Executive Summary
Summary | |
---|---|
Title | Updated mozilla packages fix security issues |
Informations | |||
---|---|---|---|
Name | RHSA-2004:421 | First vendor Publication | 2004-08-04 |
Vendor | RedHat | Last vendor Modification | 2004-08-04 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated mozilla packages based on version 1.4.3 that fix a number of security issues for Red Hat Enterprise Linux are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A number of flaws have been found in Mozilla 1.4 that have been fixed in the Mozilla 1.4.3 release: Zen Parse reported improper input validation to the SOAPParameter object constructor leading to an integer overflow and controllable heap corruption. Malicious JavaScript could be written to utilize this flaw and could allow arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0722 to this issue. During a source code audit, Chris Evans discovered a buffer overflow and integer overflows which affect the libpng code inside Mozilla. An attacker could create a carefully crafted PNG file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image was viewed. (CAN-2004-0597, CAN-2004-0599) Zen Parse reported a flaw in the POP3 capability. A malicious POP3 server could send a carefully crafted response that would cause a heap overflow and potentially allow execution of arbitrary code as the user running Mozilla. (CAN-2004-0757) Marcel Boesch found a flaw that allows a CA certificate to be imported with a DN the same as that of the built-in CA root certificates, which can cause a denial of service to SSL pages, as the malicious certificate is treated as invalid. (CAN-2004-0758) Met - Martin Hassman reported a flaw in Mozilla that could allow malicious Javascript code to upload local files from a users machine without requiring confirmation. (CAN-2004-0759) Mindlock Security reported a flaw in ftp URI handling. By using a NULL character (%00) in a ftp URI, Mozilla can be confused into opening a resource as a different MIME type. (CAN-2004-0760) Mozilla does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates website spoofing and other attacks, also known as the frame injection vulnerability. (CAN-2004-0718) Tolga Tarhan reported a flaw that can allow a malicious webpage to use a redirect sequence to spoof the security lock icon that makes a webpage appear to be encrypted. (CAN-2004-0761) Jesse Ruderman reported a security issue that affects a number of browsers including Mozilla that could allow malicious websites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. (CAN-2004-0762) Emmanouel Kellinis discovered a caching flaw in Mozilla which allows malicious websites to spoof certificates of trusted websites via redirects and Javascript that uses the "onunload" method. (CAN-2004-0763) Mozilla allowed malicious websites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files. (CAN-2004-0764) The cert_TestHostName function in Mozilla only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN). This flaw could be used for spoofing if an attacker had control of machines on a default DNS search path. (CAN-2004-0765) All users are advised to update to these erratum packages which contain a snapshot of Mozilla 1.4.3 including backported fixes and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 127338 - CAN-2004-0718 frame injection (spoofing) vuln in Mozilla before 1.7 127186 - CAN-2004-0758 Overriding built-in certificate leading to error -8182 (DoS), especially exploitable by email |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2004-421.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-72 | URL Encoding |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10032 | |||
Oval ID: | oval:org.mitre.oval:def:10032 | ||
Title: | Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. | ||
Description: | Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0762 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10304 | |||
Oval ID: | oval:org.mitre.oval:def:10304 | ||
Title: | Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid. | ||
Description: | Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0758 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10938 | |||
Oval ID: | oval:org.mitre.oval:def:10938 | ||
Title: | Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image. | ||
Description: | Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0599 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11042 | |||
Oval ID: | oval:org.mitre.oval:def:11042 | ||
Title: | Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code. | ||
Description: | Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0757 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11090 | |||
Oval ID: | oval:org.mitre.oval:def:11090 | ||
Title: | Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. | ||
Description: | Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0760 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11153 | |||
Oval ID: | oval:org.mitre.oval:def:11153 | ||
Title: | Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an input type="file" tag. | ||
Description: | Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0759 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11162 | |||
Oval ID: | oval:org.mitre.oval:def:11162 | ||
Title: | The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates. | ||
Description: | The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0765 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11284 | |||
Oval ID: | oval:org.mitre.oval:def:11284 | ||
Title: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Description: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0597 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1227 | |||
Oval ID: | oval:org.mitre.oval:def:1227 | ||
Title: | Mozilla FTP URI MIME Type Exploit Vulnerability | ||
Description: | Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0760 | Version: | 1 |
Platform(s): | Sun Solaris 8 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1479 | |||
Oval ID: | oval:org.mitre.oval:def:1479 | ||
Title: | Integer Overflow in libpng via Malformed PNG Image | ||
Description: | Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0599 | Version: | 1 |
Platform(s): | Sun Solaris 7 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2274 | |||
Oval ID: | oval:org.mitre.oval:def:2274 | ||
Title: | Windows Messenger 5 libpng Buffer Overflow | ||
Description: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0597 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Data Access Components 2.8 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:2378 | |||
Oval ID: | oval:org.mitre.oval:def:2378 | ||
Title: | Multiple Buffer Overflows in libpng | ||
Description: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0597 | Version: | 1 |
Platform(s): | Sun Solaris 7 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2418 | |||
Oval ID: | oval:org.mitre.oval:def:2418 | ||
Title: | Mozilla, Firefox, Thunderbird User Interface Hijacking Vulnerability | ||
Description: | Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0764 | Version: | 1 |
Platform(s): | Sun Solaris 8 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3134 | |||
Oval ID: | oval:org.mitre.oval:def:3134 | ||
Title: | Mozilla CA Certificate DoS | ||
Description: | Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0758 | Version: | 1 |
Platform(s): | Sun Solaris 8 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3250 | |||
Oval ID: | oval:org.mitre.oval:def:3250 | ||
Title: | Mozilla, Firefox, Thunderbird POP3 SendUidl Buffer Overflow | ||
Description: | Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0757 | Version: | 1 |
Platform(s): | Sun Solaris 8 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3603 | |||
Oval ID: | oval:org.mitre.oval:def:3603 | ||
Title: | Mozilla, Firefox, Thunderbird Security Lock Icon Spoof Vulnerability | ||
Description: | Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0761 | Version: | 1 |
Platform(s): | Sun Solaris 8 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3989 | |||
Oval ID: | oval:org.mitre.oval:def:3989 | ||
Title: | Mozilla Firefox Certificate Spoofing Vulnerability | ||
Description: | Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0763 | Version: | 1 |
Platform(s): | Sun Solaris 8 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4403 | |||
Oval ID: | oval:org.mitre.oval:def:4403 | ||
Title: | Mozilla, Firefox, Thunderbird XPInstall Security Vulnerability | ||
Description: | Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0762 | Version: | 1 |
Platform(s): | Sun Solaris 8 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4492 | |||
Oval ID: | oval:org.mitre.oval:def:4492 | ||
Title: | Adobe Acrobat Reader libpng Buffer Overflow | ||
Description: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0597 | Version: | 2 |
Platform(s): | Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Adobe Acrobat Reader |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4629 | |||
Oval ID: | oval:org.mitre.oval:def:4629 | ||
Title: | Mozilla, Netscape SOAPParameter Integer Overflow | ||
Description: | Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0722 | Version: | 1 |
Platform(s): | Sun Solaris 8 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4756 | |||
Oval ID: | oval:org.mitre.oval:def:4756 | ||
Title: | Mozilla, Firebird, Firefox Frame Injection Vulnerability | ||
Description: | The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0718 | Version: | 1 |
Platform(s): | Sun Solaris 8 | Product(s): | mozilla |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:594 | |||
Oval ID: | oval:org.mitre.oval:def:594 | ||
Title: | Windows Messenger 6 libpng Buffer Overflow | ||
Description: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0597 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | MSN Messenger |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7709 | |||
Oval ID: | oval:org.mitre.oval:def:7709 | ||
Title: | libpng buffer overflow | ||
Description: | Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0597 | Version: | 9 |
Platform(s): | Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 | Product(s): | MSN Messenger 4.7 MSN Messenger 6.1 MSN Messenger 6.2 Adobe Acrobat Reader |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9240 | |||
Oval ID: | oval:org.mitre.oval:def:9240 | ||
Title: | Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted. | ||
Description: | Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0761 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9378 | |||
Oval ID: | oval:org.mitre.oval:def:9378 | ||
Title: | Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. | ||
Description: | Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0722 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9419 | |||
Oval ID: | oval:org.mitre.oval:def:9419 | ||
Title: | Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files. | ||
Description: | Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0764 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9436 | |||
Oval ID: | oval:org.mitre.oval:def:9436 | ||
Title: | Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method. | ||
Description: | Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0763 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9997 | |||
Oval ID: | oval:org.mitre.oval:def:9997 | ||
Title: | The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | ||
Description: | The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0718 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5016546.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-14 (mozilla) File : nvt/glsa_200507_14.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200408-22 (mozilla) File : nvt/glsa_200408_22.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200408-03 (libpng) File : nvt/glsa_200408_03.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox14.nasl |
2008-09-04 | Name : FreeBSD Ports: thunderbird File : nvt/freebsd_thunderbird2.nasl |
2008-09-04 | Name : FreeBSD Ports: thunderbird File : nvt/freebsd_thunderbird1.nasl |
2008-09-04 | Name : FreeBSD Ports: png File : nvt/freebsd_png.nasl |
2008-09-04 | Name : FreeBSD Ports: mozilla File : nvt/freebsd_mozilla0.nasl |
2008-09-04 | Name : FreeBSD Ports: mozilla File : nvt/freebsd_mozilla.nasl |
2008-09-04 | Name : FreeBSD Ports: kdelibs File : nvt/freebsd_kdelibs1.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox9.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox18.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox13.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox12.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox11.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox10.nasl |
2008-09-04 | Name : FreeBSD Ports: ImageMagick, ImageMagick-nox11 File : nvt/freebsd_ImageMagick3.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 536-1 (libpng) File : nvt/deb_536_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 810-1 (mozilla) File : nvt/deb_810_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 777-1 (mozilla) File : nvt/deb_777_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 775-1 (mozilla) File : nvt/deb_775_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 571-1 (libpng3) File : nvt/deb_571_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 570-1 (libpng) File : nvt/deb_570_1.nasl |
2005-11-03 | Name : Mozilla/Firefox security manager certificate handling DoS File : nvt/mozilla_certif_handle_dos.nasl |
2005-11-03 | Name : Mozilla/Firefox user interface spoofing File : nvt/mozilla_firefox_xul_spoof.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-223-02 imagemagick File : nvt/esoft_slk_ssa_2004_223_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-223-01 Mozilla File : nvt/esoft_slk_ssa_2004_223_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2004-222-01 libpng File : nvt/esoft_slk_ssa_2004_222_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
59835 | Netscape Cross-domain Frame Injection Content Spoofing |
59834 | Mozilla Multiple Browser Cross-domain Frame Injection Content Spoofing |
59316 | Netscape SOAPParameter Object Constructor Overflow |
8326 | libpng png_handle_tRNS Remote Overflow A remote overflow exists in libpng. The library function png_handle_tRNS fails to perform a length check on PNG images resulting in a buffer overflow. With a specially crafted PNG file, an attacker can cause the execution of code resulting in a loss of integrity. |
8316 | libpng pngrutil.c Multiple Function Progressive Display Image Reading Overflow A potential local integer overflow exists in libpng. The library function png_push_read_chunk contains code that might be susceptible to integer overflows. It is currently unknown how dangerous this code might be. With a specially crafted request, an attacker might cause crashes or execution of code resulting in a loss of availability. |
8315 | libpng png_read_png Integer Overflow A local overflow exists in libpng. The library function png_read_png fails to validate the height of input PNG files resulting in a possible integer overflow. With a specially crafted request, an attacker might cause a crash of the applicatioin resulting in a loss of availability. |
8314 | libpng png_handle_sPLT Local Overflow A local overflow exists in libpng. The library function png_handle_sPLT fails to validate input resulting in a possible integer overflow. With a specially crafted request, an attacker might theoretically cause execution of code resulting in a loss of integrity. |
8312 | libpng png_handle_sBIT() Local Overflow A local overflow exists in libpng. The library function png_handle_sBIT relies on checks in other functions to perform input validation resulting in a possible buffer overflow. With a specially crafted PNG file, an attacker might cause execution of code resulting in a loss of integrity. |
8311 | Mozilla Browsers chrome/XML User Interface Spoofing |
8310 | Mozilla Browsers onunload Method SSL Certificate Spoofing |
8309 | Mozilla Browsers XPInstall Security Dialog Arbitrary Extension Installation An attackers website can inject arbitrary Mozilla extensions by tricking the user into interactively accepting security dialog boxes without seeing the dialog box. |
8308 | Mozilla Browsers Redirect Sequence Security Icon Spoof Mozilla based products contain a flaw that may allow a malicious user to spoof the SSL security icon. The issue is triggered when a specially crafted web paged is used to redirect the SSL information from another site. It is possible that the flaw may allow normal users to believe a page is encrypted when it truly is not resulting in a potential loss of confidentiality. |
8307 | Mozilla Browsers FTP URI Null Character MIME Type Spoofing Arbitrary Code Exe... Mozilla based browsers contain a flaw that allows a remote code injection. This flaw exists because the application does not properly validate input before opening. This could allow a user to create a specially crafted URL containing NULL characters that would spoof the MIME type and potentially execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
8305 | Mozilla Browsers Arbitrary File Upload Mozilla contains a flaw that may allow a malicious user to capture or upload a file from a users machine. The issue is triggered when a user loads a malicious web page which uses a specially crafted javascript. It is possible that the flaw may allow an attacker to retrieve files from known locations without the user being notified, resulting in a loss of confidentiality. |
8304 | Mozilla Browsers cert_TestHostName Certificate Spoofing Mozilla contains a flaw that may allow a malicious user to spoof a trusted certificate. The issue is triggered when Mozilla fails to securely verfiy the hostname on certificates for non-Fully Qualified Domain Names (FQDN.) It is possible that the flaw may allow the attacker to spoof the hostname resulting in a loss of integrity. |
8303 | Mozilla Browsers SendUidl POP3 Overflow Mozilla contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a maliciously configured POP3 server overwrites heap memory in the users browser. It is possible that the flaw may allow remote code execution allowing system access and resulting in a loss of confidentiality and integrity. |
8281 | Mozilla Browsers SOAPParameter Object Constructor Overflow Mozilla/Netscape contains a flaw that may allow a malicious user to corrupt heap information. The issue is triggered when an integer overflow in the SOAPParameter object constructor occurs. It is possible that the flaw may allow the remote execution of arbitrary code resulting in a loss of integrity and/or availability. |
8238 | Mozilla Browsers onunload SSL Certificate Spoofing Mozilla and Mozilla Firefox contains a flaw that may allow a malicious user to spoof SSL certification. The issue is triggered when using "onunload" inside a < body> tag and redirection using http-equiv refresh metatag, document.write() and document.close(), which will spoof a trusted website. By sending a specially crafted webpage, a remote attacker can represent the malicious Web site as that of a trusted site, resulting in a loss of integrity. |
7939 | Mozilla Multiple Browsers CA Certificate SSL Page DoS Mozilla browsers contain a flaw that may allow a denial of service on stored certificates. The issue is triggered when receiving certificates with existing DN and different serial number as a built-in CA root cert occurs, and will result in the built-in CA root cert being overwritten. Ultimately this may result in loss of availability for sites using the original built-in CA root cert. |
7466 | Mozilla XPInstall Dialog Box Arbitrary Command Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2018-01-17 | Mozilla Firefox SOAPParameter integer overflow attempt RuleID : 45184 - Revision : 1 - Type : BROWSER-FIREFOX |
2018-01-17 | Mozilla Firefox SOAPParameter integer overflow attempt RuleID : 45183 - Revision : 1 - Type : BROWSER-FIREFOX |
2018-01-17 | Mozilla Firefox SOAPParameter integer overflow attempt RuleID : 45182 - Revision : 1 - Type : BROWSER-FIREFOX |
2018-01-17 | Mozilla Firefox SOAPParameter integer overflow attempt RuleID : 45181 - Revision : 1 - Type : BROWSER-FIREFOX |
2018-01-17 | Mozilla Firefox SOAPParameter integer overflow attempt RuleID : 45180 - Revision : 1 - Type : BROWSER-FIREFOX |
2018-01-17 | Mozilla Firefox SOAPParameter integer overflow attempt RuleID : 45179 - Revision : 1 - Type : BROWSER-FIREFOX |
2018-01-17 | Mozilla Firefox SOAPParameter integer overflow attempt RuleID : 45178 - Revision : 1 - Type : BROWSER-FIREFOX |
2018-01-17 | Mozilla Firefox SOAPParameter integer overflow attempt RuleID : 45177 - Revision : 1 - Type : BROWSER-FIREFOX |
2018-01-10 | Mozilla SSL certificate spoofing attempt RuleID : 45127 - Revision : 1 - Type : BROWSER-FIREFOX |
2014-01-10 | Microsoft Multiple Products PNG large image height download attempt RuleID : 3133-community - Revision : 15 - Type : FILE-IMAGE |
2014-01-10 | Microsoft Multiple Products PNG large image height download attempt RuleID : 3133 - Revision : 15 - Type : FILE-IMAGE |
2014-01-10 | libpng tRNS overflow attempt RuleID : 2673-community - Revision : 12 - Type : FILE-IMAGE |
2014-01-10 | libpng tRNS overflow attempt RuleID : 2673 - Revision : 12 - Type : FILE-IMAGE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-10-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_641859e8eca111d8b913000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a4fd8f5305eb11d9b45d000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c1d97a8b05ed11d9b45d000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f9e3e60be65011d89b0a000347a4fa7d.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-213.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2006-212.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-586.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-587.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-155-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-149-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1-1.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-128.nasl - Type : ACT_GATHER_INFO |
2005-09-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-810.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-775.nasl - Type : ACT_GATHER_INFO |
2005-08-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-777.nasl - Type : ACT_GATHER_INFO |
2005-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-587.nasl - Type : ACT_GATHER_INFO |
2005-07-22 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-616.nasl - Type : ACT_GATHER_INFO |
2005-07-22 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-619.nasl - Type : ACT_GATHER_INFO |
2005-07-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-605.nasl - Type : ACT_GATHER_INFO |
2005-07-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-603.nasl - Type : ACT_GATHER_INFO |
2005-07-21 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-586.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_abe47a5ae23c11d89b0a000347a4fa7d.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : A web browser installed on the remote host contains multiple vulnerabilities. File : mozilla_179.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e9f9d2320cb211d98a8a000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_105.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-222-01.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a7e0d783131b11d9bc4a000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7c188c550cb011d98a8a000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-223-01.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-223-02.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_5360a659131c11d9bc4a000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6e7408810cae11d98a8a000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8d8238830ca911d98a8a000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_730db824e21611d89b0a000347a4fa7d.nasl - Type : ACT_GATHER_INFO |
2005-02-08 | Name : Arbitrary code can be executed on the remote host through the Media Player. File : smb_nt_ms05-009.nasl - Type : ACT_GATHER_INFO |
2004-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-570.nasl - Type : ACT_GATHER_INFO |
2004-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-571.nasl - Type : ACT_GATHER_INFO |
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-536.nasl - Type : ACT_GATHER_INFO |
2004-09-06 | Name : The remote Windows host has a web browser installed that is affected by a den... File : mozilla_certif_handle_dos.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200408-03.nasl - Type : ACT_GATHER_INFO |
2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200408-22.nasl - Type : ACT_GATHER_INFO |
2004-08-22 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-082.nasl - Type : ACT_GATHER_INFO |
2004-08-22 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-079.nasl - Type : ACT_GATHER_INFO |
2004-08-12 | Name : The remote device is missing a vendor-supplied security patch File : freebsd_kdelibs_3233.nasl - Type : ACT_GATHER_INFO |
2004-08-10 | Name : The remote host is missing a Mac OS X update that fixes a security issue. File : macosx_SecUpd20040809.nasl - Type : ACT_GATHER_INFO |
2004-08-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-238.nasl - Type : ACT_GATHER_INFO |
2004-08-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-237.nasl - Type : ACT_GATHER_INFO |
2004-08-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-239.nasl - Type : ACT_GATHER_INFO |
2004-08-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-236.nasl - Type : ACT_GATHER_INFO |
2004-08-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-402.nasl - Type : ACT_GATHER_INFO |
2004-08-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-421.nasl - Type : ACT_GATHER_INFO |
2004-08-04 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_023.nasl - Type : ACT_GATHER_INFO |
2004-08-03 | Name : The remote Windows host contains a web browser that has a code execution vuln... File : mozilla_firefox_cache_file.nasl - Type : ACT_GATHER_INFO |
2004-08-02 | Name : The remote Windows host has a web browser installed that is affected by multi... File : mozilla_firefox_xul_spoof.nasl - Type : ACT_GATHER_INFO |
2004-08-02 | Name : The remote Windows host contains a web browser that is affected by an integer... File : mozilla_soapparameter_overflow.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote host is using an unsupported version of Mac OS X. File : macosx_version.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:48:37 |
|