Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title seamonkey security update
Informations
Name RHSA-2008:0882 First vendor Publication 2008-09-23
Vendor RedHat Last vendor Modification 2008-09-23
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated seamonkey packages that fix a security issues are now available for Red Hat Enterprise Linux 2.1, Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062)

Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069)

A flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837)

A flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066)

All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

463181 - CVE-2008-0016 Mozilla UTF-8 stack buffer overflow 463182 - CVE-2008-3835 nsXMLDocument::OnChannelRedirect() same-origin violation 463189 - CVE-2008-3837 Forced mouse drag 463190 - CVE-2008-4058 Mozilla privilege escalation via XPCnativeWrapper pollution 463192 - CVE-2008-4059 Mozilla privilege escalation via XPCnativeWrapper pollution 463198 - CVE-2008-4060 Mozilla privilege escalation via XPCnativeWrapper pollution 463199 - CVE-2008-4061 Mozilla layout engine crash 463201 - CVE-2008-4062 Mozilla crashes with evidence of memory corruption 463234 - CVE-2008-4065 Mozilla BOM characters stripped from JavaScript before execution 463243 - CVE-2008-4066 Mozilla low surrogates stripped from JavaScript before execution 463246 - CVE-2008-4067 Mozilla resource: traversal vulnerability 463248 - CVE-2008-4068 Mozilla local HTML file recource: bypass 463251 - CVE-2008-4069 Mozilla XBM decoder information disclosure

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2008-0882.html

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-264 Permissions, Privileges, and Access Controls
17 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
17 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
8 % CWE-399 Resource Management Errors
8 % CWE-200 Information Exposure
8 % CWE-189 Numeric Errors (CWE/SANS Top 25)
8 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10206
 
Oval ID: oval:org.mitre.oval:def:10206
Title: Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.
Description: Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4062
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10770
 
Oval ID: oval:org.mitre.oval:def:10770
Title: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.
Description: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4067
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10794
 
Oval ID: oval:org.mitre.oval:def:10794
Title: Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.
Description: Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4061
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11000
 
Oval ID: oval:org.mitre.oval:def:11000
Title: The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.
Description: The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4069
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11383
 
Oval ID: oval:org.mitre.oval:def:11383
Title: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
Description: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
Family: unix Class: vulnerability
Reference(s): CVE-2008-4065
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11471
 
Oval ID: oval:org.mitre.oval:def:11471
Title: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.
Description: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4068
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11579
 
Oval ID: oval:org.mitre.oval:def:11579
Title: Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
Description: Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
Family: unix Class: vulnerability
Reference(s): CVE-2008-0016
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11607
 
Oval ID: oval:org.mitre.oval:def:11607
Title: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.
Description: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4060
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17626
 
Oval ID: oval:org.mitre.oval:def:17626
Title: USN-645-1 -- firefox, firefox-3.0, xulrunner-1.9 vulnerabilities
Description: Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines.
Family: unix Class: patch
Reference(s): USN-645-1
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
Version: 7
Platform(s): Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): firefox
firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17661
 
Oval ID: oval:org.mitre.oval:def:17661
Title: USN-645-3 -- firefox-3.0, xulrunner-1.9 regression
Description: USN-645-1 fixed vulnerabilities in Firefox and xulrunner.
Family: unix Class: patch
Reference(s): USN-645-3
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
Version: 7
Platform(s): Ubuntu 8.04
Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17769
 
Oval ID: oval:org.mitre.oval:def:17769
Title: USN-645-2 -- firefox vulnerabilities
Description: USN-645-1 fixed vulnerabilities in Firefox and xulrunner for Ubuntu 7.04, 7.10 and 8.04 LTS.
Family: unix Class: patch
Reference(s): USN-645-2
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
Version: 7
Platform(s): Ubuntu 6.06
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19884
 
Oval ID: oval:org.mitre.oval:def:19884
Title: DSA-1649-1 iceweasel - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.
Family: unix Class: patch
Reference(s): DSA-1649-1
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22483
 
Oval ID: oval:org.mitre.oval:def:22483
Title: ELSA-2008:0879: firefox security update (Critical)
Description: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.
Family: unix Class: patch
Reference(s): ELSA-2008:0879-01
CVE-2008-3837
CVE-2008-4058
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
Version: 45
Platform(s): Oracle Linux 5
Product(s): firefox
devhelp
nss
xulrunner
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29008
 
Oval ID: oval:org.mitre.oval:def:29008
Title: RHSA-2008:0879 -- firefox security update (Critical)
Description: All firefox users should upgrade to this updated package, which contains backported patches that correct these issues.
Family: unix Class: patch
Reference(s): RHSA-2008:0879
CESA-2008:0879-CentOS 5
CVE-2008-3837
CVE-2008-4058
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4063
CVE-2008-4064
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): firefox
devhelp
nss
xulrunner
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7657
 
Oval ID: oval:org.mitre.oval:def:7657
Title: DSA-1649 iceweasel -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. moz_bug_r_a4 discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could by bypassed. moz_bug_r_a4 discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. moz_bug_r_a4 discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. moz_bug_r_a4 discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. Olli Pettay and moz_bug_r_a4 discovered a Chrome privilege escalation vulnerability in XSLT handling. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. Gareth Heyes discovered that some Unicode surrogate characters are ignored by the HTML parser. Boris Zbarsky discovered that resource: URLs allow directory traversal when using URL-encoded slashes. Georgi Guninski discovered that resource: URLs could bypass local access restrictions. Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory.
Family: unix Class: patch
Reference(s): DSA-1649
CVE-2008-0016
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4066
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8880
 
Oval ID: oval:org.mitre.oval:def:8880
Title: Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "javascript" sequence, aka "HTML escaped low surrogates bug."
Description: Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug."
Family: unix Class: vulnerability
Reference(s): CVE-2008-4066
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9529
 
Oval ID: oval:org.mitre.oval:def:9529
Title: The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
Description: The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4059
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9643
 
Oval ID: oval:org.mitre.oval:def:9643
Title: The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
Description: The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3835
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9679
 
Oval ID: oval:org.mitre.oval:def:9679
Title: The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.
Description: The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4058
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9950
 
Oval ID: oval:org.mitre.oval:def:9950
Title: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
Description: Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
Family: unix Class: vulnerability
Reference(s): CVE-2008-3837
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 149
Application 33
Application 81
Os 4
Os 1

SAINT Exploits

Description Link
Mozilla Firefox UTF-8 URL buffer overflow More info here

ExploitDB Exploits

id Description
2009-09-14 Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit

OpenVAS Exploits

Date Description
2009-10-13 Name : SLES10: Security update for Mozilla
File : nvt/sles10_gecko-sdk.nasl
2009-10-13 Name : SLES10: Security update for MozillaFirefox
File : nvt/sles10_MozillaFirefox4.nasl
2009-10-10 Name : SLES9: Security update for Epiphany and Mozilla
File : nvt/sles9p5036604.nasl
2009-06-03 Name : Solaris Update for Mozilla 1.7 125539-06
File : nvt/gb_solaris_125539_06.nasl
2009-06-03 Name : Solaris Update for Mozilla Firefox Web browser 125540-06
File : nvt/gb_solaris_125540_06.nasl
2009-04-09 Name : Mandriva Update for mozilla-firefox MDVSA-2008:205 (mozilla-firefox)
File : nvt/gb_mandriva_MDVSA_2008_205.nasl
2009-04-09 Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:206 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2008_206.nasl
2009-03-23 Name : Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-645-1
File : nvt/gb_ubuntu_USN_645_1.nasl
2009-03-23 Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-647-1
File : nvt/gb_ubuntu_USN_647_1.nasl
2009-03-23 Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-645-3
File : nvt/gb_ubuntu_USN_645_3.nasl
2009-03-23 Name : Ubuntu Update for firefox vulnerabilities USN-645-2
File : nvt/gb_ubuntu_USN_645_2.nasl
2009-03-06 Name : RedHat Update for thunderbird RHSA-2008:0908-01
File : nvt/gb_RHSA-2008_0908-01_thunderbird.nasl
2009-03-06 Name : RedHat Update for firefox RHSA-2008:0879-01
File : nvt/gb_RHSA-2008_0879-01_firefox.nasl
2009-03-06 Name : RedHat Update for seamonkey RHSA-2008:0882-01
File : nvt/gb_RHSA-2008_0882-01_seamonkey.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386
File : nvt/gb_CESA-2008_0882-01_seamonkey_centos2_i386.nasl
2009-02-27 Name : CentOS Update for thunderbird CESA-2008:0908 centos4 x86_64
File : nvt/gb_CESA-2008_0908_thunderbird_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for thunderbird CESA-2008:0908 centos4 i386
File : nvt/gb_CESA-2008_0908_thunderbird_centos4_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64
File : nvt/gb_CESA-2008_0882_seamonkey_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:0882 centos3 i386
File : nvt/gb_CESA-2008_0882_seamonkey_centos3_i386.nasl
2009-02-17 Name : Fedora Update for epiphany-extensions FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_epiphany-extensions_fc9.nasl
2009-02-17 Name : Fedora Update for epiphany FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_epiphany_fc9.nasl
2009-02-17 Name : Fedora Update for evolution-rss FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_evolution-rss_fc9.nasl
2009-02-17 Name : Fedora Update for firefox FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_firefox_fc9.nasl
2009-02-17 Name : Fedora Update for galeon FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_galeon_fc9.nasl
2009-02-17 Name : Fedora Update for gnome-python2-extras FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_gnome-python2-extras_fc9.nasl
2009-02-17 Name : Fedora Update for gnome-web-photo FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_gnome-web-photo_fc9.nasl
2009-02-17 Name : Fedora Update for google-gadgets FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_google-gadgets_fc9.nasl
2009-02-17 Name : Fedora Update for gtkmozembedmm FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_gtkmozembedmm_fc9.nasl
2009-02-17 Name : Fedora Update for kazehakase FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_kazehakase_fc9.nasl
2009-02-17 Name : Fedora Update for mozvoikko FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_mozvoikko_fc9.nasl
2009-02-17 Name : Fedora Update for mugshot FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_mugshot_fc9.nasl
2009-02-17 Name : Fedora Update for ruby-gnome2 FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_ruby-gnome2_fc9.nasl
2009-02-17 Name : Fedora Update for totem FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_totem_fc9.nasl
2009-02-17 Name : Fedora Update for xulrunner FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_xulrunner_fc9.nasl
2009-02-17 Name : Fedora Update for yelp FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_yelp_fc9.nasl
2009-02-17 Name : Fedora Update for seamonkey FEDORA-2008-8429
File : nvt/gb_fedora_2008_8429_seamonkey_fc9.nasl
2009-02-17 Name : Fedora Update for thunderbird FEDORA-2008-9807
File : nvt/gb_fedora_2008_9807_thunderbird_fc8.nasl
2009-02-17 Name : Fedora Update for thunderbird FEDORA-2008-9859
File : nvt/gb_fedora_2008_9859_thunderbird_fc9.nasl
2009-02-17 Name : Fedora Update for Miro FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_Miro_fc9.nasl
2009-02-17 Name : Fedora Update for chmsee FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_chmsee_fc9.nasl
2009-02-17 Name : Fedora Update for Miro FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_Miro_fc8.nasl
2009-02-17 Name : Fedora Update for blam FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_blam_fc8.nasl
2009-02-17 Name : Fedora Update for cairo-dock FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_cairo-dock_fc8.nasl
2009-02-17 Name : Fedora Update for chmsee FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_chmsee_fc8.nasl
2009-02-17 Name : Fedora Update for devhelp FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_devhelp_fc8.nasl
2009-02-17 Name : Fedora Update for epiphany-extensions FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_epiphany-extensions_fc8.nasl
2009-02-17 Name : Fedora Update for epiphany FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_epiphany_fc8.nasl
2009-02-17 Name : Fedora Update for evolution-rss FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_evolution-rss_fc8.nasl
2009-02-17 Name : Fedora Update for firefox FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_firefox_fc8.nasl
2009-02-17 Name : Fedora Update for galeon FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_galeon_fc8.nasl
2009-02-17 Name : Fedora Update for gnome-python2-extras FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_gnome-python2-extras_fc8.nasl
2009-02-17 Name : Fedora Update for gtkmozembedmm FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_gtkmozembedmm_fc8.nasl
2009-02-17 Name : Fedora Update for devhelp FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_devhelp_fc9.nasl
2009-02-17 Name : Fedora Update for cairo-dock FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_cairo-dock_fc9.nasl
2009-02-17 Name : Fedora Update for blam FEDORA-2008-8425
File : nvt/gb_fedora_2008_8425_blam_fc9.nasl
2009-02-17 Name : Fedora Update for seamonkey FEDORA-2008-8401
File : nvt/gb_fedora_2008_8401_seamonkey_fc8.nasl
2009-02-17 Name : Fedora Update for yelp FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_yelp_fc8.nasl
2009-02-17 Name : Fedora Update for ruby-gnome2 FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_ruby-gnome2_fc8.nasl
2009-02-17 Name : Fedora Update for openvrml FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_openvrml_fc8.nasl
2009-02-17 Name : Fedora Update for liferea FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_liferea_fc8.nasl
2009-02-17 Name : Fedora Update for kazehakase FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_kazehakase_fc8.nasl
2009-02-17 Name : Fedora Update for gnome-web-photo FEDORA-2008-8399
File : nvt/gb_fedora_2008_8399_gnome-web-photo_fc8.nasl
2009-01-23 Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey,mozilla SUSE-SA:...
File : nvt/gb_suse_2008_050.nasl
2009-01-13 Name : Debian Security Advisory DSA 1697-1 (iceape)
File : nvt/deb_1697_1.nasl
2009-01-13 Name : Debian Security Advisory DSA 1696-1 (icedove)
File : nvt/deb_1696_1.nasl
2008-11-24 Name : Debian Security Advisory DSA 1669-1 (xulrunner)
File : nvt/deb_1669_1.nasl
2008-11-01 Name : Debian Security Advisory DSA 1649-1 (iceweasel)
File : nvt/deb_1649_1.nasl
2008-09-24 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox34.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-270-01 mozilla-thunderbird
File : nvt/esoft_slk_ssa_2008_270_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-269-02 seamonkey
File : nvt/esoft_slk_ssa_2008_269_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-269-01 mozilla-firefox
File : nvt/esoft_slk_ssa_2008_269_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
48780 Mozilla Multiple Products URL Parsing Implementation Crafted UTF-8 URL Arbitr...

48779 Mozilla Multiple Products XBM Decoder Image File Handling Arbitrary Memory Di...

48773 Mozilla Multiple Product nsXMLDocument::OnChannelRedirect Function Same Origi...

48771 Mozilla Firefox HTML Escaped Low Surrogates XSS

48770 Mozilla Firefox XPConnect Component SCRIPT Element Privileged Code Execution

48769 Mozilla Multiple Products resource URI Traversal Access Restriction Bypass

48768 Mozilla Multiple Products window.moveBy Crafted onmousedown drag-and-drop Act...

48761 Mozilla Multiple Products on Linux URL-encoded resource URI Traversal Arbitra...

48760 Mozilla Multiple Products Stripped BOM Character XSS

48759 Mozilla Multiple Products MathML Component rowspan Attribute Handling Memory ...

48751 Mozilla Multiple Products nsJSNPRuntime.cpp nsNPObjWrapper::GetNewOrUsed Func...

48750 Mozilla Multiple Products nsEscape.cpp nsEscapeCount Function Memory Corruption

48749 Mozilla Multiple Products jsxml.c Namespace / Qname Characteristic Handling M...

48748 Mozilla Multiple Products XSLT Arbitrary Script Execution

48747 Mozilla Multiple Products document.loadBindingDocument() Arbitrary Script Exe...

48746 Mozilla Multiple Products XPCNativeWrappers Pollution Arbitrary Code Execution

Snort® IPS/IDS

Date Description
2017-08-29 Mozilla Firefox BOM character cross site scripting attempt
RuleID : 43749 - Revision : 2 - Type : BROWSER-FIREFOX
2017-08-29 Mozilla Firefox BOM character cross site scripting attempt
RuleID : 43748 - Revision : 2 - Type : BROWSER-FIREFOX
2017-08-23 Mozilla products obfuscated cross site scripting attempt
RuleID : 43673 - Revision : 3 - Type : BROWSER-FIREFOX
2017-08-23 Mozilla products obfuscated cross site scripting attempt
RuleID : 43672 - Revision : 3 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
RuleID : 17519 - Revision : 9 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0879.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0882.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2008-0908.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-645-2.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080923_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080923_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20081001_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0879.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-081002.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-081003.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner181-081002.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner190-081002.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-081003.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-647-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-645-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-206.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-645-3.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-205.nasl - Type : ACT_GATHER_INFO
2009-01-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1696.nasl - Type : ACT_GATHER_INFO
2009-01-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1697.nasl - Type : ACT_GATHER_INFO
2008-11-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1669.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9859.nasl - Type : ACT_GATHER_INFO
2008-11-21 Name : The remote Fedora host is missing a security update.
File : fedora_2008-9807.nasl - Type : ACT_GATHER_INFO
2008-10-09 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1649.nasl - Type : ACT_GATHER_INFO
2008-10-08 Name : The remote openSUSE host is missing a security update.
File : suse_mozilla-xulrunner181-5656.nasl - Type : ACT_GATHER_INFO
2008-10-08 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_gecko-sdk-5654.nasl - Type : ACT_GATHER_INFO
2008-10-07 Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-5657.nasl - Type : ACT_GATHER_INFO
2008-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaThunderbird-5655.nasl - Type : ACT_GATHER_INFO
2008-10-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2008-0908.nasl - Type : ACT_GATHER_INFO
2008-10-02 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0908.nasl - Type : ACT_GATHER_INFO
2008-10-01 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-5640.nasl - Type : ACT_GATHER_INFO
2008-10-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-5644.nasl - Type : ACT_GATHER_INFO
2008-09-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-8425.nasl - Type : ACT_GATHER_INFO
2008-09-29 Name : The remote Fedora host is missing a security update.
File : fedora_2008-8401.nasl - Type : ACT_GATHER_INFO
2008-09-29 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-8399.nasl - Type : ACT_GATHER_INFO
2008-09-29 Name : The remote Fedora host is missing a security update.
File : fedora_2008-8429.nasl - Type : ACT_GATHER_INFO
2008-09-28 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-270-01.nasl - Type : ACT_GATHER_INFO
2008-09-26 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-269-01.nasl - Type : ACT_GATHER_INFO
2008-09-26 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-269-02.nasl - Type : ACT_GATHER_INFO
2008-09-26 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20017.nasl - Type : ACT_GATHER_INFO
2008-09-25 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0882.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1112.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0882.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0879.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_302.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_20017.nasl - Type : ACT_GATHER_INFO
2008-09-24 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2273879e8a2f11dda6fe0030843d3802.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:51:57
  • Multiple Updates