Executive Summary

Summary
TitleFirefox security update
Informations
NameRHSA-2007:0079First vendor Publication2007-02-23
VendorRedHatLast vendor Modification2007-02-23
Severity (Vendor) CriticalRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated firefox packages that fix several security bugs are now available
for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed
JavaScript code. A malicious web page could execute JavaScript code in such
a way that may result in Firefox crashing or executing arbitrary code as
the user running Firefox. (CVE-2007-0775, CVE-2007-0777)

Several cross-site scripting (XSS) flaws were found in the way Firefox
processed certain malformed web pages. A malicious web page could display
misleading information which may result in a user unknowingly divulging
sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995,
CVE-2007-0996)

A flaw was found in the way Firefox cached web pages on the local disk. A
malicious web page may be able to inject arbitrary HTML into a browsing
session if the user reloads a targeted site. (CVE-2007-0778)

A flaw was found in the way Firefox displayed certain web content. A
malicious web page could generate content which could overlay user
interface elements such as the hostname and security indicators, tricking a
user into thinking they are visiting a different site. (CVE-2007-0779)

Two flaws were found in the way Firefox displayed blocked popup windows. If
a user can be convinced to open a blocked popup, it is possible to read
arbitrary local files, or conduct an XSS attack against the user.
(CVE-2007-0780, CVE-2007-0800)

Two buffer overflow flaws were found in the Network Security Services (NSS)
code for processing the SSLv2 protocol. Connecting to a malicious secure
web server could cause the execution of arbitrary code as the user running
Firefox. (CVE-2007-0008, CVE-2007-0009)

A flaw was found in the way Firefox handled the "location.hostname" value
during certain browser domain checks. This flaw could allow a malicious web
site to set domain cookies for an arbitrary site, or possibly perform an
XSS attack. (CVE-2007-0981)

Users of Firefox are advised to upgrade to these erratum packages, which
contain Firefox version 1.5.0.10 that corrects these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

202352 - Firefox 1.5.0.5 startup script not updated for the add-on based locale
229802 - CVE-2007-0775 Multiple Firefox flaws (CVE-2007-0777, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2007-0079.html

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls
CWE-189Numeric Errors
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10031
 
Oval ID: oval:org.mitre.oval:def:10031
Title: The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
Description: The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
Family: unix Class: vulnerability
Reference(s): CVE-2006-6077
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10502
 
Oval ID: oval:org.mitre.oval:def:10502
Title: Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
Description: Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0008
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10174
 
Oval ID: oval:org.mitre.oval:def:10174
Title: Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
Description: Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0009
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10012
 
Oval ID: oval:org.mitre.oval:def:10012
Title: Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.
Description: Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0775
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11331
 
Oval ID: oval:org.mitre.oval:def:11331
Title: The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.
Description: The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0777
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9151
 
Oval ID: oval:org.mitre.oval:def:9151
Title: The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.
Description: The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0778
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8757
 
Oval ID: oval:org.mitre.oval:def:8757
Title: GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.
Description: GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0779
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9884
 
Oval ID: oval:org.mitre.oval:def:9884
Title: browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
Description: browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0780
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10654
 
Oval ID: oval:org.mitre.oval:def:10654
Title: Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
Description: Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0800
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9730
 
Oval ID: oval:org.mitre.oval:def:9730
Title: Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Description: Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0981
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10164
 
Oval ID: oval:org.mitre.oval:def:10164
Title: Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
Description: Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0995
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10086
 
Oval ID: oval:org.mitre.oval:def:10086
Title: The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
Description: The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
Family: unix Class: vulnerability
Reference(s): CVE-2007-0996
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21788
 
Oval ID: oval:org.mitre.oval:def:21788
Title: ELSA-2007:0097: firefox security update (Critical)
Description: The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
Family: unix Class: patch
Reference(s): ELSA-2007:0097-02
CVE-2006-6077
CVE-2007-0008
CVE-2007-0009
CVE-2007-0775
CVE-2007-0777
CVE-2007-0778
CVE-2007-0779
CVE-2007-0780
CVE-2007-0800
CVE-2007-0981
CVE-2007-0994
CVE-2007-0995
CVE-2007-0996
Version: 54
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application59
Application3
Application12
Application32
Application1

ExploitDB Exploits

idDescription
2007-02-20Mozilla Firefox <= 2.0.0.1 (location.hostname) Cross-Domain Vulnerability

OpenVAS Exploits

DateDescription
2009-10-10Name : SLES9: Security update for Mozilla suite
File : nvt/sles9p5012115.nasl
2009-04-09Name : Mandriva Update for mozilla-firefox MDKSA-2007:050 (mozilla-firefox)
File : nvt/gb_mandriva_MDKSA_2007_050.nasl
2009-04-09Name : Mandriva Update for mozilla-firefox MDKSA-2007:050-1 (mozilla-firefox)
File : nvt/gb_mandriva_MDKSA_2007_050_1.nasl
2009-04-09Name : Mandriva Update for mozilla-thunderbird MDKSA-2007:052 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDKSA_2007_052.nasl
2009-03-23Name : Ubuntu Update for firefox vulnerabilities USN-428-1
File : nvt/gb_ubuntu_USN_428_1.nasl
2009-03-23Name : Ubuntu Update for firefox regression USN-428-2
File : nvt/gb_ubuntu_USN_428_2.nasl
2009-03-23Name : Ubuntu Update for mozilla-thunderbird vulnerabilities USN-431-1
File : nvt/gb_ubuntu_USN_431_1.nasl
2009-02-27Name : Fedora Update for nspr FEDORA-2007-278
File : nvt/gb_fedora_2007_278_nspr_fc5.nasl
2009-02-27Name : Fedora Update for nss FEDORA-2007-278
File : nvt/gb_fedora_2007_278_nss_fc5.nasl
2009-02-27Name : Fedora Update for nspr FEDORA-2007-279
File : nvt/gb_fedora_2007_279_nspr_fc6.nasl
2009-02-27Name : Fedora Update for nss FEDORA-2007-279
File : nvt/gb_fedora_2007_279_nss_fc6.nasl
2009-01-28Name : SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2007:019
File : nvt/gb_suse_2007_019.nasl
2009-01-28Name : SuSE Update for mozilla,MozillaThunderbird,seamonkey SUSE-SA:2007:022
File : nvt/gb_suse_2007_022.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200703-04 (mozilla-firefox)
File : nvt/glsa_200703_04.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200703-08 (seamonkey)
File : nvt/glsa_200703_08.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200703-18 (mozilla-thunderbird)
File : nvt/glsa_200703_18.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200703-22 (nss)
File : nvt/glsa_200703_22.nasl
2008-09-04Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox26.nasl
2008-01-17Name : Debian Security Advisory DSA 1336-1 (mozilla-firefox)
File : nvt/deb_1336_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
33812Mozilla Multiple Products Child Frame Inheritance XSS
32115Mozilla Multiple Products JavaScript Engine Memory Corruption
32114Mozilla Multiple Products Layout Engine Memory Corruption
32112Mozilla Multiple Products Cross Domain Charset Inheritance Weakness
32111Mozilla Multiple Products HTML Tag Attribute Trailing Character Content Filte...
32110Mozilla Multiple Products Cache Collision Information Disclosure
32109Mozilla Multiple Products CSS3 Hotspot Custom Cursor Spoofing
32108Mozilla Multiple Products Blocked Popup Arbitrary File Access
32107Mozilla Multiple Products Blocked Popup XSS
32106Mozilla Network Security Services SSLv2 Server Remote Overflow
32105Mozilla Multiple Products NSS SSLv2 Client Overflow
32104Mozilla Multiple Products location.hostname Null Byte URI Security Bypass
30641Multiple Browser Password Manager Crafted Form Cross-Site Password Disclosure

Information Assurance Vulnerability Management (IAVM)

DateDescription
2014-01-16IAVM : 2014-A-0009 - Multiple Vulnerabilities in Oracle Fusion Middleware
Severity : Category I - VMSKEY : V0043395

Snort® IPS/IDS

DateDescription
2014-01-10Mozilla browsers JavaScript argument passing code execution attempt
RuleID : 16005 - Revision : 7 - Type : BROWSER-FIREFOX
2014-01-10Mozilla Network Security Services SSLv2 stack overflow attempt
RuleID : 11672 - Revision : 6 - Type : MISC

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0077-2.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0077.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2007-0078.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2007-0079.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-0108.nasl - Type : ACT_GATHER_INFO
2007-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-2683.nasl - Type : ACT_GATHER_INFO
2007-11-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-428-1.nasl - Type : ACT_GATHER_INFO
2007-11-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-428-2.nasl - Type : ACT_GATHER_INFO
2007-11-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-431-1.nasl - Type : ACT_GATHER_INFO
2007-10-17Name : The remote SuSE system is missing the security patch MozillaThunderbird-2734
File : suse_MozillaThunderbird-2734.nasl - Type : ACT_GATHER_INFO
2007-10-17Name : The remote SuSE system is missing the security patch seamonkey-2691
File : suse_seamonkey-2691.nasl - Type : ACT_GATHER_INFO
2007-10-17Name : The remote SuSE system is missing the security patch seamonkey-2811
File : suse_seamonkey-2811.nasl - Type : ACT_GATHER_INFO
2007-10-17Name : The remote SuSE system is missing the security patch MozillaFirefox-2647
File : suse_MozillaFirefox-2647.nasl - Type : ACT_GATHER_INFO
2007-10-17Name : The remote SuSE system is missing the security patch MozillaFirefox-2699
File : suse_MozillaFirefox-2699.nasl - Type : ACT_GATHER_INFO
2007-07-27Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1336.nasl - Type : ACT_GATHER_INFO
2007-05-25Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0097.nasl - Type : ACT_GATHER_INFO
2007-04-06Name : The remote Windows host uses a library that may allow remote code execution.
File : sun_java_es_nss_code_exec.nasl - Type : ACT_GATHER_INFO
2007-03-26Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200703-22.nasl - Type : ACT_GATHER_INFO
2007-03-19Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200703-18.nasl - Type : ACT_GATHER_INFO
2007-03-12Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-066-03.nasl - Type : ACT_GATHER_INFO
2007-03-12Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-066-04.nasl - Type : ACT_GATHER_INFO
2007-03-12Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-066-05.nasl - Type : ACT_GATHER_INFO
2007-03-12Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200703-08.nasl - Type : ACT_GATHER_INFO
2007-03-07Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-052.nasl - Type : ACT_GATHER_INFO
2007-03-06Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2007-0078.nasl - Type : ACT_GATHER_INFO
2007-03-06Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-308.nasl - Type : ACT_GATHER_INFO
2007-03-06Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-309.nasl - Type : ACT_GATHER_INFO
2007-03-06Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-0078.nasl - Type : ACT_GATHER_INFO
2007-03-06Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200703-04.nasl - Type : ACT_GATHER_INFO
2007-03-02Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_15010.nasl - Type : ACT_GATHER_INFO
2007-03-02Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-050.nasl - Type : ACT_GATHER_INFO
2007-02-28Name : The remote Fedora Core host is missing one or more security updates.
File : fedora_2007-293.nasl - Type : ACT_GATHER_INFO
2007-02-28Name : A web browser on the remote host is prone to multiple flaws.
File : seamonkey_108.nasl - Type : ACT_GATHER_INFO
2007-02-27Name : The remote Fedora Core host is missing one or more security updates.
File : fedora_2007-278.nasl - Type : ACT_GATHER_INFO
2007-02-27Name : The remote Fedora Core host is missing one or more security updates.
File : fedora_2007-279.nasl - Type : ACT_GATHER_INFO
2007-02-27Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-281.nasl - Type : ACT_GATHER_INFO
2007-02-26Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0077.nasl - Type : ACT_GATHER_INFO
2007-02-26Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2007-0079.nasl - Type : ACT_GATHER_INFO
2007-02-26Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0077.nasl - Type : ACT_GATHER_INFO
2007-02-26Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-0079.nasl - Type : ACT_GATHER_INFO
2007-02-26Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_12bd6ecfc43011db95c5000c6ec775d9.nasl - Type : ACT_GATHER_INFO
2007-02-24Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_15010.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:50:28
  • Multiple Updates