1 (nspr)
File : nvt/deb_1931_1.nasl
2009-11-04Name : Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Linux)
File : nvt/gb_seamonkey_mult_vuln_nov09_lin.nasl
2009-11-04Name : Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Win)
File : nvt/gb_seamonkey_mult_vuln_nov09_win.nasl
2009-11-02Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Linux)
File : nvt/gb_firefox_mult_vuln_nov09_lin.nasl
2009-11-02Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Win)
File : nvt/gb_firefox_mult_vuln_nov09_win.nasl
2009-10-27Name : SLES10: Security update for Mozilla Firefox
File : nvt/sles10_firefox35upgrad.nasl
2009-10-27Name : SuSE Security Advisory SUSE-SA:2009:048 (MozillaFirefox)
File : nvt/suse_sa_2009_048.nasl
2009-10-11Name : SLES11: Security update for MozillaFirefox
File : nvt/sles11_MozillaFirefox4.nasl
2009-10-11Name : SLES11: Security update for Firefox
File : nvt/sles11_MozillaFirefox6.nasl
2009-10-11Name : SLES11: Security update for Mozilla
File : nvt/sles11_mozilla-xulrunn0.nasl
2009-09-21Name : Mandrake Security Advisory MDVSA-2009:236 (firefox)
File : nvt/mdksa_2009_236.nasl
2009-09-15Name : CentOS Security Advisory CESA-2009:1430 (seamonkey)
File : nvt/ovcesa2009_1430.nasl
2009-09-15Name : CentOS Security Advisory CESA-2009:1431 (seamonkey)
File : nvt/ovcesa2009_1431.nasl
2009-09-15Name : CentOS Security Advisory CESA-2009:1432 (seamonkey)
File : nvt/ovcesa2009_1432.nasl
2009-09-15Name : Fedora Core 10 FEDORA-2009-9494 (epiphany)
File : nvt/fcore_2009_9494.nasl
2009-09-15Name : Fedora Core 11 FEDORA-2009-9505 (epiphany-extensions)
File : nvt/fcore_2009_9505.nasl
2009-09-15Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox41.nasl
2009-09-15Name : RedHat Security Advisory RHSA-2009:1430
File : nvt/RHSA_2009_1430.nasl
2009-09-15Name : RedHat Security Advisory RHSA-2009:1431
File : nvt/RHSA_2009_1431.nasl
2009-09-15Name : RedHat Security Advisory RHSA-2009:1432
File : nvt/RHSA_2009_1432.nasl
2009-09-15Name : Ubuntu USN-821-1 (xulrunner-1.9)
File : nvt/ubuntu_821_1.nasl
2009-09-15Name : Debian Security Advisory DSA 1885-1 (xulrunner)
File : nvt/deb_1885_1.nasl
2009-09-11Name : Mozilla Firefox 'JavaScript' DoS Vulnerabilities - Sep09 (Linux)
File : nvt/secpod_firefox_js_dos_vuln_sep09_lin.nasl
2009-09-11Name : Mozilla Firefox 'JavaScript' DoS Vulnerabilities - Sep09 (Win)
File : nvt/secpod_firefox_js_dos_vuln_sep09_win.nasl
2009-09-11Name : Mozilla Firefox Multiple Vulnerabilities - Sep09 (Linux)
File : nvt/secpod_firefox_mult_vuln_sep09_lin.nasl
2009-09-11Name : Mozilla Firefox Multiple Vulnerabilities - Sep09 (Win)
File : nvt/secpod_firefox_mult_vuln_sep09_win.nasl
2009-08-17Name : Mandrake Security Advisory MDVSA-2009:182 (firefox)
File : nvt/mdksa_2009_182.nasl
2009-08-17Name : Mandrake Security Advisory MDVSA-2009:185 (firefox)
File : nvt/mdksa_2009_185.nasl
2009-07-29Name : Fedora Core 10 FEDORA-2009-7961 (blam)
File : nvt/fcore_2009_7961.nasl
2009-07-29Name : RedHat Security Advisory RHSA-2009:1162
File : nvt/RHSA_2009_1162.nasl
2009-07-29Name : RedHat Security Advisory RHSA-2009:1163
File : nvt/RHSA_2009_1163.nasl
2009-07-29Name : Debian Security Advisory DSA 1840-1 (xulrunner)
File : nvt/deb_1840_1.nasl
2009-07-29Name : Ubuntu USN-798-1 (xulrunner-1.9)
File : nvt/ubuntu_798_1.nasl
2009-07-29Name : Ubuntu USN-805-1 (ruby1.9)
File : nvt/ubuntu_805_1.nasl
2009-07-29Name : SuSE Security Advisory SUSE-SA:2009:039 (MozillaFirefox)
File : nvt/suse_sa_2009_039.nasl
2009-07-29Name : CentOS Security Advisory CESA-2009:1162 (firefox)
File : nvt/ovcesa2009_1162.nasl
2009-07-29Name : CentOS Security Advisory CESA-2009:1163 (seamonkey)
File : nvt/ovcesa2009_1163.nasl
2009-07-23Name : Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Linux)
File : nvt/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl
2009-07-23Name : Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Win)
File : nvt/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl
2009-07-23Name : Mozilla Firefox Multiple Vulnerabilities July-09 (Linux)
File : nvt/secpod_firefox_mult_vuln_jul09_lin.nasl
2009-07-23Name : Mozilla Firefox Multiple Vulnerabilities July-09 (Win)
File : nvt/secpod_firefox_mult_vuln_jul09_win.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
63646J Programming Language libc dtoa Implementation Floating Point Parsing Memory...
63641Matlab libc dtoa Implementation Floating Point Parsing Memory Corruption
63639Apple Mac OS X libc dtoa Implementation Floating Point Parsing Memory Corruption
63569Kerberos src/kadmin/server/server_stubs.c init_2_svc() Function API Version N...
63263Mozilla Multiple Products Email Attachment Parser Message Indexing DoS
62402K-Meleon libc dtoa Implementation Floating Point Parsing Memory Corruption
61189Mozilla Sunbird libc dtoa Implementation Floating Point Parsing Memory Corrup...
61188Flock Browser libc dtoa Implementation Floating Point Parsing Memory Corruption
61187KDE kdelibs libc dtoa Implementation Floating Point Parsing Memory Corruption
61186Opera libc dtoa Implementation Floating Point Parsing Memory Corruption
61101Mozilla Multiple Browser NTLM Reflection Authentication Credential Disclosure
61091Mozilla Multiple Products libc dtoa Implementation Floating Point Parsing Mem...
59389Mozilla Multiple Browsers Filename Right-to-left (RTL) Override Character Dow...
57978Mozilla Firefox XUL Document TreeColumn Rendering Arbitrary Code Execution
57976Mozilla Firefox JavaScript Engine Multiple Unspecified Memory Corruption
57972Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3...
56230Mozilla Multiple Products Base64 Decoding Unspecified DoS
55603libc gdtoa/misc.c dtoa() Implementation printf Function Array Overflow

Snort® IPS/IDS

DateDescription
2018-07-10Mozilla multiple products JavaScript string replace buffer overflow attempt
RuleID : 46913 - Revision : 1 - Type : BROWSER-FIREFOX
2018-07-10Mozilla multiple products JavaScript string replace buffer overflow attempt
RuleID : 46912 - Revision : 1 - Type : BROWSER-FIREFOX
2014-01-10Mozilla products floating point buffer overflow attempt
RuleID : 21155 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10Mozilla products floating point buffer overflow attempt
RuleID : 21154 - Revision : 5 - Type : BROWSER-FIREFOX
2014-01-10Mozilla multiple products JavaScript string replace buffer overflow attempt
RuleID : 17166 - Revision : 10 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

DateDescription
2018-11-02Name : The remote Debian host is missing a security update.
File : debian_DLA-1564.nasl - Type : ACT_GATHER_INFO
2016-12-01Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-2958-1.nasl - Type : ACT_GATHER_INFO
2016-03-08Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0001_remote.nasl - Type : ACT_GATHER_INFO
2016-03-04Name : The remote Fedora host is missing a security update.
File : fedora_2015-6dec4e6d5f.nasl - Type : ACT_GATHER_INFO
2016-01-28Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0257-1.nasl - Type : ACT_GATHER_INFO
2016-01-04Name : The remote Debian host is missing a security update.
File : debian_DLA-376.nasl - Type : ACT_GATHER_INFO
2016-01-04Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_4b3a7e70afce11e5b86414dae9d210b8.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2011-0015.nasl - Type : ACT_GATHER_INFO
2014-11-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0312.nasl - Type : ACT_GATHER_INFO
2014-03-20Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140318_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-03-19Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0311.nasl - Type : ACT_GATHER_INFO
2014-03-19Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0311.nasl - Type : ACT_GATHER_INFO
2014-03-19Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0311.nasl - Type : ACT_GATHER_INFO
2013-12-05Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ruby-131125.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1601.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1673.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1674.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0343.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0499.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1162.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1163.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1431.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1432.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1530.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1531.nasl - Type : ACT_GATHER_INFO
2013-06-29Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1601.nasl - Type : ACT_GATHER_INFO
2013-03-09Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-924-1.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2013-01-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-11-05Name : The remote Scientific Linux host is missing a security update.
File : sl_20090722_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-11-05Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090722_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100406_krb5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100622_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20090723_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20090723_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090723_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090728_seamonkey_on_SL3_0.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090909_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090909_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091027_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091027_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091124_kdelibs_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091215_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091216_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-01-24Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-13.nasl - Type : ACT_GATHER_INFO
2011-03-17Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-090922.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_krb5-100401.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kdelibs3-6692.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_firefox35upgrade-6563.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-nspr-6631.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6617.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6609.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6734.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6735.nasl - Type : ACT_GATHER_INFO
2010-07-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-294.nasl - Type : ACT_GATHER_INFO
2010-07-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-338.nasl - Type : ACT_GATHER_INFO
2010-07-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-027.nasl - Type : ACT_GATHER_INFO
2010-07-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-028.nasl - Type : ACT_GATHER_INFO
2010-07-22Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0499.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-6108.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO
2010-06-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0499.nasl - Type : ACT_GATHER_INFO
2010-06-01Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0343.nasl - Type : ACT_GATHER_INFO
2010-05-20Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO
2010-05-20Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO
2010-05-20Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12616.nasl - Type : ACT_GATHER_INFO
2010-05-11Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-05-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0343.nasl - Type : ACT_GATHER_INFO
2010-04-20Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_a30573dc489311dfa5f9001641aeabdf.nasl - Type : ACT_GATHER_INFO
2010-04-14Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO
2010-04-13Name : The remote openSUSE host is missing a security update.
File : suse_11_1_krb5-100401.nasl - Type : ACT_GATHER_INFO
2010-04-13Name : The remote openSUSE host is missing a security update.
File : suse_11_0_krb5-100401.nasl - Type : ACT_GATHER_INFO
2010-04-12Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2031.nasl - Type : ACT_GATHER_INFO
2010-04-01Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2025.nasl - Type : ACT_GATHER_INFO
2010-03-30Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO
2010-03-30Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO
2010-03-29Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2010-03-29Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-03-29Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2010-03-22Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-03-19Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-03-19Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20024.nasl - Type : ACT_GATHER_INFO
2010-03-19Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO
2010-03-19Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1119.nasl - Type : ACT_GATHER_INFO
2010-03-01Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6562.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1931.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1956.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1998.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1840.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1885.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1922.nasl - Type : ACT_GATHER_INFO
2010-01-12Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kdelibs4-100107.nasl - Type : ACT_GATHER_INFO
2010-01-08Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-877-1.nasl - Type : ACT_GATHER_INFO
2010-01-08Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-878-1.nasl - Type : ACT_GATHER_INFO
2010-01-08Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0001.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1162.nasl - Type : ACT_GATHER_INFO
2010-01-03Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-091223.nasl - Type : ACT_GATHER_INFO
2009-12-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-346.nasl - Type : ACT_GATHER_INFO
2009-12-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-339.nasl - Type : ACT_GATHER_INFO
2009-12-23Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-091221.nasl - Type : ACT_GATHER_INFO
2009-12-23Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO
2009-12-23Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6736.nasl - Type : ACT_GATHER_INFO
2009-12-23Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6733.nasl - Type : ACT_GATHER_INFO
2009-12-22Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12563.nasl - Type : ACT_GATHER_INFO
2009-12-22Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO
2009-12-22Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-091217.nasl - Type : ACT_GATHER_INFO
2009-12-22Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO
2009-12-21Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1673.nasl - Type : ACT_GATHER_INFO
2009-12-21Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1674.nasl - Type : ACT_GATHER_INFO
2009-12-21Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-873-1.nasl - Type : ACT_GATHER_INFO
2009-12-21Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-874-1.nasl - Type : ACT_GATHER_INFO
2009-12-18Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-13333.nasl - Type : ACT_GATHER_INFO
2009-12-18Name : The remote Fedora host is missing a security update.
File : fedora_2009-13362.nasl - Type : ACT_GATHER_INFO
2009-12-18Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-13366.nasl - Type : ACT_GATHER_INFO
2009-12-17Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_01c57d20ea2611debd3900248c9b4be7.nasl - Type : ACT_GATHER_INFO
2009-12-16Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3016.nasl - Type : ACT_GATHER_INFO
2009-12-16Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_356.nasl - Type : ACT_GATHER_INFO
2009-12-16Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1673.nasl - Type : ACT_GATHER_INFO
2009-12-16Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1674.nasl - Type : ACT_GATHER_INFO
2009-12-16Name : The remote Windows host contains a web browser that is affected by multiple v...
File : seamonkey_201.nasl - Type : ACT_GATHER_INFO
2009-12-11Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-871-1.nasl - Type : ACT_GATHER_INFO
2009-12-08Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kdelibs3-091204.nasl - Type : ACT_GATHER_INFO
2009-12-08Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kdelibs3-6691.nasl - Type : ACT_GATHER_INFO
2009-12-08Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kdelibs3-091202.nasl - Type : ACT_GATHER_INFO
2009-12-08Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kdelibs3-091202.nasl - Type : ACT_GATHER_INFO
2009-12-08Name : The remote openSUSE host is missing a security update.
File : suse_11_0_kdelibs3-091202.nasl - Type : ACT_GATHER_INFO
2009-12-04Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-290.nasl - Type : ACT_GATHER_INFO
2009-12-02Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_6431c4dbdeb411de90780030843d3802.nasl - Type : ACT_GATHER_INFO
2009-11-30Name : The remote openSUSE host is missing a security update.
File : suse_11_1_opera-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30Name : The remote openSUSE host is missing a security update.
File : suse_11_0_opera-091125.nasl - Type : ACT_GATHER_INFO
2009-11-30Name : The remote openSUSE host is missing a security update.
File : suse_11_2_opera-091125.nasl - Type : ACT_GATHER_INFO
2009-11-25Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1601.nasl - Type : ACT_GATHER_INFO
2009-11-25Name : The remote host contains a web browser that is affected by multiple issues.
File : opera_1010.nasl - Type : ACT_GATHER_INFO
2009-11-12Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-853-2.nasl - Type : ACT_GATHER_INFO
2009-11-09Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO
2009-11-09Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO
2009-11-09Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-nspr-091103.nasl - Type : ACT_GATHER_INFO
2009-11-09Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-nspr-6630.nasl - Type : ACT_GATHER_INFO
2009-11-05Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-10981.nasl - Type : ACT_GATHER_INFO
2009-11-05Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-091102.nasl - Type : ACT_GATHER_INFO
2009-11-05Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-091103.nasl - Type : ACT_GATHER_INFO
2009-11-04Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-091030.nasl - Type : ACT_GATHER_INFO
2009-11-04Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-091030.nasl - Type : ACT_GATHER_INFO
2009-11-04Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6616.nasl - Type : ACT_GATHER_INFO
2009-11-04Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6606.nasl - Type : ACT_GATHER_INFO
2009-11-02Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-853-1.nasl - Type : ACT_GATHER_INFO
2009-10-29Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c87aa2d2c3c411deab08000f20797ede.nasl - Type : ACT_GATHER_INFO
2009-10-29Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-10878.nasl - Type : ACT_GATHER_INFO
2009-10-29Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_354.nasl - Type : ACT_GATHER_INFO
2009-10-29Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_20.nasl - Type : ACT_GATHER_INFO
2009-10-29Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO
2009-10-29Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO
2009-10-29Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3015.nasl - Type : ACT_GATHER_INFO
2009-10-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO
2009-10-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO
2009-10-20Name : The remote SuSE system is missing the security patch firefox35upgrade-6562
File : suse_firefox35upgrade-6562.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-6379.nasl - Type : ACT_GATHER_INFO
2009-10-06Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-6495.nasl - Type : ACT_GATHER_INFO
2009-10-01Name : The remote host contains a web browser that is affected by a buffer overflow ...
File : google_chrome_3_0_195_24.nasl - Type : ACT_GATHER_INFO
2009-10-01Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-090917.nasl - Type : ACT_GATHER_INFO
2009-10-01Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-090924.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-090724.nasl - Type : ACT_GATHER_INFO
2009-09-22Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-090916.nasl - Type : ACT_GATHER_INFO
2009-09-22Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-090916.nasl - Type : ACT_GATHER_INFO
2009-09-21Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-236.nasl - Type : ACT_GATHER_INFO
2009-09-14Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-9494.nasl - Type : ACT_GATHER_INFO
2009-09-14Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-9505.nasl - Type : ACT_GATHER_INFO
2009-09-11Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-821-1.nasl - Type : ACT_GATHER_INFO
2009-09-11Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_922d23989e2d11dea9980030843d3802.nasl - Type : ACT_GATHER_INFO
2009-09-11Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2009-09-11Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO
2009-09-11Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO
2009-09-10Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_353.nasl - Type : ACT_GATHER_INFO
2009-09-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2009-09-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO
2009-09-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO
2009-09-10Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3014.nasl - Type : ACT_GATHER_INFO
2009-08-04Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_352.nasl - Type : ACT_GATHER_INFO
2009-07-31Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-182.nasl - Type : ACT_GATHER_INFO
2009-07-28Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-090724.nasl - Type : ACT_GATHER_INFO
2009-07-28Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-090724.nasl - Type : ACT_GATHER_INFO
2009-07-24Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-7961.nasl - Type : ACT_GATHER_INFO
2009-07-23Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1163.nasl - Type : ACT_GATHER_INFO
2009-07-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-798-1.nasl - Type : ACT_GATHER_INFO
2009-07-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1162.nasl - Type : ACT_GATHER_INFO
2009-07-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1163.nasl - Type : ACT_GATHER_INFO
2009-07-22Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3012.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:41:23
  • Multiple Updates