Executive Summary

Summary
Title thunderbird security update
Informations
Name RHSA-2009:0258 First vendor Publication 2009-03-24
Vendor RedHat Last vendor Modification 2009-03-24
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775)

Several flaws were found in the way malformed content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776)

Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled.

All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

483139 - CVE-2009-0352 Firefox layout crashes with evidence of memory corruption 483141 - CVE-2009-0353 Firefox javascript crashes with evidence of memory corruption 483143 - CVE-2009-0355 Firefox local file stealing with SessionStore 488273 - CVE-2009-0772 Firefox 2 and 3 - Layout engine crashes 488283 - CVE-2009-0774 Firefox 2 and 3 crashes in the JavaScript engine 488287 - CVE-2009-0775 Firefox XUL Linked Clones Double Free Vulnerability 488290 - CVE-2009-0776 Firefox XML data theft via RDFXMLDataSource and cross-domain redirect

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-0258.html

CWE : Common Weakness Enumeration

% Id Name
71 % CWE-399 Resource Management Errors
14 % CWE-264 Permissions, Privileges, and Access Controls
14 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10699
 
Oval ID: oval:org.mitre.oval:def:10699
Title: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function.
Description: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0352
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11138
 
Oval ID: oval:org.mitre.oval:def:11138
Title: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0774
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11193
 
Oval ID: oval:org.mitre.oval:def:11193
Title: Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine.
Description: Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0353
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13664
 
Oval ID: oval:org.mitre.oval:def:13664
Title: USN-741-1 -- mozilla-thunderbird, thunderbird vulnerabilities
Description: Several flaws were discovered in the browser engine. If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird and possibly execute arbitrary code with user privileges. Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user had Javascript enabled, these problems could allow a remote attacker to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Thunderbird performed a cross-domain redirect. If a user had Javascript enabled, an attacker could bypass the same-origin policy in Thunderbird by utilizing nsIRDFService and steal private data from users authenticated to the redirected website
Family: unix Class: patch
Reference(s): USN-741-1
CVE-2009-0352
CVE-2009-0772
CVE-2009-0774
CVE-2009-0776
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 8.10
Product(s): mozilla-thunderbird
thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13848
 
Oval ID: oval:org.mitre.oval:def:13848
Title: USN-728-3 -- firefox vulnerabilities
Description: Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Firefox performed a cross-domain redirect. An attacker could bypass the same-origin policy in Firefox by utilizing nsIRDFService and steal private data from users authenticated to the redirected website
Family: unix Class: patch
Reference(s): USN-728-3
CVE-2009-0772
CVE-2009-0774
CVE-2009-0776
Version: 5
Platform(s): Ubuntu 6.06
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13894
 
Oval ID: oval:org.mitre.oval:def:13894
Title: USN-728-2 -- firefox vulnerabilities
Description: Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Firefox performed a cross-domain redirect. An attacker could bypass the same-origin policy in Firefox by utilizing nsIRDFService and steal private data from users authenticated to the redirected website
Family: unix Class: patch
Reference(s): USN-728-2
CVE-2009-0772
CVE-2009-0774
CVE-2009-0776
Version: 5
Platform(s): Ubuntu 7.10
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20238
 
Oval ID: oval:org.mitre.oval:def:20238
Title: DSA-1751-1 xulrunner - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.
Family: unix Class: patch
Reference(s): DSA-1751-1
CVE-2009-0771
CVE-2009-0772
CVE-2009-0773
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22778
 
Oval ID: oval:org.mitre.oval:def:22778
Title: ELSA-2009:0258: thunderbird security update (Moderate)
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: unix Class: patch
Reference(s): ELSA-2009:0258-01
CVE-2009-0352
CVE-2009-0353
CVE-2009-0355
CVE-2009-0772
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
Version: 33
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29166
 
Oval ID: oval:org.mitre.oval:def:29166
Title: RHSA-2009:0258 -- thunderbird security update (Moderate)
Description: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775)
Family: unix Class: patch
Reference(s): RHSA-2009:0258
CESA-2009:0258-CentOS 5
CVE-2009-0352
CVE-2009-0353
CVE-2009-0355
CVE-2009-0772
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
Version: 3
Platform(s): Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5703
 
Oval ID: oval:org.mitre.oval:def:5703
Title: Mozilla Thunderbird Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0772
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5806
 
Oval ID: oval:org.mitre.oval:def:5806
Title: Mozilla Seamonkey remote code execution Vulnerability
Description: Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0775
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5816
 
Oval ID: oval:org.mitre.oval:def:5816
Title: Mozilla Thunderbird remote code execution Vulnerability
Description: Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0775
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5945
 
Oval ID: oval:org.mitre.oval:def:5945
Title: Mozilla Seamonkey Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0772
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5947
 
Oval ID: oval:org.mitre.oval:def:5947
Title: Mozilla Firefox gczeal (vector) Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0774
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5956
 
Oval ID: oval:org.mitre.oval:def:5956
Title: Mozilla Firefox security bypass Vulnerability
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0776
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6017
 
Oval ID: oval:org.mitre.oval:def:6017
Title: Mozilla Seamonkey security bypass Vulnerability
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0776
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6057
 
Oval ID: oval:org.mitre.oval:def:6057
Title: Mozilla Seamonkey gczeal (vector) Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0774
Version: 2
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6097
 
Oval ID: oval:org.mitre.oval:def:6097
Title: Mozilla Firefox Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0772
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6121
 
Oval ID: oval:org.mitre.oval:def:6121
Title: Mozilla Thunderbird gczeal (vector) Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0774
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6191
 
Oval ID: oval:org.mitre.oval:def:6191
Title: Mozilla Thunderbird security bypass Vulnerability
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0776
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6207
 
Oval ID: oval:org.mitre.oval:def:6207
Title: Mozilla Firefox remote code execution Vulnerability
Description: Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0775
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6811
 
Oval ID: oval:org.mitre.oval:def:6811
Title: Mozilla Firefox, Thunderbird and Seamonkey Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0772
Version: 19
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6945
 
Oval ID: oval:org.mitre.oval:def:6945
Title: Mozilla Firefox, Thunderbird and Seamonkey gczeal (vector) Denial of Service Vulnerability
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0774
Version: 19
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7390
 
Oval ID: oval:org.mitre.oval:def:7390
Title: Mozilla Firefox, Thunderbird and Seamonkey security bypass Vulnerability
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0776
Version: 19
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7584
 
Oval ID: oval:org.mitre.oval:def:7584
Title: Mozilla Firefox, Thunderbird and Seamonkey remote code execution Vulnerability
Description: Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2009-0775
Version: 19
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7990
 
Oval ID: oval:org.mitre.oval:def:7990
Title: DSA-1751 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Martijn Wargers, Jesse Ruderman and Josh Soref discovered crashes in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. Gary Kwong, and Timothee Groleau discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. It was discovered that incorrect memory management in the DOM element handling may lead to the execution of arbitrary code. Georgi Guninski discovered a violation of the same-origin policy through RDFXMLDataSource and cross-domain redirects. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser.
Family: unix Class: patch
Reference(s): DSA-1751
CVE-2009-0771
CVE-2009-0772
CVE-2009-0773
CVE-2009-0774
CVE-2009-0775
CVE-2009-0776
Version: 3
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9161
 
Oval ID: oval:org.mitre.oval:def:9161
Title: components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.
Description: components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0355
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9241
 
Oval ID: oval:org.mitre.oval:def:9241
Title: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Description: nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0776
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9609
 
Oval ID: oval:org.mitre.oval:def:9609
Title: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Description: The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0772
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9681
 
Oval ID: oval:org.mitre.oval:def:9681
Title: Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
Description: Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0775
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 164
Application 36
Application 77

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:0325 centos4 i386
File : nvt/gb_CESA-2009_0325_seamonkey_centos4_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:0325 centos3 i386
File : nvt/gb_CESA-2009_0325_seamonkey_centos3_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:0325-01 centos2 i386
File : nvt/gb_CESA-2009_0325-01_seamonkey_centos2_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:0315 centos5 i386
File : nvt/gb_CESA-2009_0315_firefox_centos5_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:0315 centos4 i386
File : nvt/gb_CESA-2009_0315_firefox_centos4_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2009:0258 centos5 i386
File : nvt/gb_CESA-2009_0258_thunderbird_centos5_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2009:0258 centos4 i386
File : nvt/gb_CESA-2009_0258_thunderbird_centos4_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:0257 centos4 i386
File : nvt/gb_CESA-2009_0257_seamonkey_centos4_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:0257 centos3 i386
File : nvt/gb_CESA-2009_0257_seamonkey_centos3_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:0257-01 centos2 i386
File : nvt/gb_CESA-2009_0257-01_seamonkey_centos2_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:0256 centos5 i386
File : nvt/gb_CESA-2009_0256_firefox_centos5_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:0256 centos4 i386
File : nvt/gb_CESA-2009_0256_firefox_centos4_i386.nasl
2009-10-13 Name : SLES10: Security update for MozillaFirefox
File : nvt/sles10_MozillaFirefox3.nasl
2009-10-11 Name : SLES11: Security update for MozillaFirefox
File : nvt/sles11_MozillaFirefox.nasl
2009-07-29 Name : Ubuntu USN-802-1 (apache2)
File : nvt/ubuntu_802_1.nasl
2009-07-29 Name : Debian Security Advisory DSA 1830-1 (icedove)
File : nvt/deb_1830_1.nasl
2009-07-29 Name : Ubuntu USN-801-1 (tiff)
File : nvt/ubuntu_801_1.nasl
2009-07-29 Name : Ubuntu USN-799-1 (dbus)
File : nvt/ubuntu_799_1.nasl
2009-06-05 Name : Ubuntu USN-723-1 (git-core)
File : nvt/ubuntu_723_1.nasl
2009-05-20 Name : CentOS Security Advisory CESA-2009:0258 (thunderbird)
File : nvt/ovcesa2009_0258.nasl
2009-04-20 Name : SuSE Security Advisory SUSE-SA:2009:023 (MozillaFirefox)
File : nvt/suse_sa_2009_023.nasl
2009-04-06 Name : Fedora Core 9 FEDORA-2009-3101 (seamonkey)
File : nvt/fcore_2009_3101.nasl
2009-04-06 Name : Mandrake Security Advisory MDVSA-2009:083 (mozilla-thunderbird)
File : nvt/mdksa_2009_083.nasl
2009-04-06 Name : Fedora Core 10 FEDORA-2009-3161 (seamonkey)
File : nvt/fcore_2009_3161.nasl
2009-03-31 Name : Ubuntu USN-742-1 (jasper)
File : nvt/ubuntu_742_1.nasl
2009-03-31 Name : Ubuntu USN-741-1 (thunderbird)
File : nvt/ubuntu_741_1.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0258
File : nvt/RHSA_2009_0258.nasl
2009-03-31 Name : Fedora Core 10 FEDORA-2009-2882 (thunderbird)
File : nvt/fcore_2009_2882.nasl
2009-03-31 Name : Fedora Core 9 FEDORA-2009-2884 (thunderbird)
File : nvt/fcore_2009_2884.nasl
2009-03-20 Name : SuSE Security Advisory SUSE-SA:2009:012 (MozillaFirefox)
File : nvt/suse_sa_2009_012.nasl
2009-03-20 Name : Mandrake Security Advisory MDVSA-2009:075 (firefox)
File : nvt/mdksa_2009_075.nasl
2009-03-13 Name : Fedora Core 9 FEDORA-2009-2421 (firefox)
File : nvt/fcore_2009_2421.nasl
2009-03-13 Name : Fedora Core 10 FEDORA-2009-2422 (firefox)
File : nvt/fcore_2009_2422.nasl
2009-03-13 Name : CentOS Security Advisory CESA-2009:0325-01 (seamonkey)
File : nvt/ovcesa2009_0325_01.nasl
2009-03-13 Name : CentOS Security Advisory CESA-2009:0315 (firefox)
File : nvt/ovcesa2009_0315.nasl
2009-03-10 Name : Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Win)
File : nvt/gb_seamonkey_mult_vuln_mar09_win.nasl
2009-03-10 Name : Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Win)
File : nvt/gb_thunderbird_mult_vuln_mar09_win.nasl
2009-03-10 Name : Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Linux)
File : nvt/gb_thunderbird_mult_vuln_mar09_lin.nasl
2009-03-10 Name : Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Linux)
File : nvt/gb_seamonkey_mult_vuln_mar09_lin.nasl
2009-03-10 Name : Mozilla Firefox Multiple Vulnerabilities Mar-09 (Win)
File : nvt/gb_firefox_mult_vuln_mar09_win.nasl
2009-03-10 Name : Mozilla Firefox Multiple Vulnerabilities Mar-09 (Linux)
File : nvt/gb_firefox_mult_vuln_mar09_lin.nasl
2009-03-07 Name : Ubuntu USN-728-2 (firefox)
File : nvt/ubuntu_728_2.nasl
2009-03-07 Name : Ubuntu USN-728-1 (xulrunner-1.9)
File : nvt/ubuntu_728_1.nasl
2009-03-07 Name : Ubuntu USN-727-2 (network-manager)
File : nvt/ubuntu_727_2.nasl
2009-03-07 Name : Ubuntu USN-727-1 (network-manager-applet)
File : nvt/ubuntu_727_1.nasl
2009-03-07 Name : CentOS Security Advisory CESA-2009:0325 (seamonkey)
File : nvt/ovcesa2009_0325.nasl
2009-03-07 Name : Ubuntu USN-726-2 (curl)
File : nvt/ubuntu_726_2.nasl
2009-03-07 Name : Ubuntu USN-726-1 (curl)
File : nvt/ubuntu_726_1.nasl
2009-03-07 Name : RedHat Security Advisory RHSA-2009:0315
File : nvt/RHSA_2009_0315.nasl
2009-03-07 Name : RedHat Security Advisory RHSA-2009:0325
File : nvt/RHSA_2009_0325.nasl
2009-03-07 Name : Ubuntu USN-728-3 (firefox)
File : nvt/ubuntu_728_3.nasl
2009-02-23 Name : Mandrake Security Advisory MDVSA-2009:044 (firefox)
File : nvt/mdksa_2009_044.nasl
2009-02-20 Name : Mozilla Thunderbird Multiple Vulnerabilities Feb-09 (Linux)
File : nvt/secpod_thunderbird_mult_vuln_feb09_lin.nasl
2009-02-20 Name : Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Win)
File : nvt/secpod_seamonkey_mult_vuln_feb09_win.nasl
2009-02-20 Name : Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Linux)
File : nvt/secpod_seamonkey_mult_vuln_feb09_lin.nasl
2009-02-20 Name : Mozilla Firefox Multiple Vulnerabilities Feb-09 (Win)
File : nvt/secpod_firefox_mult_vuln_feb09_win.nasl
2009-02-20 Name : Mozilla Firefox Multiple Vulnerabilities Feb-09 (Linux)
File : nvt/secpod_firefox_mult_vuln_feb09_lin.nasl
2009-02-20 Name : Mozilla Thunderbird Multiple Vulnerabilities Feb-09 (Win)
File : nvt/secpod_thunderbird_mult_vuln_feb09_win.nasl
2009-02-18 Name : SuSE Security Advisory SUSE-SA:2009:009 (MozillaFirefox)
File : nvt/suse_sa_2009_009.nasl
2009-02-13 Name : Ubuntu USN-717-1 (xulrunner-1.9)
File : nvt/ubuntu_717_1.nasl
2009-02-13 Name : Ubuntu USN-717-2 (firefox-3.0)
File : nvt/ubuntu_717_2.nasl
2009-02-13 Name : Fedora Core 10 FEDORA-2009-1398 (xulrunner)
File : nvt/fcore_2009_1398.nasl
2009-02-13 Name : Fedora Core 9 FEDORA-2009-1399 (xulrunner)
File : nvt/fcore_2009_1399.nasl
2009-02-13 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox37.nasl
2009-02-10 Name : RedHat Security Advisory RHSA-2009:0257
File : nvt/RHSA_2009_0257.nasl
2009-02-10 Name : RedHat Security Advisory RHSA-2009:0256
File : nvt/RHSA_2009_0256.nasl
2009-02-10 Name : CentOS Security Advisory CESA-2009:0256 (firefox)
File : nvt/ovcesa2009_0256.nasl
2009-02-10 Name : CentOS Security Advisory CESA-2009:0257 (seamonkey)
File : nvt/ovcesa2009_0257.nasl
2009-02-10 Name : CentOS Security Advisory CESA-2009:0257-01 (seamonkey)
File : nvt/ovcesa2009_0257_01.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-083-03 mozilla-thunderbird
File : nvt/esoft_slk_ssa_2009_083_03.nasl
0000-00-00 Name : Slackware Advisory SSA:2009-083-02 seamonkey
File : nvt/esoft_slk_ssa_2009_083_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
52451 Mozilla Multiple Products nsIRDFService Cross-domain Redirect Same-origin Pol...

Multiple Mozilla products contain a flaw that may allow a malicious website operator to access private data from users redirected to another website. The issue is triggered by nsIRDFService allowing a malicious website operator to use a cross-domain redirect to steal arbitrary XML data from another domain, resulting in a loss of confidentiality.
52450 Mozilla Multiple Products Crafted Cloned XUL DOM Elements Arbitrary Code Exec...

52446 Mozilla Multiple Products Layout Engine gczeal Unspecified Code Execution

52445 Mozilla Multiple Products Layout Engine nsCSSStyleSheet::GetOwnerNode Functio...

51940 Mozilla Multiple Products Layout Engine nsStyleContext::Destroy Multiple Meth...

51939 Mozilla Multiple Products Layout Engine nsOverflowContinuationTracker::Insert...

51938 Mozilla Multiple Products Layout Engine nsContainerFrame::ReflowOverflowConta...

51937 Mozilla Multiple Products Layout Engine nsViewManager::Composite() Layout Obj...

51936 Mozilla Multiple Products Layout Engine nsTransactionItem.cpp PlaceholderTxn:...

51935 Mozilla Multiple Products Layout Engine nsAttributeTextNode GetStrokeDash* Me...

51934 Mozilla Multiple Products Layout Engine nsStyleContext::Release Memory Corrup...

51933 Mozilla Multiple Products Layout Engine nsContainerFrame.cpp Frame Tree Handl...

51932 Mozilla Multiple Products Layout Engine nsContentUtils::ComparePosition Memor...

51931 Mozilla Multiple Products Layout Engine File Open Dialog input type Manipulat...

51930 Mozilla Firefox components/sessionstore/src/nsSessionStore.js file INPUT Elem...

51929 Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-0258.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0257.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0256.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0315.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-0325.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-728-3.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-728-2.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-717-2.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20090324_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090304_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090304_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090204_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090204_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1830.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6187.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-090319.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-090617.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-090312.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-090206.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-090617.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-090312.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-090206.nasl - Type : ACT_GATHER_INFO
2009-06-19 Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-6310.nasl - Type : ACT_GATHER_INFO
2009-05-26 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-0258.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-728-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-717-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-741-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-1398.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-2422.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2882.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2009-3161.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-044.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-083.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-075.nasl - Type : ACT_GATHER_INFO
2009-04-21 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-6194.nasl - Type : ACT_GATHER_INFO
2009-03-31 Name : The remote Fedora host is missing a security update.
File : fedora_2009-3101.nasl - Type : ACT_GATHER_INFO
2009-03-25 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-083-02.nasl - Type : ACT_GATHER_INFO
2009-03-25 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2009-083-03.nasl - Type : ACT_GATHER_INFO
2009-03-25 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-0258.nasl - Type : ACT_GATHER_INFO
2009-03-23 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1751.nasl - Type : ACT_GATHER_INFO
2009-03-22 Name : The remote Fedora host is missing a security update.
File : fedora_2009-2884.nasl - Type : ACT_GATHER_INFO
2009-03-20 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20021.nasl - Type : ACT_GATHER_INFO
2009-03-20 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1115.nasl - Type : ACT_GATHER_INFO
2009-03-09 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-2421.nasl - Type : ACT_GATHER_INFO
2009-03-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0315.nasl - Type : ACT_GATHER_INFO
2009-03-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0325.nasl - Type : ACT_GATHER_INFO
2009-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0325.nasl - Type : ACT_GATHER_INFO
2009-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0315.nasl - Type : ACT_GATHER_INFO
2009-03-05 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_307.nasl - Type : ACT_GATHER_INFO
2009-02-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_8b491182f84211dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO
2009-02-06 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-1399.nasl - Type : ACT_GATHER_INFO
2009-02-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0257.nasl - Type : ACT_GATHER_INFO
2009-02-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-0256.nasl - Type : ACT_GATHER_INFO
2009-02-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0256.nasl - Type : ACT_GATHER_INFO
2009-02-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0257.nasl - Type : ACT_GATHER_INFO
2009-02-04 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_306.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:52:14
  • Multiple Updates