Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2011:142 | First vendor Publication | 2011-10-01 |
Vendor | Mandriva | Last vendor Modification | 2011-10-01 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Security issues were identified and fixed in mozilla firefox and thunderbird: Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site (CVE-2011-2372). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-2995). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-2997). Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values (CVE-2011-3000). Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error (CVE-2011-3001). Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file (CVE-2011-3005). YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript (CVE-2011-3232). |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:142 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
40 % | CWE-264 | Permissions, Privileges, and Access Controls |
40 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
20 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13854 | |||
Oval ID: | oval:org.mitre.oval:def:13854 | ||
Title: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2372 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13911 | |||
Oval ID: | oval:org.mitre.oval:def:13911 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2997 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13957 | |||
Oval ID: | oval:org.mitre.oval:def:13957 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2995 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14352 | |||
Oval ID: | oval:org.mitre.oval:def:14352 | ||
Title: | Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. | ||
Description: | Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3005 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14361 | |||
Oval ID: | oval:org.mitre.oval:def:14361 | ||
Title: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3000 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14408 | |||
Oval ID: | oval:org.mitre.oval:def:14408 | ||
Title: | YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | ||
Description: | YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3232 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14442 | |||
Oval ID: | oval:org.mitre.oval:def:14442 | ||
Title: | Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. | ||
Description: | Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3001 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14709 | |||
Oval ID: | oval:org.mitre.oval:def:14709 | ||
Title: | DSA-2312-1 iceape -- several | ||
Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. The oldstable distribution is not affected. The iceape package only provides the XPCOM code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2312-1 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14910 | |||
Oval ID: | oval:org.mitre.oval:def:14910 | ||
Title: | DSA-2317-1 icedove -- several | ||
Description: | CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. As indicated in the Lenny release notes, security support for the Icedove packages in the oldstable needed to be stopped before the end of the regular Lenny security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a different mail client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2317-1 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15132 | |||
Oval ID: | oval:org.mitre.oval:def:15132 | ||
Title: | DSA-2313-1 iceweasel -- several | ||
Description: | Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2313-1 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20680 | |||
Oval ID: | oval:org.mitre.oval:def:20680 | ||
Title: | USN-1210-1 -- firefox, xulrunner-1.9.2 vulnerabilities | ||
Description: | Multiple vulnerabilities have been fixed in Firefox and Xulrunner. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1210-1 CVE-2011-2995 CVE-2011-2996 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | firefox xulrunner-1.9.2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21120 | |||
Oval ID: | oval:org.mitre.oval:def:21120 | ||
Title: | USN-1213-1 -- thunderbird vulnerabilities | ||
Description: | Multiple vulnerabilities were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1213-1 CVE-2011-2995 CVE-2011-2996 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.10 Ubuntu 10.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21218 | |||
Oval ID: | oval:org.mitre.oval:def:21218 | ||
Title: | USN-1222-2 -- mozvoikko, ubufox, webfav update | ||
Description: | This update provides packages compatible with Firefox 7. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1222-2 CVE-2011-2995 CVE-2011-2997 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3005 CVE-2011-3232 | Version: | 5 |
Platform(s): | Ubuntu 11.04 | Product(s): | mozvoikko ubufox webfav |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22072 | |||
Oval ID: | oval:org.mitre.oval:def:22072 | ||
Title: | RHSA-2011:1342: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1342-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 68 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22193 | |||
Oval ID: | oval:org.mitre.oval:def:22193 | ||
Title: | RHSA-2011:1341: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1341-01 CESA-2011:1341 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 68 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22791 | |||
Oval ID: | oval:org.mitre.oval:def:22791 | ||
Title: | ELSA-2011:1342: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1342-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 25 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22973 | |||
Oval ID: | oval:org.mitre.oval:def:22973 | ||
Title: | DEPRECATED: ELSA-2011:1341: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1341-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23500 | |||
Oval ID: | oval:org.mitre.oval:def:23500 | ||
Title: | ELSA-2011:1341: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1341-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 25 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27971 | |||
Oval ID: | oval:org.mitre.oval:def:27971 | ||
Title: | DEPRECATED: ELSA-2011-1342 -- thunderbird security update (critical) | ||
Description: | [3.1.15-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.15-1] - Update to 3.1.15 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1342 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for firefox CESA-2011:1341 centos5 x86_64 File : nvt/gb_CESA-2011_1341_firefox_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2011:1341 centos4 x86_64 File : nvt/gb_CESA-2011_1341_firefox_centos4_x86_64.nasl |
2012-07-09 | Name : RedHat Update for thunderbird RHSA-2011:1342-01 File : nvt/gb_RHSA-2011_1342-01_thunderbird.nasl |
2012-05-24 | Name : Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows) File : nvt/secpod_apple_safari_mult_vuln_win_oct11.nasl |
2011-10-20 | Name : Apple iTunes Multiple Vulnerabilities - Oct 11 File : nvt/gb_apple_itunes_mult_vuln_oct11_win.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2313-1 (iceweasel) File : nvt/deb_2313_1.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2312-1 (iceape) File : nvt/deb_2312_1.nasl |
2011-10-16 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox59.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2317-1 (icedove) File : nvt/deb_2317_1.nasl |
2011-10-14 | Name : Mozilla Products 'YARR' Code Execution Vulnerability (MAC OS X) File : nvt/gb_mozilla_prdts_yarr_code_exec_vuln_macosx.nasl |
2011-10-14 | Name : Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (MAC OS X) File : nvt/gb_mozilla_prdts_browser_engine_mult_vuln_macosx.nasl |
2011-10-14 | Name : Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption... File : nvt/gb_mozilla_prdts_dialog_bypass_n_use_after_free_mem_crptn_vuln_macosx.nasl |
2011-10-14 | Name : Mozilla Products Multiple Vulnerabilities - Oct 2011 (MAC OS X) File : nvt/gb_mozilla_prdts_mult_vuln_macosx_oct11.nasl |
2011-10-10 | Name : Ubuntu Update for mozvoikko USN-1222-2 File : nvt/gb_ubuntu_USN_1222_2.nasl |
2011-10-04 | Name : Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption... File : nvt/gb_mozilla_prdts_dialog_bypass_n_use_after_free_mem_crptn_vuln_win.nasl |
2011-10-04 | Name : Mozilla Products 'YARR' Code Execution Vulnerability (Windows) File : nvt/gb_mozilla_prdts_yarr_code_exec_vuln_win.nasl |
2011-10-04 | Name : Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_oct11.nasl |
2011-10-04 | Name : Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (Windows) File : nvt/gb_mozilla_prdts_browser_engine_mult_vuln_win.nasl |
2011-10-04 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2011:140 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2011_140.nasl |
2011-10-04 | Name : Mandriva Update for firefox MDVSA-2011:139 (firefox) File : nvt/gb_mandriva_MDVSA_2011_139.nasl |
2011-09-30 | Name : CentOS Update for firefox CESA-2011:1341 centos5 i386 File : nvt/gb_CESA-2011_1341_firefox_centos5_i386.nasl |
2011-09-30 | Name : Ubuntu Update for firefox USN-1210-1 File : nvt/gb_ubuntu_USN_1210_1.nasl |
2011-09-30 | Name : Ubuntu Update for thunderbird USN-1213-1 File : nvt/gb_ubuntu_USN_1213_1.nasl |
2011-09-30 | Name : Ubuntu Update for firefox USN-1222-1 File : nvt/gb_ubuntu_USN_1222_1.nasl |
2011-09-30 | Name : RedHat Update for firefox RHSA-2011:1341-01 File : nvt/gb_RHSA-2011_1341-01_firefox.nasl |
2011-09-30 | Name : CentOS Update for firefox CESA-2011:1341 centos4 i386 File : nvt/gb_CESA-2011_1341_firefox_centos4_i386.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
75846 | Mozilla Multiple Product Use-after-free OGG File Handling Remote Code Execution |
75844 | Mozilla Multiple Product YARR Unspecified Memory Corruption |
75841 | Mozilla Multiple Product Enter Key Download Dialog Verification Bypass |
75840 | Mozilla Multiple Product PLUGINSPAGE Enter Key Addon Installation Verificatio... |
75839 | Mozilla Multiple Product Multiple Header Handling HTTP Response Splitting Wea... |
75836 | Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2997) |
75834 | Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2995) |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla multiple content-disposition headers malicious redirect attempt RuleID : 20586 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla multiple content-length headers malicious redirect attempt RuleID : 20585 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla multiple content-type headers malicious redirect attempt RuleID : 20584 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla multiple location headers malicious redirect attempt RuleID : 20583 - Revision : 7 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_thunderbird_20120404_2.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_firefox_20121210.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-9.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-254.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-111130.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-111130.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1342.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-141.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-142.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7784.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-111114.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-111004.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7783.nasl - Type : ACT_GATHER_INFO |
2011-10-13 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari5_1_1.nasl - Type : ACT_GATHER_INFO |
2011-10-13 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_5_1_1.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_5.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_5_banner.nasl - Type : ACT_GATHER_INFO |
2011-10-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2317.nasl - Type : ACT_GATHER_INFO |
2011-10-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1222-2.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-140.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_3_6_23.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_7_0.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-139.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2312.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1222-1.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2313.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1213-1.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1210-1.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_24.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1342.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a mail client that may be affected by multip... File : mozilla_thunderbird_70.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_70.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3623.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1fade8a3e9e811e095804061862b8c22.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:42:27 |
|