Executive Summary
Summary | |
---|---|
Title | thunderbird security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0981 | First vendor Publication | 2007-10-19 |
Vendor | RedHat | Last vendor Modification | 2007-10-19 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Problem description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially-crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially-crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 333991 - Mozilla products security update (CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0981.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
43 % | CWE-20 | Improper Input Validation |
29 % | CWE-16 | Configuration |
14 % | CWE-264 | Permissions, Privileges, and Access Controls |
14 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10965 | |||
Oval ID: | oval:org.mitre.oval:def:10965 | ||
Title: | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. | ||
Description: | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5338 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11443 | |||
Oval ID: | oval:org.mitre.oval:def:11443 | ||
Title: | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | ||
Description: | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5337 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11665 | |||
Oval ID: | oval:org.mitre.oval:def:11665 | ||
Title: | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. | ||
Description: | Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1095 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17494 | |||
Oval ID: | oval:org.mitre.oval:def:17494 | ||
Title: | USN-536-1 -- mozilla-thunderbird, thunderbird vulnerabilities | ||
Description: | Various flaws were discovered in the layout and JavaScript engines. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-536-1 CVE-2007-5339 CVE-2007-5340 CVE-2006-2894 CVE-2007-3511 CVE-2007-1095 CVE-2007-2292 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | mozilla-thunderbird thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17867 | |||
Oval ID: | oval:org.mitre.oval:def:17867 | ||
Title: | DSA-1391-1 icedove - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1391-1 CVE-2007-3734 CVE-2007-3735 CVE-2007-3844 CVE-2007-3845 CVE-2007-5339 CVE-2007-5340 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | icedove |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18655 | |||
Oval ID: | oval:org.mitre.oval:def:18655 | ||
Title: | DSA-1574-1 icedove - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1574-1 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2007-3738 CVE-2007-5338 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | icedove |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18729 | |||
Oval ID: | oval:org.mitre.oval:def:18729 | ||
Title: | DSA-1534-1 iceape | ||
Description: | Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1534-1 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18755 | |||
Oval ID: | oval:org.mitre.oval:def:18755 | ||
Title: | DSA-1532-1 xulrunner | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1532-1 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19906 | |||
Oval ID: | oval:org.mitre.oval:def:19906 | ||
Title: | DSA-1534-2 iceape - regression | ||
Description: | Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1534-2 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20297 | |||
Oval ID: | oval:org.mitre.oval:def:20297 | ||
Title: | DSA-1535-1 iceweasel | ||
Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1535-1 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21818 | |||
Oval ID: | oval:org.mitre.oval:def:21818 | ||
Title: | ELSA-2007:0979: firefox security update (Critical) | ||
Description: | Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0979-02 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 | Version: | 41 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22422 | |||
Oval ID: | oval:org.mitre.oval:def:22422 | ||
Title: | ELSA-2007:0981: thunderbird security update (Moderate) | ||
Description: | Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0981-02 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 | Version: | 41 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7395 | |||
Oval ID: | oval:org.mitre.oval:def:7395 | ||
Title: | DSA-1535 iceweasel -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. moz_bug_r_a4 discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. moz_bug_r_a4 discovered that insecure handling of event handlers could lead to cross-site scripting. Boris Zbarsky, Johnny Stenback and moz_bug_r_a4 discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code. Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. georgi, tgirmann and Igor Bukanov discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks. Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin. Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks. The Mozilla products from the old stable distribution (sarge) are no longer supported. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1535 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7869 | |||
Oval ID: | oval:org.mitre.oval:def:7869 | ||
Title: | DSA-1534 iceape -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems: Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. moz_bug_r_a4 discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. moz_bug_r_a4 discovered that insecure handling of event handlers could lead to cross-site scripting. Boris Zbarsky, Johnny Stenback and moz_bug_r_a4 discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code. Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. Georgi, Tgirmann and Igor Bukanov discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks. Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin. Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks. The Mozilla products from the old stable distribution (sarge) are no longer supported. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1534 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceape |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7955 | |||
Oval ID: | oval:org.mitre.oval:def:7955 | ||
Title: | DSA-1532 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Peter Brodersen and Alexander Klink discovered that the autoselection of SSL client certificates could lead to users being tracked, resulting in a loss of privacy. moz_bug_r_a4 discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. moz_bug_r_a4 discovered that insecure handling of event handlers could lead to cross-site scripting. Boris Zbarsky, Johnny Stenback and moz_bug_r_a4 discovered that incorrect principal handling could lead to cross-site scripting and the execution of arbitrary code. Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. georgi, tgirmann and Igor Bukanov discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Gregory Fleischer discovered that HTTP Referrer headers were handled incorrectly in combination with URLs containing Basic Authentication credentials with empty usernames, resulting in potential Cross-Site Request Forgery attacks. Gregory Fleischer discovered that web content fetched through the jar: protocol can use Java to connect to arbitrary ports. This is only an issue in combination with the non-free Java plugin. Chris Thomas discovered that background tabs could generate XUL popups overlaying the current tab, resulting in potential spoofing attacks. The Mozilla products from the old stable distribution (sarge) are no longer supported. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1532 CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241 CVE-2007-3738 CVE-2007-5338 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9493 | |||
Oval ID: | oval:org.mitre.oval:def:9493 | ||
Title: | Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression. | ||
Description: | Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3844 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9763 | |||
Oval ID: | oval:org.mitre.oval:def:9763 | ||
Title: | The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field. | ||
Description: | The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3511 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5018527.nasl |
2009-05-05 | Name : HP-UX Update for Thunderbird HPSBUX02156 File : nvt/gb_hp_ux_HPSBUX02156.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2007:047 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2007_047.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDKSA-2007:202 (mozilla-firefox) File : nvt/gb_mandriva_MDKSA_2007_202.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDKSA-2007:152 (mozilla-firefox) File : nvt/gb_mandriva_MDKSA_2007_152.nasl |
2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-536-1 File : nvt/gb_ubuntu_USN_536_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-535-1 File : nvt/gb_ubuntu_USN_535_1.nasl |
2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird vulnerabilities USN-503-1 File : nvt/gb_ubuntu_USN_503_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-493-1 File : nvt/gb_ubuntu_USN_493_1.nasl |
2009-02-27 | Name : Fedora Update for firefox FEDORA-2007-2664 File : nvt/gb_fedora_2007_2664_firefox_fc7.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-3431 File : nvt/gb_fedora_2007_3431_thunderbird_fc7.nasl |
2009-02-27 | Name : Fedora Update for thunderbird FEDORA-2007-3414 File : nvt/gb_fedora_2007_3414_thunderbird_fc8.nasl |
2009-02-27 | Name : Fedora Update for seamonkey FEDORA-2007-2795 File : nvt/gb_fedora_2007_2795_seamonkey_fc8.nasl |
2009-02-27 | Name : Fedora Update for seamonkey FEDORA-2007-2601 File : nvt/gb_fedora_2007_2601_seamonkey_fc7.nasl |
2009-01-28 | Name : SuSE Update for MozillaFirefox,mozilla,seamonkey SUSE-SA:2007:057 File : nvt/gb_suse_2007_057.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-24 (mozilla-thunderbird mozilla-thunderb... File : nvt/glsa_200711_24.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-14 (firefox seamonkey xulrunner) File : nvt/glsa_200711_14.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200708-09 (mozilla/thunderbird/firefox/xulrunner) File : nvt/glsa_200708_09.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox27.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1574-1 (icedove) File : nvt/deb_1574_1.nasl |
2008-04-30 | Name : Debian Security Advisory DSA 1534-2 (iceape) File : nvt/deb_1534_2.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1535-1 (iceweasel) File : nvt/deb_1535_1.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1534-1 (iceape) File : nvt/deb_1534_1.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1532-1 (xulrunner) File : nvt/deb_1532_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1401-1 (iceape) File : nvt/deb_1401_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1345-1 (xulrunner) File : nvt/deb_1345_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1346-1 (iceape) File : nvt/deb_1346_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1391-1 (icedove) File : nvt/deb_1391_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1392-1 (xulrunner) File : nvt/deb_1392_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1396-1 (icedove) File : nvt/deb_1396_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1344-1 (iceweasel) File : nvt/deb_1344_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-213-01 firefox File : nvt/esoft_slk_ssa_2007_213_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-324-01 mozilla-thunderbird File : nvt/esoft_slk_ssa_2007_324_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
38044 | Mozilla Multiple Products JavaScript Engine Multiple Unspecified Memory Corr... |
38043 | Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corruption |
38035 | Mozilla Multiple Products XUL Page Title Bar Spoofing |
38034 | Mozilla Firefox on Linux gnome-vfs smb/sftp URI Arbitrary File Access |
38033 | Mozilla Multiple Products Script Object XPCNativeWrappers Pollution |
38026 | Mozilla Multiple Products Addon Chrome Cross-Context Scripting |
37995 | Mozilla Firefox Digest Authentication username Attribute CRLF Injection |
37994 | Mozilla Multiple Browsers onkeydown Event Window Focus Manipulation |
33809 | Mozilla Firefox JavaScript onUnload Handler Site Tailgating |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla Firefox XBL Event Handler Tags Removal memory corruption attempt RuleID : 15383 - Revision : 8 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0979.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0980.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-0981.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20071019_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071019_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071019_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-202.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-047.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1574.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1535.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1532.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1534.nasl - Type : ACT_GATHER_INFO |
2008-01-10 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-4874.nasl - Type : ACT_GATHER_INFO |
2007-12-20 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_15014.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-4570.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-4811.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-324-01.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-24.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3414.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3431.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_2009.nasl - Type : ACT_GATHER_INFO |
2007-11-14 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-14.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-536-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-535-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-503-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-493-1.nasl - Type : ACT_GATHER_INFO |
2007-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2795.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2664.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2601.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1401.nasl - Type : ACT_GATHER_INFO |
2007-10-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1396.nasl - Type : ACT_GATHER_INFO |
2007-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-4596.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0979.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0980.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0981.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-4594.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0981.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0980.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0979.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1391.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1392.nasl - Type : ACT_GATHER_INFO |
2007-10-25 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e24797af803d11dcb787003048705d5a.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_115.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-4572.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-4574.nasl - Type : ACT_GATHER_INFO |
2007-10-19 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_2008.nasl - Type : ACT_GATHER_INFO |
2007-08-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-09.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1345.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1344.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1346.nasl - Type : ACT_GATHER_INFO |
2007-08-04 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_114.nasl - Type : ACT_GATHER_INFO |
2007-08-02 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-213-01.nasl - Type : ACT_GATHER_INFO |
2007-08-02 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-152.nasl - Type : ACT_GATHER_INFO |
2007-08-02 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_2006.nasl - Type : ACT_GATHER_INFO |
2007-07-31 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_2006.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:08 |
|