Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2010:210 First vendor Publication 2010-10-22
Vendor Mandriva Last vendor Modification 2010-10-22
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Security issues were identified and fixed in firefox:

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority (CVE-2010-3170).

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack (CVE-2010-3173).

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2010-3174, CVE-2010-3175, CVE-2010-3176).

Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server (CVE-2010-3177).

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document (CVE-2010-3178).

Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method (CVE-2010-3179).

Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window (CVE-2010-3180).

A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-3182).

The LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted HTML document (CVE-2010-3183).

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and are being provided as updates. The NSS and SQLite3 packages has been upgraded to the latest versions.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:210

CWE : Common Weakness Enumeration

% Id Name
29 % CWE-310 Cryptographic Issues
29 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14 % CWE-399 Resource Management Errors
14 % CWE-264 Permissions, Privileges, and Access Controls
14 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11517
 
Oval ID: oval:org.mitre.oval:def:11517
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3174
Version: 22
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11675
 
Oval ID: oval:org.mitre.oval:def:11675
Title: Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Description: Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3179
Version: 23
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11891
 
Oval ID: oval:org.mitre.oval:def:11891
Title: Vulnerability in the LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Description: The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3183
Version: 24
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11943
 
Oval ID: oval:org.mitre.oval:def:11943
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3175
Version: 17
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12118
 
Oval ID: oval:org.mitre.oval:def:12118
Title: Vulnerability in SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Description: The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3173
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12120
 
Oval ID: oval:org.mitre.oval:def:12120
Title: Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 via crafted HTML document
Description: Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3178
Version: 23
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12132
 
Oval ID: oval:org.mitre.oval:def:12132
Title: Denial of service in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3176
Version: 23
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12158
 
Oval ID: oval:org.mitre.oval:def:12158
Title: Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Description: Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3180
Version: 23
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12202
 
Oval ID: oval:org.mitre.oval:def:12202
Title: Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9
Description: Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3177
Version: 18
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12254
 
Oval ID: oval:org.mitre.oval:def:12254
Title: SSL Server X.509 Certificate Spoofing Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Description: Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3170
Version: 21
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12568
 
Oval ID: oval:org.mitre.oval:def:12568
Title: DSA-2123-1 nss -- several
Description: Several vulnerabilities have been discovered in Mozilla's Network Security Services library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3170 NSS recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2010-3173 NSS does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. For the stable distribution, these problems have been fixed in version 3.12.3.1-0lenny2. For the unstable distribution and the upcoming stable distribution, these problems have been fixed in version 3.12.8-1. We recommend that you upgrade your NSS packages.
Family: unix Class: patch
Reference(s): DSA-2123-1
CVE-2010-3170
CVE-2010-3173
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13295
 
Oval ID: oval:org.mitre.oval:def:13295
Title: USN-1007-1 -- nss vulnerabilities
Description: Richard Moore discovered that NSS would sometimes incorrectly match an SSL certificate which had a Common Name that used a wildcard followed by a partial IP address. While it is very unlikely that a Certificate Authority would issue such a certificate, if an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Nelson Bolyard discovered a weakness in the Diffie-Hellman Ephemeral mode key exchange implementation which allowed servers to use a too small key length
Family: unix Class: patch
Reference(s): USN-1007-1
CVE-2010-3170
CVE-2010-3173
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.04
Ubuntu 9.10
Product(s): nss
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13392
 
Oval ID: oval:org.mitre.oval:def:13392
Title: USN-997-1 -- firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities
Description: Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Robert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. Eduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program
Family: unix Class: patch
Reference(s): USN-997-1
CVE-2010-3175
CVE-2010-3176
CVE-2010-3179
CVE-2010-3180
CVE-2010-3183
CVE-2010-3177
CVE-2010-3178
CVE-2010-3182
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.04
Ubuntu 9.10
Product(s): firefox
firefox-3.0
firefox-3.5
xulrunner-1.9.1
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13508
 
Oval ID: oval:org.mitre.oval:def:13508
Title: USN-998-1 -- thunderbird vulnerabilities
Description: Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Eduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program
Family: unix Class: patch
Reference(s): USN-998-1
CVE-2010-3175
CVE-2010-3176
CVE-2010-3179
CVE-2010-3180
CVE-2010-3183
CVE-2010-3178
CVE-2010-3182
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13844
 
Oval ID: oval:org.mitre.oval:def:13844
Title: DEPRECATED: A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Description: A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3182
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19768
 
Oval ID: oval:org.mitre.oval:def:19768
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3173
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20226
 
Oval ID: oval:org.mitre.oval:def:20226
Title: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
Description: Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Family: unix Class: vulnerability
Reference(s): CVE-2010-3170
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21848
 
Oval ID: oval:org.mitre.oval:def:21848
Title: RHSA-2010:0862: nss security update (Low)
Description: Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Family: unix Class: patch
Reference(s): RHSA-2010:0862-02
CVE-2010-3170
Version: 4
Platform(s): Red Hat Enterprise Linux 6
Product(s): nss
nss-softokn
nss-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22324
 
Oval ID: oval:org.mitre.oval:def:22324
Title: RHSA-2010:0780: thunderbird security update (Moderate)
Description: A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Family: unix Class: patch
Reference(s): RHSA-2010:0780-01
CESA-2010:0780
CVE-2010-3176
CVE-2010-3180
CVE-2010-3182
Version: 42
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22374
 
Oval ID: oval:org.mitre.oval:def:22374
Title: RHSA-2010:0782: firefox security update (Critical)
Description: The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.
Family: unix Class: patch
Reference(s): RHSA-2010:0782-01
CESA-2010:0782
CVE-2010-3170
CVE-2010-3173
CVE-2010-3175
CVE-2010-3176
CVE-2010-3177
CVE-2010-3178
CVE-2010-3179
CVE-2010-3180
CVE-2010-3182
CVE-2010-3183
Version: 133
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): firefox
nss
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23154
 
Oval ID: oval:org.mitre.oval:def:23154
Title: ELSA-2010:0782: firefox security update (Critical)
Description: The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.
Family: unix Class: patch
Reference(s): ELSA-2010:0782-01
CVE-2010-3170
CVE-2010-3173
CVE-2010-3175
CVE-2010-3176
CVE-2010-3177
CVE-2010-3178
CVE-2010-3179
CVE-2010-3180
CVE-2010-3182
CVE-2010-3183
Version: 45
Platform(s): Oracle Linux 5
Product(s): firefox
nss
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23160
 
Oval ID: oval:org.mitre.oval:def:23160
Title: ELSA-2010:0780: thunderbird security update (Moderate)
Description: A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Family: unix Class: patch
Reference(s): ELSA-2010:0780-01
CVE-2010-3176
CVE-2010-3180
CVE-2010-3182
Version: 17
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23275
 
Oval ID: oval:org.mitre.oval:def:23275
Title: ELSA-2010:0862: nss security update (Low)
Description: Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Family: unix Class: patch
Reference(s): ELSA-2010:0862-02
CVE-2010-3170
Version: 6
Platform(s): Oracle Linux 6
Product(s): nss
nss-softokn
nss-util
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27951
 
Oval ID: oval:org.mitre.oval:def:27951
Title: DEPRECATED: ELSA-2010-0862 -- nss security update (low)
Description: nss: [3.12.8-1.0.1.el6] - Update expired PayPalEE.cert to fix build failure - Use blank image instead of clean.gif in nss-3.12.8-stripped.tar.bz2 [3.12.8-1] - Update to 3.12.8 nss-softokn: [3.12.8-1] - Update to 3.12.8 nss-util: [3.12.7-1] - Update to 3.12.7
Family: unix Class: patch
Reference(s): ELSA-2010-0862
CVE-2010-3170
Version: 4
Platform(s): Oracle Linux 6
Product(s): nss
nss-softokn
nss-util
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 226
Application 63
Application 112

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for thunderbird CESA-2010:0780 centos5 i386
File : nvt/gb_CESA-2010_0780_thunderbird_centos5_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2010:0782 centos5 i386
File : nvt/gb_CESA-2010_0782_firefox_centos5_i386.nasl
2010-12-02 Name : Fedora Update for nss FEDORA-2010-15897
File : nvt/gb_fedora_2010_15897_nss_fc14.nasl
2010-12-02 Name : Fedora Update for nss-util FEDORA-2010-15897
File : nvt/gb_fedora_2010_15897_nss-util_fc14.nasl
2010-12-02 Name : Fedora Update for xulrunner FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_xulrunner_fc14.nasl
2010-12-02 Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_perl-Gtk2-MozEmbed_fc14.nasl
2010-12-02 Name : Fedora Update for mozvoikko FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_mozvoikko_fc14.nasl
2010-12-02 Name : Fedora Update for gnome-web-photo FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_gnome-web-photo_fc14.nasl
2010-12-02 Name : Fedora Update for gnome-python2-extras FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_gnome-python2-extras_fc14.nasl
2010-12-02 Name : Fedora Update for galeon FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_galeon_fc14.nasl
2010-12-02 Name : Fedora Update for firefox FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_firefox_fc14.nasl
2010-12-02 Name : Fedora Update for nss-softokn FEDORA-2010-15897
File : nvt/gb_fedora_2010_15897_nss-softokn_fc14.nasl
2010-11-17 Name : Debian Security Advisory DSA 2124-1 (xulrunner)
File : nvt/deb_2124_1.nasl
2010-11-17 Name : Debian Security Advisory DSA 2123-1 (nss)
File : nvt/deb_2123_1.nasl
2010-11-17 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox52.nasl
2010-11-16 Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_perl-Gtk2-MozEmbed_fc12.nasl
2010-11-16 Name : Fedora Update for xulrunner FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_xulrunner_fc12.nasl
2010-11-16 Name : SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2010:056
File : nvt/gb_suse_2010_056.nasl
2010-11-16 Name : Fedora Update for nss-softokn FEDORA-2010-15989
File : nvt/gb_fedora_2010_15989_nss-softokn_fc12.nasl
2010-11-16 Name : Fedora Update for nss-util FEDORA-2010-15989
File : nvt/gb_fedora_2010_15989_nss-util_fc12.nasl
2010-11-16 Name : Fedora Update for nss FEDORA-2010-15989
File : nvt/gb_fedora_2010_15989_nss_fc12.nasl
2010-11-16 Name : Fedora Update for mozvoikko FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_mozvoikko_fc12.nasl
2010-11-16 Name : Fedora Update for gnome-web-photo FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_gnome-web-photo_fc12.nasl
2010-11-16 Name : Fedora Update for gnome-python2-extras FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_gnome-python2-extras_fc12.nasl
2010-11-16 Name : Fedora Update for galeon FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_galeon_fc12.nasl
2010-11-16 Name : Fedora Update for firefox FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_firefox_fc12.nasl
2010-11-04 Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_perl-Gtk2-MozEmbed_fc13.nasl
2010-11-04 Name : Fedora Update for mozvoikko FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_mozvoikko_fc13.nasl
2010-11-04 Name : CentOS Update for thunderbird CESA-2010:0780 centos4 i386
File : nvt/gb_CESA-2010_0780_thunderbird_centos4_i386.nasl
2010-11-04 Name : CentOS Update for seamonkey CESA-2010:0781 centos3 i386
File : nvt/gb_CESA-2010_0781_seamonkey_centos3_i386.nasl
2010-11-04 Name : CentOS Update for seamonkey CESA-2010:0781 centos4 i386
File : nvt/gb_CESA-2010_0781_seamonkey_centos4_i386.nasl
2010-11-04 Name : CentOS Update for firefox CESA-2010:0782 centos4 i386
File : nvt/gb_CESA-2010_0782_firefox_centos4_i386.nasl
2010-11-04 Name : Fedora Update for nss-softokn FEDORA-2010-15520
File : nvt/gb_fedora_2010_15520_nss-softokn_fc13.nasl
2010-11-04 Name : Fedora Update for nss-util FEDORA-2010-15520
File : nvt/gb_fedora_2010_15520_nss-util_fc13.nasl
2010-11-04 Name : Fedora Update for firefox FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_firefox_fc13.nasl
2010-11-04 Name : Fedora Update for xulrunner FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_xulrunner_fc13.nasl
2010-11-04 Name : Fedora Update for galeon FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_galeon_fc13.nasl
2010-11-04 Name : Fedora Update for gnome-python2-extras FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_gnome-python2-extras_fc13.nasl
2010-11-04 Name : Fedora Update for gnome-web-photo FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_gnome-web-photo_fc13.nasl
2010-11-04 Name : Fedora Update for nss FEDORA-2010-15520
File : nvt/gb_fedora_2010_15520_nss_fc13.nasl
2010-10-28 Name : Mozilla Products Unspecified Vulnerability (Windows)
File : nvt/gb_mozilla_prdts_unspecified_vuln_win.nasl
2010-10-28 Name : Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows)
File : nvt/gb_mozilla_prdts_mult_xss_vuln_win.nasl
2010-10-28 Name : Mozilla Products Multiple Vulnerabilities October-10 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_win_oct10.nasl
2010-10-28 Name : Mozilla Products Multiple Unspecified Vulnerabilities (Windows)
File : nvt/gb_mozilla_prdts_mult_unspecified_vuln_win.nasl
2010-10-28 Name : Mozilla Products Multiple Unspecified Vulnerabilities October-10(Windows)
File : nvt/gb_mozilla_prdts_mult_unspecified_vuln_win01.nasl
2010-10-26 Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:211 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2010_211.nasl
2010-10-26 Name : Mandriva Update for firefox MDVSA-2010:210 (firefox)
File : nvt/gb_mandriva_MDVSA_2010_210.nasl
2010-10-22 Name : RedHat Update for thunderbird RHSA-2010:0780-01
File : nvt/gb_RHSA-2010_0780-01_thunderbird.nasl
2010-10-22 Name : RedHat Update for seamonkey RHSA-2010:0781-01
File : nvt/gb_RHSA-2010_0781-01_seamonkey.nasl
2010-10-22 Name : RedHat Update for firefox RHSA-2010:0782-01
File : nvt/gb_RHSA-2010_0782-01_firefox.nasl
2010-10-22 Name : Ubuntu Update for nss vulnerabilities USN-1007-1
File : nvt/gb_ubuntu_USN_1007_1.nasl
2010-10-22 Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-997-1
File : nvt/gb_ubuntu_USN_997_1.nasl
2010-10-22 Name : Ubuntu Update for thunderbird vulnerabilities USN-998-1
File : nvt/gb_ubuntu_USN_998_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
68854 Mozilla Multiple Products LookupGetterOrSetter Function window.__lookupGetter...

Mozilla Firefox, SeaMonkey and Thunderbird contains a flaw related to the 'LookupGetterOrSetter()' function in 'js3250.dll' failing to properly support 'window.__lookupGetter__' function calls which lack arguments. This may allow a remote attacker to execute arbitrary code via vectors related to a dangling pointer being passed to the 'JS_ValueToId()' function.
68853 Mozilla Multiple Products on Linux Unspecified Application-launch Script LD_L...

Mozilla Firefox, Thunderbird and SeaMonkey on Linux are prone to a flaw in the way they load dynamic-link libraries (DLL). The programs use a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the programs will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening the program executable file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.
68851 Mozilla Multiple Products nsBarProp Function Use-after-free Closed Window loc...

Mozilla Firefox, Thunderbird and SeaMonkey contain a use-after-free vulnerability related to the 'nsBarProp' function. This may allow a remote attacker to execute arbitrary code by accessing a closed window's locationbar property.
68850 Mozilla Multiple Products Text-rendering document.write Method Long Argument ...

Mozilla Firefox, Thunderbird and SeaMonkey are prone to an overflow condition. The text-rendering functionality fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted long argument to the document.write method, a remote attacker can potentially execute arbitrary code.
68849 Mozilla Multiple Products Javascript: URL Modal Call Crafted HTML Document Sa...

Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw related to the failure to properly handle certain javascript: URLs modal calls which open new windows and perform cross-domain navigation. This may allow a context-dependent attacker to use a crafted HTML document to bypass the Same Origin Policy.
68848 Mozilla Multiple Products Gopher Parser Crafted File / Directory Name XSS

Mozilla Firefox and SeaMonkey contain a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the file or directory names upon submission to the Gopher parser. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
68847 Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corrupti...

Mozilla Firefox, Thunderbird and SeaMonkey contain multiple flaws related to the browser engine that may allow a remote attacker to cause a denial of service via memory corruption. It is also possible, though not yet confirmed, that this may allow the execution of arbitrary code.
68846 Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corrupti...

Mozilla Firefox and Thunderbird contain a flaw related to the browser engine that may allow a remote attacker to cause a denial of service via memory corruption. It is also possible, though not yet confirmed, that this may also allow the execution of arbitrary code..
68845 Mozilla Multiple Products Browser Engine Unspecified Memory Corruption (2010-...

Mozilla Firefox contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified error in the browser engine occurs, which may be exploited by a remote attacker to cause a denial of service via memory corruption. It is possible, though not yet confirmed, that this vulnerability may allow the execution of arbitrary code as well.
68844 Mozilla Multiple Products SSL Implementation Diffie-Hellman Ephemeral Mode Mi...

Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw related to the SSL implementation's failure to properly set the minimum key length for Diffie-Hellman Ephemeral mode. This may allow a remote attacker to trivially brute-force the cryptographic protection.
68079 Mozilla Multiple Products SSL Certificate IP Address Wildcard Matching Weakness

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-12-01 IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity : Category I - VMSKEY : V0030769

Snort® IPS/IDS

Date Description
2017-09-19 Mozilla Firefox empty lookupGetter dangling pointer attempt
RuleID : 44010 - Revision : 2 - Type : BROWSER-FIREFOX
2017-09-19 Mozilla Firefox empty lookupGetter dangling pointer attempt
RuleID : 44009 - Revision : 2 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_seamonkey-101021.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-101029.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0780.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0781.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0782.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0862.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20101019_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101019_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101110_firefox_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101110_nss_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20101117_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101019_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-10-28 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-101103.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libfreebl3-101018.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner191-101118.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0781.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0782.nasl - Type : ACT_GATHER_INFO
2010-11-24 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0780.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0861.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0896.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0862.nasl - Type : ACT_GATHER_INFO
2010-11-05 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7208.nasl - Type : ACT_GATHER_INFO
2010-11-05 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-nspr-7196.nasl - Type : ACT_GATHER_INFO
2010-11-05 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-15989.nasl - Type : ACT_GATHER_INFO
2010-11-03 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2010-11-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2124.nasl - Type : ACT_GATHER_INFO
2010-11-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2123.nasl - Type : ACT_GATHER_INFO
2010-11-03 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2010-11-03 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-101028.nasl - Type : ACT_GATHER_INFO
2010-11-03 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-101028.nasl - Type : ACT_GATHER_INFO
2010-11-01 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-16885.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-15897.nasl - Type : ACT_GATHER_INFO
2010-10-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-16897.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-15520.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-101021.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-101022.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-16593.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-101021.nasl - Type : ACT_GATHER_INFO
2010-10-28 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO
2010-10-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-211.nasl - Type : ACT_GATHER_INFO
2010-10-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-210.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3611.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3514.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_315.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-998-1.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-997-1.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1007-1.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : seamonkey_209.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c4f067b9dc4a11df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-10-21 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_309.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0780.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0781.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0782.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:41:49
  • Multiple Updates