Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameMDVSA-2011:041First vendor Publication2011-03-03
VendorMandrivaLast vendor Modification2011-03-03
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. (CVE-2011-0059)

Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. (CVE-2011-0061)

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. (CVE-2010-1585)

Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run. (CVE-2011-0058)

Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection. (CVE-2011-0057)

Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an atom map issue. (CVE-2011-0056)

Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an upvarMap issue. (CVE-2011-0054)

Use-after-free vulnerability in the JSON.stringify method in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors. (CVE-2011-0055)

Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. (CVE-2011-0051)

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. (CVE-2011-0062)

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and are being provided as updates.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:041

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-399Resource Management Errors
CWE-20Improper Input Validation
CWE-352Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12532
 
Oval ID: oval:org.mitre.oval:def:12532
Title: Remote code execution vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 through ParanoidFragmentSink protection mechanism
Description: The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1585
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14211
 
Oval ID: oval:org.mitre.oval:def:14211
Title: Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.
Description: Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0051
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14018
 
Oval ID: oval:org.mitre.oval:def:14018
Title: Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue.
Description: Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0054
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14476
 
Oval ID: oval:org.mitre.oval:def:14476
Title: Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection.
Description: Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0055
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14013
 
Oval ID: oval:org.mitre.oval:def:14013
Title: Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue.
Description: Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0056
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14200
 
Oval ID: oval:org.mitre.oval:def:14200
Title: Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.
Description: Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0057
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14254
 
Oval ID: oval:org.mitre.oval:def:14254
Title: Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.
Description: Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0058
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14473
 
Oval ID: oval:org.mitre.oval:def:14473
Title: Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.
Description: Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0059
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13720
 
Oval ID: oval:org.mitre.oval:def:13720
Title: USN-1049-1 -- firefox, firefox-{3.0,3.5}, xulrunner-1.9.2 vulnerabilities
Description: Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Zach Hoffman discovered that a recursive call to eval wrapped in a try/catch statement places the browser into a inconsistent state. An attacker could exploit this to force a user to accept any dialog. It was discovered that memory was used after being freed in a method used by JSON.stringify. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Daniel Kozlowski discovered that a JavaScript Worker kept a reference to memory after it was freed. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alex Miller discovered a buffer overflow in the browser rendering engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privlieges. Jordi Chancel discovered a buffer overlow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Peleus Uhley discovered a CSRF vulnerability in the plugin code related to 307 redirects. This could allow custom headers to be forwarded across origins
Family: unix Class: patch
Reference(s): USN-1049-1
CVE-2011-0053
CVE-2011-0062
CVE-2011-0051
CVE-2011-0055
CVE-2011-0054
CVE-2011-0056
CVE-2011-0057
CVE-2011-0058
CVE-2010-1585
CVE-2011-0061
CVE-2011-0059
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): firefox
firefox-3.0
firefox-3.5
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13679
 
Oval ID: oval:org.mitre.oval:def:13679
Title: USN-1049-2 -- firefox, firefox-{3.0,3.5}, xulrunner-1.9.2 vulnerabilities
Description: USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Zach Hoffman discovered that a recursive call to eval wrapped in a try/catch statement places the browser into a inconsistent state. An attacker could exploit this to force a user to accept any dialog. It was discovered that memory was used after being freed in a method used by JSON.stringify. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Daniel Kozlowski discovered that a JavaScript Worker kept a reference to memory after it was freed. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alex Miller discovered a buffer overflow in the browser rendering engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privlieges. Jordi Chancel discovered a buffer overlow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Peleus Uhley discovered a CSRF vulnerability in the plugin code related to 307 redirects. This could allow custom headers to be forwarded across origins
Family: unix Class: patch
Reference(s): USN-1049-2
CVE-2011-0053
CVE-2011-0062
CVE-2011-0051
CVE-2011-0055
CVE-2011-0054
CVE-2011-0056
CVE-2011-0057
CVE-2011-0058
CVE-2010-1585
CVE-2011-0061
CVE-2011-0059
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): firefox
firefox-3.0
firefox-3.5
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12843
 
Oval ID: oval:org.mitre.oval:def:12843
Title: DSA-2180-1 iceape -- several
Description: Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSink was incomplete. CVE-2011-0051 Zach Hoffmann discovered that incorrect parsing of recursive eval calls could lead to attackers forcing acceptance of a confirmation dialogue. CVE-2011-0053 Crashes in the layout engine may lead to the execution of arbitrary code. CVE-2011-0054 Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. CVE-2010-0056 Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. CVE-2011-0055 "regenrecht" and Igor Bukanov discovered a use-after-free error in the JSON-Implementation, which could lead to the execution of arbitrary code. CVE-2011-0057 Daniel Kozlowski discovered that incorrect memory handling the web workers implementation could lead to the execution of arbitrary code. CVE-2011-0059 Peleus Uhley discovered a cross-site request forgery risk in the plugin code. The oldstable distribution is not affected. The iceape package only provides the XPCOM code.
Family: unix Class: patch
Reference(s): DSA-2180-1
CVE-2010-1585
CVE-2011-0051
CVE-2011-0053
CVE-2011-0054
CVE-2011-0055
CVE-2011-0056
CVE-2011-0057
CVE-2011-0059
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): iceape
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14486
 
Oval ID: oval:org.mitre.oval:def:14486
Title: Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
Description: Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0061
Version: 18
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13417
 
Oval ID: oval:org.mitre.oval:def:13417
Title: USN-1050-1 -- thunderbird vulnerabilities
Description: Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privlieges. Jordi Chancel discovered a buffer overlow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program
Family: unix Class: patch
Reference(s): USN-1050-1
CVE-2011-0053
CVE-2011-0062
CVE-2010-1585
CVE-2011-0061
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21522
 
Oval ID: oval:org.mitre.oval:def:21522
Title: RHSA-2011:0311: thunderbird security update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2011:0311-01
CVE-2010-1585
CVE-2011-0053
CVE-2011-0061
CVE-2011-0062
Version: 55
Platform(s): Red Hat Enterprise Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21214
 
Oval ID: oval:org.mitre.oval:def:21214
Title: RHSA-2011:0310: firefox security and bug fix update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2011:0310-01
CVE-2010-1585
CVE-2011-0051
CVE-2011-0053
CVE-2011-0054
CVE-2011-0055
CVE-2011-0056
CVE-2011-0057
CVE-2011-0058
CVE-2011-0059
CVE-2011-0061
CVE-2011-0062
Version: 146
Platform(s): Red Hat Enterprise Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14409
 
Oval ID: oval:org.mitre.oval:def:14409
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0062
Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23640
 
Oval ID: oval:org.mitre.oval:def:23640
Title: ELSA-2011:0311: thunderbird security update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2011:0311-01
CVE-2010-1585
CVE-2011-0053
CVE-2011-0061
CVE-2011-0062
Version: 21
Platform(s): Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23573
 
Oval ID: oval:org.mitre.oval:def:23573
Title: ELSA-2011:0310: firefox security and bug fix update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2011:0310-01
CVE-2010-1585
CVE-2011-0051
CVE-2011-0053
CVE-2011-0054
CVE-2011-0055
CVE-2011-0056
CVE-2011-0057
CVE-2011-0058
CVE-2011-0059
CVE-2011-0061
CVE-2011-0062
Version: 49
Platform(s): Oracle Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application101
Application56
Application81

OpenVAS Exploits

DateDescription
2012-07-09Name : RedHat Update for thunderbird RHSA-2011:0311-01
File : nvt/gb_RHSA-2011_0311-01_thunderbird.nasl
2011-05-12Name : Debian Security Advisory DSA 2186-1 (iceweasel)
File : nvt/deb_2186_1.nasl
2011-05-12Name : Debian Security Advisory DSA 2187-1 (icedove)
File : nvt/deb_2187_1.nasl
2011-05-10Name : Ubuntu Update for xulrunner-1.9.1 USN-1123-1
File : nvt/gb_ubuntu_USN_1123_1.nasl
2011-03-15Name : Mandriva Update for mozilla-thunderbird MDVSA-2011:042 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2011_042.nasl
2011-03-15Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-2
File : nvt/gb_ubuntu_USN_1049_2.nasl
2011-03-10Name : Mozilla Products Multiple Vulnerabilities March-11 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_win_mar11.nasl
2011-03-10Name : Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities March-11...
File : nvt/gb_mozilla_prdts_be_mult_unspecified_vuln_win_mar11.nasl
2011-03-10Name : Mozilla Products Buffer Overflow Vulnerability March-11 (Windows)
File : nvt/gb_mozilla_prdts_bof_vuln_win_mar11.nasl
2011-03-09Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox54.nasl
2011-03-09Name : Debian Security Advisory DSA 2180-1 (iceape)
File : nvt/deb_2180_1.nasl
2011-03-08Name : Mandriva Update for firefox MDVSA-2011:041 (firefox)
File : nvt/gb_mandriva_MDVSA_2011_041.nasl
2011-03-07Name : CentOS Update for firefox CESA-2011:0310 centos4 i386
File : nvt/gb_CESA-2011_0310_firefox_centos4_i386.nasl
2011-03-07Name : CentOS Update for thunderbird CESA-2011:0312 centos4 i386
File : nvt/gb_CESA-2011_0312_thunderbird_centos4_i386.nasl
2011-03-07Name : CentOS Update for seamonkey CESA-2011:0313 centos4 i386
File : nvt/gb_CESA-2011_0313_seamonkey_centos4_i386.nasl
2011-03-07Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-1
File : nvt/gb_ubuntu_USN_1049_1.nasl
2011-03-07Name : Ubuntu Update for thunderbird vulnerabilities USN-1050-1
File : nvt/gb_ubuntu_USN_1050_1.nasl
2011-03-07Name : RedHat Update for firefox RHSA-2011:0310-01
File : nvt/gb_RHSA-2011_0310-01_firefox.nasl
2011-03-07Name : RedHat Update for thunderbird RHSA-2011:0312-01
File : nvt/gb_RHSA-2011_0312-01_thunderbird.nasl
2011-03-07Name : RedHat Update for seamonkey RHSA-2011:0313-01
File : nvt/gb_RHSA-2011_0313-01_seamonkey.nasl
2010-05-04Name : Mozilla Firefox Code Execution Vulnerability (Win) - May10
File : nvt/gb_firefox_code_exe_vuln_win_may10.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
72467Mozilla Multiple Products Plugin Request 307 Redirect Response CSRF
72466Mozilla Multiple Products JPEG Image Decoding Overflow
72465Mozilla Multiple Products ParanoidFragmentSink nsIScriptableUnescapeHTML.pars...
72461Mozilla Multiple Products Layout Objects Long Text Run Overflow
72460Mozilla Multiple Products Web Workers Garbage Collection Use-after-free Remot...
72459Mozilla Multiple Products Baseline JavaScript Internal String Mapping Atom Ma...
72458Mozilla Multiple Products Non-Local JavaScript Internal Memory Mapping Overflow
72457Mozilla Multiple Products js3250.dll JSON.stringify() Method js_HasOwnPropert...
72456Mozilla Multiple Products try/catch Statement eval() Recursive Call Handling ...
72454Mozilla Multiple Products JSObject::dropProperty Memory Corruption
64150Mozilla Firefox nsIScriptableUnescapeHTML.parseFragment Method Multiple Eleme...

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_mozilla-js192-110307.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_seamonkey-110302.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_seamonkey-110307.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_MozillaThunderbird-110314.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_mozilla-xulrunner191-110302.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-110307.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-110302.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0310.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0311.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0312.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0313.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0374.nasl - Type : ACT_GATHER_INFO
2013-01-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110301_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20110301_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20110301_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110301_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7421.nasl - Type : ACT_GATHER_INFO
2011-06-13Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1123-1.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_mozilla-xulrunner191-110302.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-110308.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-110302.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-110302.nasl - Type : ACT_GATHER_INFO
2011-03-24Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2011-0374.nasl - Type : ACT_GATHER_INFO
2011-03-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0374.nasl - Type : ACT_GATHER_INFO
2011-03-14Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner191-110303.nasl - Type : ACT_GATHER_INFO
2011-03-14Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-110307.nasl - Type : ACT_GATHER_INFO
2011-03-14Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner191-7363.nasl - Type : ACT_GATHER_INFO
2011-03-11Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2186.nasl - Type : ACT_GATHER_INFO
2011-03-11Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2187.nasl - Type : ACT_GATHER_INFO
2011-03-08Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-042.nasl - Type : ACT_GATHER_INFO
2011-03-08Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1049-2.nasl - Type : ACT_GATHER_INFO
2011-03-07Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-041.nasl - Type : ACT_GATHER_INFO
2011-03-04Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2180.nasl - Type : ACT_GATHER_INFO
2011-03-03Name : The remote Windows host contains a web browser affected by multiple vulnerabi...
File : mozilla_firefox_3517.nasl - Type : ACT_GATHER_INFO
2011-03-03Name : The remote Windows host contains a web browser affected by multiple vulnerabi...
File : mozilla_firefox_3614.nasl - Type : ACT_GATHER_INFO
2011-03-03Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1049-1.nasl - Type : ACT_GATHER_INFO
2011-03-03Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1050-1.nasl - Type : ACT_GATHER_INFO
2011-03-03Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_318.nasl - Type : ACT_GATHER_INFO
2011-03-03Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2011-0310.nasl - Type : ACT_GATHER_INFO
2011-03-03Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2011-0312.nasl - Type : ACT_GATHER_INFO
2011-03-03Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0313.nasl - Type : ACT_GATHER_INFO
2011-03-03Name : The remote Windows host contains a web browser affected by multiple vulnerabi...
File : seamonkey_2012.nasl - Type : ACT_GATHER_INFO
2011-03-02Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_45f102cd445611e095804061862b8c22.nasl - Type : ACT_GATHER_INFO
2011-03-02Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0310.nasl - Type : ACT_GATHER_INFO
2011-03-02Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0311.nasl - Type : ACT_GATHER_INFO
2011-03-02Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-0312.nasl - Type : ACT_GATHER_INFO
2011-03-02Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0313.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:42:06
  • Multiple Updates