Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2011:141 | First vendor Publication | 2011-10-01 |
Vendor | Mandriva | Last vendor Modification | 2011-10-01 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Security issues were identified and fixed in mozilla firefox and thunderbird: Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site (CVE-2011-2372). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-2995). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-2997). Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle location as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170 (CVE-2011-2999). Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values (CVE-2011-3000). Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error (CVE-2011-3001). Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow (CVE-2011-3002). Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation (CVE-2011-3003). The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior (CVE-2011-3004). Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file (CVE-2011-3005). YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript (CVE-2011-3232). Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression (CVE-2011-3867). |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:141 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
27 % | CWE-264 | Permissions, Privileges, and Access Controls |
27 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
18 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
9 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
9 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
9 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13854 | |||
Oval ID: | oval:org.mitre.oval:def:13854 | ||
Title: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2372 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13911 | |||
Oval ID: | oval:org.mitre.oval:def:13911 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2997 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13957 | |||
Oval ID: | oval:org.mitre.oval:def:13957 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2995 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14012 | |||
Oval ID: | oval:org.mitre.oval:def:14012 | ||
Title: | Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. | ||
Description: | Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2998 | Version: | 11 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14054 | |||
Oval ID: | oval:org.mitre.oval:def:14054 | ||
Title: | Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. | ||
Description: | Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3003 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14121 | |||
Oval ID: | oval:org.mitre.oval:def:14121 | ||
Title: | The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. | ||
Description: | The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3004 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14252 | |||
Oval ID: | oval:org.mitre.oval:def:14252 | ||
Title: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2999 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14352 | |||
Oval ID: | oval:org.mitre.oval:def:14352 | ||
Title: | Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. | ||
Description: | Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3005 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14361 | |||
Oval ID: | oval:org.mitre.oval:def:14361 | ||
Title: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3000 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14388 | |||
Oval ID: | oval:org.mitre.oval:def:14388 | ||
Title: | Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow. | ||
Description: | Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3002 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14408 | |||
Oval ID: | oval:org.mitre.oval:def:14408 | ||
Title: | YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | ||
Description: | YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3232 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14442 | |||
Oval ID: | oval:org.mitre.oval:def:14442 | ||
Title: | Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. | ||
Description: | Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3001 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14709 | |||
Oval ID: | oval:org.mitre.oval:def:14709 | ||
Title: | DSA-2312-1 iceape -- several | ||
Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. The oldstable distribution is not affected. The iceape package only provides the XPCOM code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2312-1 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14910 | |||
Oval ID: | oval:org.mitre.oval:def:14910 | ||
Title: | DSA-2317-1 icedove -- several | ||
Description: | CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. As indicated in the Lenny release notes, security support for the Icedove packages in the oldstable needed to be stopped before the end of the regular Lenny security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a different mail client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2317-1 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15132 | |||
Oval ID: | oval:org.mitre.oval:def:15132 | ||
Title: | DSA-2313-1 iceweasel -- several | ||
Description: | Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2313-1 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20680 | |||
Oval ID: | oval:org.mitre.oval:def:20680 | ||
Title: | USN-1210-1 -- firefox, xulrunner-1.9.2 vulnerabilities | ||
Description: | Multiple vulnerabilities have been fixed in Firefox and Xulrunner. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1210-1 CVE-2011-2995 CVE-2011-2996 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | firefox xulrunner-1.9.2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21120 | |||
Oval ID: | oval:org.mitre.oval:def:21120 | ||
Title: | USN-1213-1 -- thunderbird vulnerabilities | ||
Description: | Multiple vulnerabilities were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1213-1 CVE-2011-2995 CVE-2011-2996 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.10 Ubuntu 10.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21218 | |||
Oval ID: | oval:org.mitre.oval:def:21218 | ||
Title: | USN-1222-2 -- mozvoikko, ubufox, webfav update | ||
Description: | This update provides packages compatible with Firefox 7. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1222-2 CVE-2011-2995 CVE-2011-2997 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3005 CVE-2011-3232 | Version: | 5 |
Platform(s): | Ubuntu 11.04 | Product(s): | mozvoikko ubufox webfav |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21221 | |||
Oval ID: | oval:org.mitre.oval:def:21221 | ||
Title: | USN-1222-1 -- Firefox vulnerabilities | ||
Description: | Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1222-1 CVE-2011-2995 CVE-2011-2997 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3005 CVE-2011-3232 CVE-2011-3004 | Version: | 5 |
Platform(s): | Ubuntu 11.04 | Product(s): | firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22014 | |||
Oval ID: | oval:org.mitre.oval:def:22014 | ||
Title: | RHSA-2011:1343: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1343-01 CESA-2011:1343 CVE-2011-2998 CVE-2011-2999 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22072 | |||
Oval ID: | oval:org.mitre.oval:def:22072 | ||
Title: | RHSA-2011:1342: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1342-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 68 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22193 | |||
Oval ID: | oval:org.mitre.oval:def:22193 | ||
Title: | RHSA-2011:1341: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1341-01 CESA-2011:1341 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 68 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22791 | |||
Oval ID: | oval:org.mitre.oval:def:22791 | ||
Title: | ELSA-2011:1342: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1342-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 25 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22887 | |||
Oval ID: | oval:org.mitre.oval:def:22887 | ||
Title: | ELSA-2011:1343: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1343-01 CVE-2011-2998 CVE-2011-2999 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22973 | |||
Oval ID: | oval:org.mitre.oval:def:22973 | ||
Title: | DEPRECATED: ELSA-2011:1341: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1341-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23500 | |||
Oval ID: | oval:org.mitre.oval:def:23500 | ||
Title: | ELSA-2011:1341: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1341-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 25 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27971 | |||
Oval ID: | oval:org.mitre.oval:def:27971 | ||
Title: | DEPRECATED: ELSA-2011-1342 -- thunderbird security update (critical) | ||
Description: | [3.1.15-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.15-1] - Update to 3.1.15 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1342 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8602 | |||
Oval ID: | oval:org.mitre.oval:def:8602 | ||
Title: | Mozilla Firefox 'window.location' Same Origin Policy Security Bypass Vulnerability | ||
Description: | Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0170 | Version: | 12 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for firefox CESA-2011:1341 centos4 x86_64 File : nvt/gb_CESA-2011_1341_firefox_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2011:1341 centos5 x86_64 File : nvt/gb_CESA-2011_1341_firefox_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos4 x86_64 File : nvt/gb_CESA-2011_1343_thunderbird_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for seamonkey CESA-2011:1344 centos4 x86_64 File : nvt/gb_CESA-2011_1344_seamonkey_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos5 x86_64 File : nvt/gb_CESA-2011_1343_thunderbird_centos5_x86_64.nasl |
2012-07-09 | Name : RedHat Update for thunderbird RHSA-2011:1342-01 File : nvt/gb_RHSA-2011_1342-01_thunderbird.nasl |
2012-05-24 | Name : Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows) File : nvt/secpod_apple_safari_mult_vuln_win_oct11.nasl |
2011-12-23 | Name : Ubuntu Update for thunderbird USN-1254-1 File : nvt/gb_ubuntu_USN_1254_1.nasl |
2011-11-11 | Name : Mandriva Update for mozilla MDVSA-2011:169 (mozilla) File : nvt/gb_mandriva_MDVSA_2011_169.nasl |
2011-11-11 | Name : Ubuntu Update for firefox USN-1251-1 File : nvt/gb_ubuntu_USN_1251_1.nasl |
2011-10-20 | Name : Apple iTunes Multiple Vulnerabilities - Oct 11 File : nvt/gb_apple_itunes_mult_vuln_oct11_win.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2313-1 (iceweasel) File : nvt/deb_2313_1.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2312-1 (iceape) File : nvt/deb_2312_1.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2317-1 (icedove) File : nvt/deb_2317_1.nasl |
2011-10-16 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox59.nasl |
2011-10-14 | Name : Mozilla Products Multiple Vulnerabilities - (MAC OS X) File : nvt/gb_mozilla_prdts_mult_vuln_macosx.nasl |
2011-10-14 | Name : Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (MAC OS X) File : nvt/gb_mozilla_prdts_browser_engine_mult_vuln_macosx.nasl |
2011-10-14 | Name : Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (MAC ... File : nvt/gb_mozilla_firefox_mem_corrpt_n_int_underflow_vuln_macosx.nasl |
2011-10-14 | Name : Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption... File : nvt/gb_mozilla_prdts_dialog_bypass_n_use_after_free_mem_crptn_vuln_macosx.nasl |
2011-10-14 | Name : Mozilla Firefox and SeaMonkey 'loadSubScript()' Security Bypass Vulnerability... File : nvt/gb_mozilla_prdts_load_subscript_sec_bypass_vuln_macosx.nasl |
2011-10-14 | Name : Mozilla Products 'YARR' Code Execution Vulnerability (MAC OS X) File : nvt/gb_mozilla_prdts_yarr_code_exec_vuln_macosx.nasl |
2011-10-14 | Name : Mozilla Products Multiple Vulnerabilities - Oct 2011 (MAC OS X) File : nvt/gb_mozilla_prdts_mult_vuln_macosx_oct11.nasl |
2011-10-14 | Name : Mozilla Products Same Origin Policy Bypass Vulnerability (MAC OS X) File : nvt/gb_mozilla_prdts_sec_bypass_vuln_macosx.nasl |
2011-10-10 | Name : Ubuntu Update for mozvoikko USN-1222-2 File : nvt/gb_ubuntu_USN_1222_2.nasl |
2011-10-04 | Name : Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows 01) File : nvt/gb_mozilla_prdts_mult_vuln_win01_oct11.nasl |
2011-10-04 | Name : Mozilla Firefox and SeaMonkey 'loadSubScript()' Security Bypass Vulnerability File : nvt/gb_mozilla_prdts_load_subscript_sec_bypass_vuln_win.nasl |
2011-10-04 | Name : Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_oct11.nasl |
2011-10-04 | Name : Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption... File : nvt/gb_mozilla_prdts_dialog_bypass_n_use_after_free_mem_crptn_vuln_win.nasl |
2011-10-04 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2011:140 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2011_140.nasl |
2011-10-04 | Name : Mozilla Products Same Origin Policy Bypass Vulnerability (Windows) File : nvt/gb_mozilla_prdts_sec_bypass_vuln_win.nasl |
2011-10-04 | Name : Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (Windows) File : nvt/gb_mozilla_prdts_browser_engine_mult_vuln_win.nasl |
2011-10-04 | Name : Mozilla Products 'YARR' Code Execution Vulnerability (Windows) File : nvt/gb_mozilla_prdts_yarr_code_exec_vuln_win.nasl |
2011-10-04 | Name : Mandriva Update for firefox MDVSA-2011:139 (firefox) File : nvt/gb_mandriva_MDVSA_2011_139.nasl |
2011-10-04 | Name : Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (Wind... File : nvt/gb_mozilla_firefox_mem_corrpt_n_int_underflow_vuln_win.nasl |
2011-09-30 | Name : CentOS Update for seamonkey CESA-2011:1344 centos4 i386 File : nvt/gb_CESA-2011_1344_seamonkey_centos4_i386.nasl |
2011-09-30 | Name : CentOS Update for firefox CESA-2011:1341 centos4 i386 File : nvt/gb_CESA-2011_1341_firefox_centos4_i386.nasl |
2011-09-30 | Name : CentOS Update for firefox CESA-2011:1341 centos5 i386 File : nvt/gb_CESA-2011_1341_firefox_centos5_i386.nasl |
2011-09-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos4 i386 File : nvt/gb_CESA-2011_1343_thunderbird_centos4_i386.nasl |
2011-09-30 | Name : Ubuntu Update for firefox USN-1222-1 File : nvt/gb_ubuntu_USN_1222_1.nasl |
2011-09-30 | Name : Ubuntu Update for thunderbird USN-1213-1 File : nvt/gb_ubuntu_USN_1213_1.nasl |
2011-09-30 | Name : Ubuntu Update for firefox USN-1210-1 File : nvt/gb_ubuntu_USN_1210_1.nasl |
2011-09-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos5 i386 File : nvt/gb_CESA-2011_1343_thunderbird_centos5_i386.nasl |
2011-09-30 | Name : RedHat Update for firefox RHSA-2011:1341-01 File : nvt/gb_RHSA-2011_1341-01_firefox.nasl |
2011-09-30 | Name : RedHat Update for thunderbird RHSA-2011:1343-01 File : nvt/gb_RHSA-2011_1343-01_thunderbird.nasl |
2011-09-30 | Name : RedHat Update for seamonkey RHSA-2011:1344-01 File : nvt/gb_RHSA-2011_1344-01_seamonkey.nasl |
2010-04-29 | Name : Mandriva Update for firefox MDVSA-2010:070-1 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070_1.nasl |
2010-04-19 | Name : Mandriva Update for firefox MDVA-2010:121 (firefox) File : nvt/gb_mandriva_MDVA_2010_121.nasl |
2010-04-16 | Name : Mandriva Update for firefox-ext-plasmanotify MDVA-2010:118 (firefox-ext-plasm... File : nvt/gb_mandriva_MDVA_2010_118.nasl |
2010-04-16 | Name : Mandriva Update for firefox MDVSA-2010:070 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070.nasl |
2010-03-30 | Name : Firefox Multiple Vulnerabilities Mar-10 (Linux) File : nvt/secpod_firefox_mult_vuln_mar10_lin.nasl |
2010-03-30 | Name : Firefox Multiple Vulnerabilities Mar-10 (Win) File : nvt/secpod_firefox_mult_vuln_mar10_win.nasl |
2010-02-22 | Name : Mandriva Update for blogtk MDVA-2010:070-1 (blogtk) File : nvt/gb_mandriva_MDVA_2010_070_1.nasl |
2010-02-19 | Name : Mandriva Update for blogtk MDVA-2010:070 (blogtk) File : nvt/gb_mandriva_MDVA_2010_070.nasl |
0000-00-00 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox61.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
75846 | Mozilla Multiple Product Use-after-free OGG File Handling Remote Code Execution |
75845 | Mozilla Multiple Product loadSubScript Method XPCNativeWrappers Unwrapping Re... |
75844 | Mozilla Multiple Product YARR Unspecified Memory Corruption |
75843 | Mozilla Multiple Product WebGL Test Case Unspecified Out-of-bounds Write Memo... |
75842 | Mozilla Multiple Product WebGL ANGLE GrowAtomTable() Function Overflow |
75841 | Mozilla Multiple Product Enter Key Download Dialog Verification Bypass |
75840 | Mozilla Multiple Product PLUGINSPAGE Enter Key Addon Installation Verificatio... |
75839 | Mozilla Multiple Product Multiple Header Handling HTTP Response Splitting Wea... |
75838 | Mozilla Multiple Product window.location Named Frame Creation Same Origin Pol... |
75837 | Mozilla Firefox Regular Expression Unspecified Underflow |
75836 | Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2997) |
75834 | Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2995) |
63271 | Mozilla Firefox Plugins window.location Same Origin Policy Bypass XSS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla multiple content-disposition headers malicious redirect attempt RuleID : 20586 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla multiple content-length headers malicious redirect attempt RuleID : 20585 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla multiple content-type headers malicious redirect attempt RuleID : 20584 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla multiple location headers malicious redirect attempt RuleID : 20583 - Revision : 7 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_thunderbird_20120404_2.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_firefox_20121210.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-111130.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-9.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-254.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-111130.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1344.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1343.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1342.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-141.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-142.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-12-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1254-1.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-111114.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-111004.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7784.nasl - Type : ACT_GATHER_INFO |
2011-11-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1251-1.nasl - Type : ACT_GATHER_INFO |
2011-11-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-169.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7783.nasl - Type : ACT_GATHER_INFO |
2011-10-13 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari5_1_1.nasl - Type : ACT_GATHER_INFO |
2011-10-13 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_5_1_1.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_5.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_5_banner.nasl - Type : ACT_GATHER_INFO |
2011-10-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2317.nasl - Type : ACT_GATHER_INFO |
2011-10-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1222-2.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-139.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_3_6_23.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-140.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_7_0.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1344.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2312.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2313.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1222-1.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-1343.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a mail client that may be affected by multip... File : mozilla_thunderbird_70.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-1343.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1fade8a3e9e811e095804061862b8c22.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3623.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_70.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1213-1.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1342.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1344.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_24.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1210-1.nasl - Type : ACT_GATHER_INFO |
2011-08-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_60.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote Windows host contains a mail client that may be affected by multip... File : mozilla_thunderbird_60.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_23.nasl - Type : ACT_GATHER_INFO |
2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-070.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote Windows host contains a web browser that is affected by Multiple V... File : mozilla_firefox_362.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:42:27 |
|
2012-12-19 13:26:50 |
|