Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | thunderbird security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2008:0908 | First vendor Publication | 2008-10-01 |
| Vendor | RedHat | Last vendor Modification | 2008-10-01 |
| Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062) Several flaws were found in the way malformed HTML mail content was displayed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068) A flaw was found in Thunderbird that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066) Note: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled. A heap based buffer overflow flaw was found in the handling of cancelled newsgroup messages. If the user cancels a specially crafted newsgroup message it could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-4070) All Thunderbird users should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 463181 - CVE-2008-0016 Mozilla UTF-8 stack buffer overflow 463182 - CVE-2008-3835 mozilla: nsXMLDocument::OnChannelRedirect() same-origin violation 463190 - CVE-2008-4058 Mozilla privilege escalation via XPCnativeWrapper pollution 463192 - CVE-2008-4059 Mozilla privilege escalation via XPCnativeWrapper pollution 463198 - CVE-2008-4060 Mozilla privilege escalation via XPCnativeWrapper pollution 463199 - CVE-2008-4061 Mozilla layout engine crash 463201 - CVE-2008-4062 Mozilla crashes with evidence of memory corruption 463234 - CVE-2008-4065 Mozilla BOM characters stripped from JavaScript before execution 463243 - CVE-2008-4066 Mozilla low surrogates stripped from JavaScript before execution 463246 - CVE-2008-4067 Mozilla resource: traversal vulnerability 463248 - CVE-2008-4068 Mozilla local HTML file recource: bypass 464041 - CVE-2008-4070 Thunderbird cancelled newsgrop messages |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2008-0908.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 33 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 17 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 17 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 17 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
| 8 % | CWE-399 | Resource Management Errors |
| 8 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10206 | |||
| Oval ID: | oval:org.mitre.oval:def:10206 | ||
| Title: | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp. | ||
| Description: | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-4062 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10933 | |||
| Oval ID: | oval:org.mitre.oval:def:10933 | ||
| Title: | Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." | ||
| Description: | Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-4070 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17610 | |||
| Oval ID: | oval:org.mitre.oval:def:17610 | ||
| Title: | USN-647-1 -- mozilla-thunderbird, thunderbird vulnerabilities | ||
| Description: | It was discovered that the same-origin check in Thunderbird could be bypassed. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-647-1 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 CVE-2008-4064 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4070 | Version: | 7 |
| Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | mozilla-thunderbird thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22664 | |||
| Oval ID: | oval:org.mitre.oval:def:22664 | ||
| Title: | ELSA-2008:0908: thunderbird security update (Moderate) | ||
| Description: | Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0908-01 CVE-2008-0016 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4070 | Version: | 53 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28693 | |||
| Oval ID: | oval:org.mitre.oval:def:28693 | ||
| Title: | RHSA-2008:0908 -- thunderbird security update (Moderate) | ||
| Description: | Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2008:0908 CESA-2008:0908-CentOS 5 CVE-2008-0016 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4070 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29008 | |||
| Oval ID: | oval:org.mitre.oval:def:29008 | ||
| Title: | RHSA-2008:0879 -- firefox security update (Critical) | ||
| Description: | All firefox users should upgrade to this updated package, which contains backported patches that correct these issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2008:0879 CESA-2008:0879-CentOS 5 CVE-2008-3837 CVE-2008-4058 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 CVE-2008-4064 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox devhelp nss xulrunner yelp |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8880 | |||
| Oval ID: | oval:org.mitre.oval:def:8880 | ||
| Title: | Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "javascript" sequence, aka "HTML escaped low surrogates bug." | ||
| Description: | Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-4066 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9643 | |||
| Oval ID: | oval:org.mitre.oval:def:9643 | ||
| Title: | The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | ||
| Description: | The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-3835 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Mozilla Firefox UTF-8 URL buffer overflow | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2009-09-14 | Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-13 | Name : SLES10: Security update for Mozilla File : nvt/sles10_gecko-sdk.nasl |
| 2009-10-13 | Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox4.nasl |
| 2009-10-10 | Name : SLES9: Security update for Epiphany and Mozilla File : nvt/sles9p5036604.nasl |
| 2009-06-03 | Name : Solaris Update for Mozilla 1.7 125539-06 File : nvt/gb_solaris_125539_06.nasl |
| 2009-06-03 | Name : Solaris Update for Mozilla Firefox Web browser 125540-06 File : nvt/gb_solaris_125540_06.nasl |
| 2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:205 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_205.nasl |
| 2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:206 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2008_206.nasl |
| 2009-03-23 | Name : Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-645-1 File : nvt/gb_ubuntu_USN_645_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-647-1 File : nvt/gb_ubuntu_USN_647_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-645-3 File : nvt/gb_ubuntu_USN_645_3.nasl |
| 2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-645-2 File : nvt/gb_ubuntu_USN_645_2.nasl |
| 2009-03-06 | Name : RedHat Update for thunderbird RHSA-2008:0908-01 File : nvt/gb_RHSA-2008_0908-01_thunderbird.nasl |
| 2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0879-01 File : nvt/gb_RHSA-2008_0879-01_firefox.nasl |
| 2009-03-06 | Name : RedHat Update for seamonkey RHSA-2008:0882-01 File : nvt/gb_RHSA-2008_0882-01_seamonkey.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386 File : nvt/gb_CESA-2008_0882-01_seamonkey_centos2_i386.nasl |
| 2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0908 centos4 x86_64 File : nvt/gb_CESA-2008_0908_thunderbird_centos4_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0908 centos4 i386 File : nvt/gb_CESA-2008_0908_thunderbird_centos4_i386.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64 File : nvt/gb_CESA-2008_0882_seamonkey_centos3_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0882 centos3 i386 File : nvt/gb_CESA-2008_0882_seamonkey_centos3_i386.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_epiphany-extensions_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_epiphany_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for evolution-rss FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_evolution-rss_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_firefox_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_galeon_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_gnome-python2-extras_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-web-photo FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_gnome-web-photo_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for google-gadgets FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_google-gadgets_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_gtkmozembedmm_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_kazehakase_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for mozvoikko FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_mozvoikko_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for mugshot FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_mugshot_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_ruby-gnome2_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for totem FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_totem_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for xulrunner FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_xulrunner_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_yelp_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-8429 File : nvt/gb_fedora_2008_8429_seamonkey_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-9807 File : nvt/gb_fedora_2008_9807_thunderbird_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-9859 File : nvt/gb_fedora_2008_9859_thunderbird_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_Miro_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_chmsee_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_Miro_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for blam FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_blam_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for cairo-dock FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_cairo-dock_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_chmsee_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_devhelp_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_epiphany-extensions_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_epiphany_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for evolution-rss FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_evolution-rss_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_firefox_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_galeon_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_gnome-python2-extras_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_gtkmozembedmm_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_devhelp_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for cairo-dock FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_cairo-dock_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for blam FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_blam_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-8401 File : nvt/gb_fedora_2008_8401_seamonkey_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_yelp_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_ruby-gnome2_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for openvrml FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_openvrml_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for liferea FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_liferea_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_kazehakase_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-web-photo FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_gnome-web-photo_fc8.nasl |
| 2009-01-23 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey,mozilla SUSE-SA:... File : nvt/gb_suse_2008_050.nasl |
| 2009-01-13 | Name : Debian Security Advisory DSA 1697-1 (iceape) File : nvt/deb_1697_1.nasl |
| 2009-01-13 | Name : Debian Security Advisory DSA 1696-1 (icedove) File : nvt/deb_1696_1.nasl |
| 2008-11-24 | Name : Debian Security Advisory DSA 1669-1 (xulrunner) File : nvt/deb_1669_1.nasl |
| 2008-11-01 | Name : Debian Security Advisory DSA 1649-1 (iceweasel) File : nvt/deb_1649_1.nasl |
| 2008-09-24 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox34.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2008-270-01 mozilla-thunderbird File : nvt/esoft_slk_ssa_2008_270_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2008-269-02 seamonkey File : nvt/esoft_slk_ssa_2008_269_02.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2008-269-01 mozilla-firefox File : nvt/esoft_slk_ssa_2008_269_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 48780 | Mozilla Multiple Products URL Parsing Implementation Crafted UTF-8 URL Arbitr... |
| 48773 | Mozilla Multiple Product nsXMLDocument::OnChannelRedirect Function Same Origi... |
| 48772 | Mozilla Multiple Products News Article Header Handling Overflow |
| 48771 | Mozilla Firefox HTML Escaped Low Surrogates XSS |
| 48770 | Mozilla Firefox XPConnect Component SCRIPT Element Privileged Code Execution |
| 48769 | Mozilla Multiple Products resource URI Traversal Access Restriction Bypass |
| 48761 | Mozilla Multiple Products on Linux URL-encoded resource URI Traversal Arbitra... |
| 48760 | Mozilla Multiple Products Stripped BOM Character XSS |
| 48759 | Mozilla Multiple Products MathML Component rowspan Attribute Handling Memory ... |
| 48751 | Mozilla Multiple Products nsJSNPRuntime.cpp nsNPObjWrapper::GetNewOrUsed Func... |
| 48750 | Mozilla Multiple Products nsEscape.cpp nsEscapeCount Function Memory Corruption |
| 48749 | Mozilla Multiple Products jsxml.c Namespace / Qname Characteristic Handling M... |
| 48748 | Mozilla Multiple Products XSLT Arbitrary Script Execution |
| 48747 | Mozilla Multiple Products document.loadBindingDocument() Arbitrary Script Exe... |
| 48746 | Mozilla Multiple Products XPCNativeWrappers Pollution Arbitrary Code Execution |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-08-29 | Mozilla Firefox BOM character cross site scripting attempt RuleID : 43749 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2017-08-29 | Mozilla Firefox BOM character cross site scripting attempt RuleID : 43748 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2017-08-23 | Mozilla products obfuscated cross site scripting attempt RuleID : 43673 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2017-08-23 | Mozilla products obfuscated cross site scripting attempt RuleID : 43672 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow RuleID : 17519 - Revision : 9 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0879.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0882.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0908.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-645-2.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080923_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080923_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20081001_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0879.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-081002.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-081003.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner181-081002.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner190-081002.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-081003.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-647-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-645-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-206.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-645-3.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-205.nasl - Type : ACT_GATHER_INFO |
| 2009-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1696.nasl - Type : ACT_GATHER_INFO |
| 2009-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1697.nasl - Type : ACT_GATHER_INFO |
| 2008-11-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1669.nasl - Type : ACT_GATHER_INFO |
| 2008-11-21 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9859.nasl - Type : ACT_GATHER_INFO |
| 2008-11-21 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9807.nasl - Type : ACT_GATHER_INFO |
| 2008-10-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1649.nasl - Type : ACT_GATHER_INFO |
| 2008-10-08 | Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner181-5656.nasl - Type : ACT_GATHER_INFO |
| 2008-10-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gecko-sdk-5654.nasl - Type : ACT_GATHER_INFO |
| 2008-10-07 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5657.nasl - Type : ACT_GATHER_INFO |
| 2008-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5655.nasl - Type : ACT_GATHER_INFO |
| 2008-10-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0908.nasl - Type : ACT_GATHER_INFO |
| 2008-10-02 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0908.nasl - Type : ACT_GATHER_INFO |
| 2008-10-01 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5640.nasl - Type : ACT_GATHER_INFO |
| 2008-10-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5644.nasl - Type : ACT_GATHER_INFO |
| 2008-09-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-8425.nasl - Type : ACT_GATHER_INFO |
| 2008-09-29 | Name : The remote Fedora host is missing a security update. File : fedora_2008-8401.nasl - Type : ACT_GATHER_INFO |
| 2008-09-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-8399.nasl - Type : ACT_GATHER_INFO |
| 2008-09-29 | Name : The remote Fedora host is missing a security update. File : fedora_2008-8429.nasl - Type : ACT_GATHER_INFO |
| 2008-09-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-270-01.nasl - Type : ACT_GATHER_INFO |
| 2008-09-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-269-01.nasl - Type : ACT_GATHER_INFO |
| 2008-09-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-269-02.nasl - Type : ACT_GATHER_INFO |
| 2008-09-26 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20017.nasl - Type : ACT_GATHER_INFO |
| 2008-09-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0882.nasl - Type : ACT_GATHER_INFO |
| 2008-09-24 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1112.nasl - Type : ACT_GATHER_INFO |
| 2008-09-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0882.nasl - Type : ACT_GATHER_INFO |
| 2008-09-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0879.nasl - Type : ACT_GATHER_INFO |
| 2008-09-24 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_302.nasl - Type : ACT_GATHER_INFO |
| 2008-09-24 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20017.nasl - Type : ACT_GATHER_INFO |
| 2008-09-24 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2273879e8a2f11dda6fe0030843d3802.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:52:00 |
|
