9.3 - RHSA-2006:0578

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	seamonkey security update (was mozilla)

Informations
Name	RHSA-2006:0578	First vendor Publication	2006-07-20
Vendor	RedHat	Last vendor Modification	2006-07-20
Severity (Vendor)	Critical	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated seamonkey packages that fix several security bugs in the mozilla package are now available for Red Hat Enterprise Linux 3.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 3 in favor of the supported SeaMonkey Suite.

This update also resolves a number of outstanding Mozilla security issues:

Several flaws were found in the way Mozilla processed certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787)

Several denial of service flaws were found in the way Mozilla processed certain web content. A malicious web page could crash firefox or possibly execute arbitrary code. These issues to date were not proven to be exploitable, but do show evidence of memory corruption. (CVE-2006-2779, CVE-2006-2780)

A double-free flaw was found in the way Mozilla-mail displayed malformed inline vcard attachments. If a victim viewed an email message containing a carefully crafted vcard it could execute arbitrary code as the user running Mozilla-mail. (CVE-2006-2781)

A cross site scripting flaw was found in the way Mozilla processed Unicode Byte-order-Mark (BOM) markers in UTF-8 web pages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed "script" tag. (CVE-2006-2783)

A form file upload flaw was found in the way Mozilla handled javascript input object mutation. A malicious web page could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782)

A denial of service flaw was found in the way Mozilla called the crypto.signText() javascript function. A malicious web page could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778)

Two HTTP response smuggling flaws were found in the way Mozilla processed certain invalid HTTP response headers. A malicious web site could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786)

A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page it could execute arbitrary code as the user running Mozilla. (CVE-2006-2788)

Users of Mozilla are advised to upgrade to this update, which contains SeaMonkey version 1.0.2 that is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

196971 - CVE-2006-2783 multiple Seamonkey issues (CVE-2006-2782,CVE-2006-2778,CVE-2006-2776,CVE-2006-2784,CVE-2006-2785,CVE-2006-2786,CVE-2006-2787,CVE-2006-2788) 198683 - CVE-2006-2779 Multiple Mozilla issues (CVE-2006-2780, CVE-2006-2781)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2006-0578.html

CWE : Common Weakness Enumeration

%	Id	Name
29 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
29 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
14 %	CWE-264	Permissions, Privileges, and Access Controls
14 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
14 %	CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10247

Oval ID:	oval:org.mitre.oval:def:10247
Title:	Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.
Description:	Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2781	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-js-debugger is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nspr-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-mail is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-chat is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-dom-inspector is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss is earlier than 0:1.0.2-0.1.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:10429

Oval ID:	oval:org.mitre.oval:def:10429
Title:	Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control.
Description:	Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2782	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-js-debugger is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nspr-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-mail is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-chat is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-dom-inspector is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss is earlier than 0:1.0.2-0.1.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:10545

Oval ID:	oval:org.mitre.oval:def:10545
Title:	Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.
Description:	Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2785	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-js-debugger is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nspr-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-mail is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-chat is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-dom-inspector is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss is earlier than 0:1.0.2-0.1.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:10772

Oval ID:	oval:org.mitre.oval:def:10772
Title:	Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.
Description:	Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2783	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-js-debugger is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nspr-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-mail is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-chat is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-dom-inspector is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss is earlier than 0:1.0.2-0.1.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:11065

Oval ID:	oval:org.mitre.oval:def:11065
Title:	Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.
Description:	Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2788	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-js-debugger is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nspr-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-mail is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-chat is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-dom-inspector is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss is earlier than 0:1.0.2-0.1.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:11305

Oval ID:	oval:org.mitre.oval:def:11305
Title:	Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.
Description:	Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2780	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-js-debugger is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nspr-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-mail is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-chat is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-dom-inspector is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss is earlier than 0:1.0.2-0.1.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:9491

Oval ID:	oval:org.mitre.oval:def:9491
Title:	EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.
Description:	EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2787	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-js-debugger is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nspr-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-mail is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-chat is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-dom-inspector is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss is earlier than 0:1.0.2-0.1.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:9703

Oval ID:	oval:org.mitre.oval:def:9703
Title:	The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.
Description:	The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2778	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-js-debugger is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nspr-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-mail is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-chat is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-dom-inspector is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss is earlier than 0:1.0.2-0.1.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:9762

Oval ID:	oval:org.mitre.oval:def:9762
Title:	Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested option tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
Description:	Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2779	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-js-debugger is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nspr-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-mail is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-chat is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-dom-inspector is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss is earlier than 0:1.0.2-0.1.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:9768

Oval ID:	oval:org.mitre.oval:def:9768
Title:	The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.
Description:	The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2784	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-js-debugger is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nspr-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-mail is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-chat is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-dom-inspector is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss is earlier than 0:1.0.2-0.1.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:9849

Oval ID:	oval:org.mitre.oval:def:9849
Title:	Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.
Description:	Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2776	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-js-debugger is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nspr-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-mail is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-chat is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-dom-inspector is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss is earlier than 0:1.0.2-0.1.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

Definition Id: oval:org.mitre.oval:def:9966

Oval ID:	oval:org.mitre.oval:def:9966
Title:	HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.
Description:	HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2006-2786	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-js-debugger is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nspr-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-mail is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-chat is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-devel is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-dom-inspector is earlier than 0:1.0.2-0.1.0.EL3 AND seamonkey-nss is earlier than 0:1.0.2-0.1.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section devhelp-devel is earlier than 0:0.10-0.2.el4 AND seamonkey-nspr is earlier than 0:1.0.3-0.el4.1 AND seamonkey-js-debugger is earlier than 0:1.0.3-0.el4.1 AND thunderbird is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-nss-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nspr-devel is earlier than 0:1.0.3-0.el4.1 AND devhelp is earlier than 0:0.10-0.2.el4 AND firefox is earlier than 0:1.5.0.5-0.el4.1 AND seamonkey-mail is earlier than 0:1.0.3-0.el4.1 AND seamonkey-chat is earlier than 0:1.0.3-0.el4.1 AND seamonkey-nss is earlier than 0:1.0.3-0.el4.1 AND seamonkey-devel is earlier than 0:1.0.3-0.el4.1 AND seamonkey-dom-inspector is earlier than 0:1.0.3-0.el4.1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mozilla Firefox cpe:2.3:a:mozilla:firefox:1.5.3:::::::* cpe:2.3:a:mozilla:firefox:1.5.2:::::::* cpe:2.3:a:mozilla:firefox:1.5.1:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::* cpe:2.3:a:mozilla:firefox:1.5:beta1:::::: cpe:2.3:a:mozilla:firefox:1.5:-:::::: cpe:2.3:a:mozilla:firefox:1.5:beta2:::::: cpe:2.3:a:mozilla:firefox:1.4.1:::::::* cpe:2.3:a:mozilla:firefox:1.0.8:::::::* cpe:2.3:a:mozilla:firefox:1.0.7:::::::* cpe:2.3:a:mozilla:firefox:1.0.6::linux::::: cpe:2.3:a:mozilla:firefox:1.0.6:::::::* cpe:2.3:a:mozilla:firefox:1.0.5:::::::* cpe:2.3:a:mozilla:firefox:1.0.4:::::::* cpe:2.3:a:mozilla:firefox:1.0.3:::::::* cpe:2.3:a:mozilla:firefox:1.0.2:::::::* cpe:2.3:a:mozilla:firefox:1.0.1:::::::* cpe:2.3:a:mozilla:firefox:1.0:-:::::: cpe:2.3:a:mozilla:firefox:1.0:preview_release:::::: cpe:2.3:a:mozilla:firefox:0.9.3:::::::* cpe:2.3:a:mozilla:firefox:0.9.2:::::::* cpe:2.3:a:mozilla:firefox:0.9.1:::::::* cpe:2.3:a:mozilla:firefox:0.9_rc:::::::* cpe:2.3:a:mozilla:firefox:0.9:::::::* cpe:2.3:a:mozilla:firefox:0.9:rc:::::: cpe:2.3:a:mozilla:firefox:0.8:::::::* cpe:2.3:a:mozilla:firefox:0.7.1:::::::* cpe:2.3:a:mozilla:firefox:0.7:::::::* cpe:2.3:a:mozilla:firefox:0.6.1:::::::* cpe:2.3:a:mozilla:firefox:0.6:::::::* cpe:2.3:a:mozilla:firefox:0.5:::::::* cpe:2.3:a:mozilla:firefox:0.4:::::::* cpe:2.3:a:mozilla:firefox:0.3:::::::* cpe:2.3:a:mozilla:firefox:0.2:::::::* cpe:2.3:a:mozilla:firefox:0.10.1:::::::* cpe:2.3:a:mozilla:firefox:0.10:::::::* cpe:2.3:a:mozilla:firefox:0.1:::::::* cpe:2.3:a:mozilla:firefox:preview_release:::::::* cpe:2.3:a:mozilla:firefox::::::-::* cpe:2.3:a:mozilla:firefox::::::android::* cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:firefox:::::::x86:* cpe:2.3:a:mozilla:firefox::::::x86::* cpe:2.3:a:mozilla:firefox::::::iphone_os::* cpe:2.3:a:mozilla:firefox:::::android:::* cpe:2.3:a:mozilla:firefox:-:::::iphone_os:: cpe:2.3:a:mozilla:firefox:-:::::::*	49
Application	Mozilla Seamonkey cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::* cpe:2.3:a:mozilla:seamonkey:1.0:alpha:::::: cpe:2.3:a:mozilla:seamonkey:1.0:beta:::::: cpe:2.3:a:mozilla:seamonkey:1.0:::::::* cpe:2.3:a:mozilla:seamonkey:1.0::dev::::: cpe:2.3:a:mozilla:seamonkey:1.0::alpha::::: cpe:2.3:a:mozilla:seamonkey:1.0::beta::::: cpe:2.3:a:mozilla:seamonkey:::::::: cpe:2.3:a:mozilla:seamonkey:-:::::::*	9
Application	Mozilla Thunderbird cpe:2.3:a:mozilla:thunderbird:1.5.2:::::::* cpe:2.3:a:mozilla:thunderbird:1.5.1:::::::* cpe:2.3:a:mozilla:thunderbird:1.5.0.3:::::::* cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::* cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::* cpe:2.3:a:mozilla:thunderbird:1.5:rc2:::::: cpe:2.3:a:mozilla:thunderbird:1.5:-:::::: cpe:2.3:a:mozilla:thunderbird:1.5:rc1:::::: cpe:2.3:a:mozilla:thunderbird:1.5:beta1:::::: cpe:2.3:a:mozilla:thunderbird:1.5:beta2:::::: cpe:2.3:a:mozilla:thunderbird:1.1:alpha2:::::: cpe:2.3:a:mozilla:thunderbird:1.1:alpha1:::::: cpe:2.3:a:mozilla:thunderbird:1.0.8:::::::* cpe:2.3:a:mozilla:thunderbird:1.0.7:::::::* cpe:2.3:a:mozilla:thunderbird:1.0.6:::::::* cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:::::: cpe:2.3:a:mozilla:thunderbird:1.0.5:::::::* cpe:2.3:a:mozilla:thunderbird:1.0.4:::::::* cpe:2.3:a:mozilla:thunderbird:1.0.3:::::::* cpe:2.3:a:mozilla:thunderbird:1.0.2:::::::* cpe:2.3:a:mozilla:thunderbird:1.0.1:::::::* cpe:2.3:a:mozilla:thunderbird:1.0:rc:::::: cpe:2.3:a:mozilla:thunderbird:1.0:-:::::: cpe:2.3:a:mozilla:thunderbird:0.9:::::::* cpe:2.3:a:mozilla:thunderbird:0.8:::::::* cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::* cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::* cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::* cpe:2.3:a:mozilla:thunderbird:0.7:-:::::: cpe:2.3:a:mozilla:thunderbird:0.7:rc:::::: cpe:2.3:a:mozilla:thunderbird:0.6:::::::* cpe:2.3:a:mozilla:thunderbird:0.5:::::::* cpe:2.3:a:mozilla:thunderbird:0.4:::::::* cpe:2.3:a:mozilla:thunderbird:0.3:::::::* cpe:2.3:a:mozilla:thunderbird:0.2:::::::* cpe:2.3:a:mozilla:thunderbird:0.1:::::::* cpe:2.3:a:mozilla:thunderbird:::::::x86:* cpe:2.3:a:mozilla:thunderbird:::::::: cpe:2.3:a:mozilla:thunderbird:-:::::::*	39

OpenVAS Exploits

Date	Description
2009-05-05	Name : HP-UX Update for Thunderbird HPSBUX02156 File : nvt/gb_hp_ux_HPSBUX02156.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200606-12 (mozilla-firefox) File : nvt/glsa_200606_12.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200606-21 (mozilla-thunderbird) File : nvt/glsa_200606_21.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200703-05 (mozilla) File : nvt/glsa_200703_05.nasl
2008-01-17	Name : Debian Security Advisory DSA 1118-1 (mozilla) File : nvt/deb_1118_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1120-1 (mozilla-firefox) File : nvt/deb_1120_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1134-1 (mozilla-thunderbird) File : nvt/deb_1134_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1159-1 (mozilla-thunderbird) File : nvt/deb_1159_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1159-2 (mozilla-thunderbird) File : nvt/deb_1159_2.nasl
2008-01-17	Name : Debian Security Advisory DSA 1160-1 (mozilla) File : nvt/deb_1160_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1160-2 (mozilla) File : nvt/deb_1160_2.nasl
2008-01-17	Name : Debian Security Advisory DSA 1191-1 (mozilla-thunderbird) File : nvt/deb_1191_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1192-1 (mozilla) File : nvt/deb_1192_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 1210-1 (mozilla-firefox) File : nvt/deb_1210_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
27668	Mozilla Multiple Products nsIX509Cert getRawDER Function Double-free DoS
26314	Mozilla Multiple Products BOM on UTF-8 Page XSS
26313	Mozilla Multiple Products Text Box Arbitrary File Access (Variant)
26312	Mozilla Multiple Products VCard Invalid Base64 Character Double-free DoS
26311	Mozilla Multiple Products crypto.signText Function Overflow
26310	Mozilla Multiple Products Content-defined Setter Object Prototype Remote Priv...
26309	Mozilla Multiple Products PLUGINSPAGE Privileged JavaScript Execution
26308	Mozilla Multiple Products EvalInSandbox Bypass Privilege Escalation
26307	Mozilla Multiple Products iframe Self Removal Memory Corruption
26306	Mozilla Multiple Products XBL Implementation Memory Corruption
26305	Mozilla Multiple Products BoxObjects Memory Corruption
26304	Mozilla Multiple Products Content-implemented Tree View Memory Corruption
26303	Mozilla Multiple Products DOMNodeRemoved Mutation Event Memory Corruption
26302	Mozilla Multiple Products Select Tag Nested Option Memory Corruption
26301	Mozilla Multiple Products jsstr tagify Overflow
26300	Mozilla Multiple Products via Proxy Server HTTP Response Smuggling
26299	Mozilla Multiple Products View Image/Frame Source Attribute XSS

Snort® IPS/IDS

Date	Description
2014-01-10	Mozilla Firefox DOMNodeRemoved attack attempt RuleID : 17389 - Revision : 13 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0735.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0733.nasl - Type : ACT_GATHER_INFO
2009-06-09	Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4.0.nasl - Type : ACT_GATHER_INFO
2009-06-09	Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari4_0.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-361-1.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-323-1.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-296-1.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-297-3.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-297-1.nasl - Type : ACT_GATHER_INFO
2007-11-10	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-296-2.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-1585.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-1672.nasl - Type : ACT_GATHER_INFO
2007-10-17	Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-1671.nasl - Type : ACT_GATHER_INFO
2007-02-18	Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris8_120671.nasl - Type : ACT_GATHER_INFO
2007-02-18	Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris9_120671.nasl - Type : ACT_GATHER_INFO
2006-12-16	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-146.nasl - Type : ACT_GATHER_INFO
2006-12-16	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-143.nasl - Type : ACT_GATHER_INFO
2006-12-06	Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris9_x86_120672.nasl - Type : ACT_GATHER_INFO
2006-12-06	Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris8_x86_120672.nasl - Type : ACT_GATHER_INFO
2006-11-20	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1210.nasl - Type : ACT_GATHER_INFO
2006-11-06	Name : The remote host is missing Sun Security Patch number 119115-36 File : solaris10_119115.nasl - Type : ACT_GATHER_INFO
2006-11-06	Name : The remote host is missing Sun Security Patch number 119116-35 File : solaris10_x86_119116.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1192.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1191.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1160.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1159.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1134.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1120.nasl - Type : ACT_GATHER_INFO
2006-10-14	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1118.nasl - Type : ACT_GATHER_INFO
2006-08-30	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0594.nasl - Type : ACT_GATHER_INFO
2006-08-07	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0609.nasl - Type : ACT_GATHER_INFO
2006-08-04	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0609.nasl - Type : ACT_GATHER_INFO
2006-08-04	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0611.nasl - Type : ACT_GATHER_INFO
2006-08-04	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0610.nasl - Type : ACT_GATHER_INFO
2006-07-29	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0611.nasl - Type : ACT_GATHER_INFO
2006-07-29	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0610.nasl - Type : ACT_GATHER_INFO
2006-07-21	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0578.nasl - Type : ACT_GATHER_INFO
2006-06-20	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200606-21.nasl - Type : ACT_GATHER_INFO
2006-06-16	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200606-12.nasl - Type : ACT_GATHER_INFO
2006-06-03	Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_102.nasl - Type : ACT_GATHER_INFO
2006-06-03	Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_1504.nasl - Type : ACT_GATHER_INFO
2006-06-03	Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1504.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:50:06	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	7
Oval ID(s)	12
CPE ID(s)	97
osvdb(s)	17
Openvas Exploit(s)	14
Snort® Rule(s)	1
Nessus® Exploit(s)	42

	Related
9.3	CVE-2006-2787
9.3	CVE-2006-2780
9.3	CVE-2006-2779
7.5	CVE-2006-2788
7.5	CVE-2006-2776
6.4	CVE-2006-2781
5.1	CVE-2006-2784
5	CVE-2006-2778
4.3	CVE-2006-2785
4.3	CVE-2006-2783
4.3	CVE-2006-2782
2.6	CVE-2006-2786
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 12 more Alert(s)