Executive Summary
Summary | |
---|---|
Title | thunderbird security update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:0616 | First vendor Publication | 2008-07-23 |
Vendor | RedHat | Last vendor Modification | 2008-07-23 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated thunderbird packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the processing of malformed JavaScript content. An HTML mail containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed HTML content. An HTML mail containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed HTML content was displayed. An HTML mail containing specially-crafted content could, potentially, trick a Thunderbird user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in Thunderbird. An HTML mail containing malicious content could cause Thunderbird to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed .properties file was processed by Thunderbird. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Thunderbird escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Thunderbird. (CVE-2008-2808) A flaw was found in the way Thunderbird displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 452204 - CVE-2008-2785 mozilla: CSS reference counter overflow (ZDI-CAN-349) 452597 - CVE-2008-2798 Firefox malformed web content flaws 452598 - CVE-2008-2799 Firefox javascript arbitrary code execution 452599 - CVE-2008-2800 Firefox XSS attacks 452600 - CVE-2008-2802 Firefox arbitrary JavaScript code execution 452602 - CVE-2008-2803 Firefox javascript arbitrary code execution 452604 - CVE-2008-2805 Firefox arbitrary file disclosure 452605 - CVE-2008-2801 Firefox arbitrary signed JAR code execution 452709 - CVE-2008-2807 Firefox .properties memory leak 452710 - CVE-2008-2808 Firefox file location escaping flaw 452711 - CVE-2008-2809 Firefox self signed certificate flaw 452712 - CVE-2008-2810 Firefox arbitrary file disclosure 453007 - CVE-2008-2811 Firefox block reflow flaw |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-0616.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
23 % | CWE-399 | Resource Management Errors |
23 % | CWE-264 | Permissions, Privileges, and Access Controls |
15 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
15 % | CWE-20 | Improper Input Validation |
8 % | CWE-287 | Improper Authentication |
8 % | CWE-200 | Information Exposure |
8 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10205 | |||
Oval ID: | oval:org.mitre.oval:def:10205 | ||
Title: | Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. | ||
Description: | Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2809 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17505 | |||
Oval ID: | oval:org.mitre.oval:def:17505 | ||
Title: | USN-619-1 -- firefox vulnerabilities | ||
Description: | Various flaws were discovered in the browser engine. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-619-1 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2806 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18570 | |||
Oval ID: | oval:org.mitre.oval:def:18570 | ||
Title: | DSA-1621-1 icedove - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1621-1 CVE-2008-0304 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2802 CVE-2008-2803 CVE-2008-2807 CVE-2008-2809 CVE-2008-2811 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | icedove |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20284 | |||
Oval ID: | oval:org.mitre.oval:def:20284 | ||
Title: | DSA-1607-1 iceweasel - several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1607-1 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22266 | |||
Oval ID: | oval:org.mitre.oval:def:22266 | ||
Title: | ELSA-2008:0616: thunderbird security update (Moderate) | ||
Description: | The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0616-01 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811 | Version: | 57 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22654 | |||
Oval ID: | oval:org.mitre.oval:def:22654 | ||
Title: | ELSA-2008:0569: firefox security update (Critical) | ||
Description: | The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0569-01 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811 | Version: | 53 |
Platform(s): | Oracle Linux 5 | Product(s): | devhelp firefox xulrunner yelp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28716 | |||
Oval ID: | oval:org.mitre.oval:def:28716 | ||
Title: | RHSA-2008:0616 -- thunderbird security update (Moderate) | ||
Description: | Updated thunderbird packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the processing of malformed JavaScript content. An HTML mail containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0616 CESA-2008:0616-CentOS 5 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29028 | |||
Oval ID: | oval:org.mitre.oval:def:29028 | ||
Title: | RHSA-2008:0569 -- firefox security update (Critical) | ||
Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0569 CESA-2008:0569-CentOS 5 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | devhelp firefox xulrunner yelp |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7564 | |||
Oval ID: | oval:org.mitre.oval:def:7564 | ||
Title: | DSA-1621 icedove -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code. It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. "moz_bug_r_a4" discovered that XUL documents can escalate privileges by accessing the pre-compiled "fastload" file. "moz_bug_r_a4" discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceweasel itself is not affected, but some addons are. Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings secure connections. Greg McManus discovered discovered a crash in the block reflow code, which might allow the execution of arbitrary code. For the stable distribution (etch), these problems have been fixed in version 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614d-0etch1. Packages for s390 are not yet available and will be provided later. For the unstable distribution (sid), these problems have been fixed in version 2.0.0.16-1. We recommend that you upgrade your icedove package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1621 CVE-2008-0304 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2802 CVE-2008-2803 CVE-2008-2807 CVE-2008-2809 CVE-2008-2811 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | icedove |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8196 | |||
Oval ID: | oval:org.mitre.oval:def:8196 | ||
Title: | DSA-1607 iceweasel -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. "moz_bug_r_a4" discovered several cross-site scripting vulnerabilities. Collin Jackson and Adam Barth discovered that Javascript code could be executed in the context of signed JAR archives. "moz_bug_r_a4" discovered that XUL documents can escalate privileges by accessing the pre-compiled "fastload" file. "moz_bug_r_a4" discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceweasel itself is not affected, but some addons are. Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious web sites to force the browser to upload local files to the server, which could lead to information disclosure. Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. Masahiro Yamada discovered that file URLS in directory listings were insufficiently escaped. John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings secure connections. Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1607 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-13 | Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox5.nasl |
2009-10-13 | Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox1.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:136 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_136.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:155 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2008_155.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:148 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_148.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:155-1 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2008_155_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-623-1 File : nvt/gb_ubuntu_USN_623_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-619-1 File : nvt/gb_ubuntu_USN_619_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-626-1 File : nvt/gb_ubuntu_USN_626_1.nasl |
2009-03-23 | Name : Ubuntu Update for devhelp, epiphany-browser, midbrowser, yelp update USN-626-2 File : nvt/gb_ubuntu_USN_626_2.nasl |
2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-629-1 File : nvt/gb_ubuntu_USN_629_1.nasl |
2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0598-02 File : nvt/gb_RHSA-2008_0598-02_firefox.nasl |
2009-03-06 | Name : RedHat Update for thunderbird RHSA-2008:0616-01 File : nvt/gb_RHSA-2008_0616-01_thunderbird.nasl |
2009-03-06 | Name : RedHat Update for seamonkey RHSA-2008:0599-01 File : nvt/gb_RHSA-2008_0599-01_seamonkey.nasl |
2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0597-01 File : nvt/gb_RHSA-2008_0597-01_firefox.nasl |
2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0569-01 File : nvt/gb_RHSA-2008_0569-01_firefox.nasl |
2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0549-01 File : nvt/gb_RHSA-2008_0549-01_firefox.nasl |
2009-03-06 | Name : RedHat Update for seamonkey RHSA-2008:0547-01 File : nvt/gb_RHSA-2008_0547-01_seamonkey.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0598 centos3 x86_64 File : nvt/gb_CESA-2008_0598_firefox_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0547-01 centos2 i386 File : nvt/gb_CESA-2008_0547-01_seamonkey_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0547 centos3 i386 File : nvt/gb_CESA-2008_0547_seamonkey_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0547 centos3 x86_64 File : nvt/gb_CESA-2008_0547_seamonkey_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0547 centos4 i386 File : nvt/gb_CESA-2008_0547_seamonkey_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0547 centos4 x86_64 File : nvt/gb_CESA-2008_0547_seamonkey_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0598 centos3 i386 File : nvt/gb_CESA-2008_0598_firefox_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0549 centos3 i386 File : nvt/gb_CESA-2008_0549_firefox_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0549 centos4 i386 File : nvt/gb_CESA-2008_0549_firefox_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0549 centos4 x86_64 File : nvt/gb_CESA-2008_0549_firefox_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0599 centos3 x86_64 File : nvt/gb_CESA-2008_0599_seamonkey_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0599 centos3 i386 File : nvt/gb_CESA-2008_0599_seamonkey_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0599-01 centos2 i386 File : nvt/gb_CESA-2008_0599-01_seamonkey_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0549 centos3 x86_64 File : nvt/gb_CESA-2008_0549_firefox_centos3_x86_64.nasl |
2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_yelp_fc8.nasl |
2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_ruby-gnome2_fc8.nasl |
2009-02-17 | Name : Fedora Update for openvrml FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_openvrml_fc8.nasl |
2009-02-17 | Name : Fedora Update for liferea FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_liferea_fc8.nasl |
2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_kazehakase_fc8.nasl |
2009-02-17 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_gtkmozembedmm_fc8.nasl |
2009-02-17 | Name : Fedora Update for gnome-web-photo FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_gnome-web-photo_fc8.nasl |
2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_gnome-python2-extras_fc8.nasl |
2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_galeon_fc8.nasl |
2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_firefox_fc8.nasl |
2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_epiphany_fc8.nasl |
2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-6517 File : nvt/gb_fedora_2008_6517_seamonkey_fc8.nasl |
2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-6518 File : nvt/gb_fedora_2008_6518_devhelp_fc9.nasl |
2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-6518 File : nvt/gb_fedora_2008_6518_epiphany-extensions_fc9.nasl |
2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-6518 File : nvt/gb_fedora_2008_6518_epiphany_fc9.nasl |
2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-6518 File : nvt/gb_fedora_2008_6518_firefox_fc9.nasl |
2009-02-17 | Name : Fedora Update for xulrunner FEDORA-2008-6518 File : nvt/gb_fedora_2008_6518_xulrunner_fc9.nasl |
2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-6518 File : nvt/gb_fedora_2008_6518_yelp_fc9.nasl |
2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-6519 File : nvt/gb_fedora_2008_6519_seamonkey_fc9.nasl |
2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-6706 File : nvt/gb_fedora_2008_6706_thunderbird_fc8.nasl |
2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-6737 File : nvt/gb_fedora_2008_6737_thunderbird_fc9.nasl |
2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-6196 File : nvt/gb_fedora_2008_6196_seamonkey_fc8.nasl |
2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_devhelp_fc8.nasl |
2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_Miro_fc8.nasl |
2009-02-17 | Name : Fedora Update for blam FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_blam_fc8.nasl |
2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_chmsee_fc8.nasl |
2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_devhelp_fc8.nasl |
2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_epiphany-extensions_fc8.nasl |
2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_epiphany_fc8.nasl |
2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_firefox_fc8.nasl |
2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_galeon_fc8.nasl |
2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_gnome-python2-extras_fc8.nasl |
2009-02-17 | Name : Fedora Update for gnome-web-photo FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_gnome-web-photo_fc8.nasl |
2009-02-17 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_gtkmozembedmm_fc8.nasl |
2009-02-17 | Name : Fedora Update for liferea FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_liferea_fc8.nasl |
2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_epiphany-extensions_fc8.nasl |
2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_chmsee_fc8.nasl |
2009-02-17 | Name : Fedora Update for cairo-dock FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_cairo-dock_fc8.nasl |
2009-02-17 | Name : Fedora Update for blam FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_blam_fc8.nasl |
2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-6491 File : nvt/gb_fedora_2008_6491_Miro_fc8.nasl |
2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-6193 File : nvt/gb_fedora_2008_6193_seamonkey_fc9.nasl |
2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_yelp_fc8.nasl |
2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_kazehakase_fc8.nasl |
2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_ruby-gnome2_fc8.nasl |
2009-02-17 | Name : Fedora Update for openvrml FEDORA-2008-6127 File : nvt/gb_fedora_2008_6127_openvrml_fc8.nasl |
2009-01-23 | Name : SuSE Update for MozillaFirefox SUSE-SA:2008:034 File : nvt/gb_suse_2008_034.nasl |
2009-01-13 | Name : Debian Security Advisory DSA 1697-1 (iceape) File : nvt/deb_1697_1.nasl |
2008-10-07 | Name : Mozilla Seamonkey Multiple Vulnerability July-08 (Linux) File : nvt/gb_seamonkey_mult_vuln_july08_lin.nasl |
2008-10-07 | Name : Mozilla Thunderbird Multiple Vulnerability July-08 (Linux) File : nvt/gb_thunderbird_mult_vuln_july08_lin.nasl |
2008-10-07 | Name : Mozilla Firefox Multiple Vulnerability July-08 (Linux) File : nvt/gb_firefox_mult_vuln_july08_lin.nasl |
2008-10-06 | Name : Mozilla Seamonkey Multiple Vulnerability July-08 (Win) File : nvt/gb_seamonkey_mult_vuln_july08_win.nasl |
2008-10-06 | Name : Mozilla Firefox Multiple Vulnerability July-08 (Win) File : nvt/gb_firefox_mult_vuln_july08_win.nasl |
2008-10-06 | Name : Mozilla Thunderbird Multiple Vulnerability July-08 (Win) File : nvt/gb_thunderbird_mult_vuln_july08_win.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200808-03 (mozilla ...) File : nvt/glsa_200808_03.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1614-1 (iceweasel) File : nvt/deb_1614_1.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1615-1 (xulrunner) File : nvt/deb_1615_1.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1621-1 (icedove) File : nvt/deb_1621_1.nasl |
2008-07-15 | Name : Debian Security Advisory DSA 1607-1 (iceweasel) File : nvt/deb_1607_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-191-03 seamonkey File : nvt/esoft_slk_ssa_2008_191_03.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-198-01 mozilla-firefox File : nvt/esoft_slk_ssa_2008_198_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-198-02 seamonkey File : nvt/esoft_slk_ssa_2008_198_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-210-05 mozilla-thunderbird File : nvt/esoft_slk_ssa_2008_210_05.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46688 | Mozilla Multiple Browser XMLHttpRequest / onreadystatechange Handler XSS |
46687 | Mozilla Multiple Browser Unloaded Document script Element XSS |
46686 | Mozilla Multiple Browser nsXMLHttpRequest::OnChannelRedirect() Function Same-... |
46685 | Mozilla Multiple Browser Outer Window Event Handler XUL Element XSS |
46684 | Mozilla Multiple Browser Signed JAR JavaScript Injection |
46683 | Mozilla Multiple Product Non-priviliged XUL Documents chrome: Privilege Escal... |
46682 | Mozilla Multiple Product mozIJSSubScriptLoader.LoadScript() Arbitrary Code Ex... |
46681 | Mozilla Multiple Browser originalTarget / DOM Range Arbitrary File Upload |
46679 | Mozilla Multiple Browser Add-on .properties File Arbitrary Memory Disclosure |
46678 | Mozilla Multiple Browser Directory Listing File Name XSS |
46677 | Mozilla Multiple Product Peer-trusted Certificate Alternate Name Spoofing |
46676 | Mozilla Multiple Browser Windows URL Shortcut Handling Cross-context Execution |
46675 | Mozilla Multiple Product Engine Block Reflow Code Arbitrary Code Execution |
46674 | Mozilla Multiple Product JavaScript Engine Multiple Unspecified Memory Corrup... |
46673 | Mozilla Multiple Product Layout Engine Multiple Unspecified Memory Corruption |
46421 | Mozilla Firefox CSSValue Array Memory Corruption |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla multiple products CSSValue array memory corruption attempt RuleID : 17630 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla CSS value counter overflow attempt RuleID : 16292 - Revision : 8 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0597.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0569.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0549.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0547.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0598.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0599.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0616.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20080702_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080702_firefox_on_SL_5_2.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080702_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080716_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20080723_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0616.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0569.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0597.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-080731.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-080912.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-080912.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-136.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-148.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-155.nasl - Type : ACT_GATHER_INFO |
2009-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1697.nasl - Type : ACT_GATHER_INFO |
2008-10-16 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5680.nasl - Type : ACT_GATHER_INFO |
2008-09-14 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5600.nasl - Type : ACT_GATHER_INFO |
2008-09-14 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5599.nasl - Type : ACT_GATHER_INFO |
2008-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6706.nasl - Type : ACT_GATHER_INFO |
2008-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6737.nasl - Type : ACT_GATHER_INFO |
2008-08-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-03.nasl - Type : ACT_GATHER_INFO |
2008-08-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-626-2.nasl - Type : ACT_GATHER_INFO |
2008-07-29 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5450.nasl - Type : ACT_GATHER_INFO |
2008-07-29 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5449.nasl - Type : ACT_GATHER_INFO |
2008-07-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-210-05.nasl - Type : ACT_GATHER_INFO |
2008-07-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-626-1.nasl - Type : ACT_GATHER_INFO |
2008-07-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1621.nasl - Type : ACT_GATHER_INFO |
2008-07-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-629-1.nasl - Type : ACT_GATHER_INFO |
2008-07-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1614.nasl - Type : ACT_GATHER_INFO |
2008-07-24 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20016.nasl - Type : ACT_GATHER_INFO |
2008-07-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0616.nasl - Type : ACT_GATHER_INFO |
2008-07-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1615.nasl - Type : ACT_GATHER_INFO |
2008-07-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-6491.nasl - Type : ACT_GATHER_INFO |
2008-07-18 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-198-01.nasl - Type : ACT_GATHER_INFO |
2008-07-18 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-198-02.nasl - Type : ACT_GATHER_INFO |
2008-07-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6517.nasl - Type : ACT_GATHER_INFO |
2008-07-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-6518.nasl - Type : ACT_GATHER_INFO |
2008-07-18 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6519.nasl - Type : ACT_GATHER_INFO |
2008-07-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-623-1.nasl - Type : ACT_GATHER_INFO |
2008-07-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0599.nasl - Type : ACT_GATHER_INFO |
2008-07-17 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0598.nasl - Type : ACT_GATHER_INFO |
2008-07-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0599.nasl - Type : ACT_GATHER_INFO |
2008-07-17 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0598.nasl - Type : ACT_GATHER_INFO |
2008-07-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0597.nasl - Type : ACT_GATHER_INFO |
2008-07-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_301.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : A web browser on the remote host is affected by a code execution vulnerability. File : seamonkey_1111.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20016.nasl - Type : ACT_GATHER_INFO |
2008-07-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1607.nasl - Type : ACT_GATHER_INFO |
2008-07-15 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5411.nasl - Type : ACT_GATHER_INFO |
2008-07-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5405.nasl - Type : ACT_GATHER_INFO |
2008-07-10 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-191-03.nasl - Type : ACT_GATHER_INFO |
2008-07-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6193.nasl - Type : ACT_GATHER_INFO |
2008-07-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6196.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-6127.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0549.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0547.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-619-1.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0569.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0549.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0547.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20015.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1110.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:51 |
|