Executive Summary
Summary | |
---|---|
Title | thunderbird security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1125 | First vendor Publication | 2009-06-25 |
Vendor | RedHat | Last vendor Modification | 2009-06-25 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833, CVE-2009-1838) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing malicious content could execute arbitrary JavaScript in the context of the mail message, possibly presenting misleading data to the user, or stealing sensitive information such as login credentials. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1309) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 496253 - CVE-2009-1303 Firefox 2 and 3 Layout engine crash 496256 - CVE-2009-1305 Firefox 2 and 3 JavaScript engine crash 496262 - CVE-2009-1306 Firefox jar: scheme ignores the content-disposition: header on the inner URI 496263 - CVE-2009-1307 Firefox Same-origin violations when Adobe Flash loaded via view-source: protocol 496267 - CVE-2009-1309 Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString 503568 - CVE-2009-1392 Firefox browser engine crashes 503570 - CVE-2009-1833 Firefox JavaScript engine crashes 503580 - CVE-2009-1838 Firefox arbitrary code execution flaw |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1125.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
38 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
38 % | CWE-16 | Configuration |
12 % | CWE-399 | Resource Management Errors |
12 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10110 | |||
Oval ID: | oval:org.mitre.oval:def:10110 | ||
Title: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1305 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10150 | |||
Oval ID: | oval:org.mitre.oval:def:10150 | ||
Title: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1306 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10972 | |||
Oval ID: | oval:org.mitre.oval:def:10972 | ||
Title: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11080 | |||
Oval ID: | oval:org.mitre.oval:def:11080 | ||
Title: | The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. | ||
Description: | The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1838 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11487 | |||
Oval ID: | oval:org.mitre.oval:def:11487 | ||
Title: | The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1833 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5265 | |||
Oval ID: | oval:org.mitre.oval:def:5265 | ||
Title: | Mozilla Seamonkey Multiple XSS Vulnerabilities | ||
Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1309 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5591 | |||
Oval ID: | oval:org.mitre.oval:def:5591 | ||
Title: | Mozilla Thunderbird Multiple XSS Vulnerabilities | ||
Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1309 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5810 | |||
Oval ID: | oval:org.mitre.oval:def:5810 | ||
Title: | Mozilla Seamonkey Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5933 | |||
Oval ID: | oval:org.mitre.oval:def:5933 | ||
Title: | Mozilla Seamonkey arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5992 | |||
Oval ID: | oval:org.mitre.oval:def:5992 | ||
Title: | Mozilla Firefox Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6021 | |||
Oval ID: | oval:org.mitre.oval:def:6021 | ||
Title: | Mozilla Firefox Cross Site Scripting Vulnerability | ||
Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1306 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6090 | |||
Oval ID: | oval:org.mitre.oval:def:6090 | ||
Title: | Mozilla Thunderbird DoS and Memory Corruption Vulnerability | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1305 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6139 | |||
Oval ID: | oval:org.mitre.oval:def:6139 | ||
Title: | Mozilla Firefox Multiple XSS Vulnerabilities | ||
Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1309 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6151 | |||
Oval ID: | oval:org.mitre.oval:def:6151 | ||
Title: | Mozilla Thunderbird Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6154 | |||
Oval ID: | oval:org.mitre.oval:def:6154 | ||
Title: | Mozilla Firefox arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6194 | |||
Oval ID: | oval:org.mitre.oval:def:6194 | ||
Title: | Mozilla Seamonkey Cross Site Scripting Vulnerability | ||
Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1306 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6232 | |||
Oval ID: | oval:org.mitre.oval:def:6232 | ||
Title: | Mozilla Firefox DoS and Memory Corruption Vulnerability | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1305 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6248 | |||
Oval ID: | oval:org.mitre.oval:def:6248 | ||
Title: | Mozilla Seamonkey DoS and Memory Corruption Vulnerability | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1305 | Version: | 2 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6266 | |||
Oval ID: | oval:org.mitre.oval:def:6266 | ||
Title: | Mozilla Thunderbird arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6312 | |||
Oval ID: | oval:org.mitre.oval:def:6312 | ||
Title: | Mozilla Thunderbird Cross Site Scripting Vulnerability | ||
Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1306 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6646 | |||
Oval ID: | oval:org.mitre.oval:def:6646 | ||
Title: | Mozilla Thunderbird, Firefox and Seamonkey Denial of Service Vulnerability | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6710 | |||
Oval ID: | oval:org.mitre.oval:def:6710 | ||
Title: | Mozilla Thunderbird, Firefox and Seamonkey Cross Site Scripting Vulnerability | ||
Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1306 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6831 | |||
Oval ID: | oval:org.mitre.oval:def:6831 | ||
Title: | Mozilla Firefox, Thunderbird, and Seamonkey Multiple XSS Vulnerabilities | ||
Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1309 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6921 | |||
Oval ID: | oval:org.mitre.oval:def:6921 | ||
Title: | Mozilla Firefox, Thunderbird and Seamonkey DoS and Memory Corruption Vulnerability | ||
Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1305 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7008 | |||
Oval ID: | oval:org.mitre.oval:def:7008 | ||
Title: | Mozilla Thunderbird, Firefox and Seamonkey arbitrary code execution Vulnerability | ||
Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1307 | Version: | 17 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9455 | |||
Oval ID: | oval:org.mitre.oval:def:9455 | ||
Title: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1303 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9494 | |||
Oval ID: | oval:org.mitre.oval:def:9494 | ||
Title: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1309 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9501 | |||
Oval ID: | oval:org.mitre.oval:def:9501 | ||
Title: | The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors. | ||
Description: | The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1392 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:1126 centos5 i386 File : nvt/gb_CESA-2009_1126_thunderbird_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1096 centos3 i386 File : nvt/gb_CESA-2009_1096_seamonkey_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1095 centos5 i386 File : nvt/gb_CESA-2009_1095_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0437 centos4 i386 File : nvt/gb_CESA-2009_0437_seamonkey_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0437-02 centos2 i386 File : nvt/gb_CESA-2009_0437-02_seamonkey_centos2_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0436 centos5 i386 File : nvt/gb_CESA-2009_0436_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:0436 centos4 i386 File : nvt/gb_CESA-2009_0436_firefox_centos4_i386.nasl |
2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox1.nasl |
2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox3.nasl |
2009-10-11 | Name : SLES11: Security update for Mozilla File : nvt/sles11_mozilla-xulrunn.nasl |
2009-10-10 | Name : SLES9: Security update for epiphany File : nvt/sles9p5059920.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:185 (firefox) File : nvt/mdksa_2009_185.nasl |
2009-07-29 | Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl |
2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7567 (seamonkey) File : nvt/fcore_2009_7567.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7614 (seamonkey) File : nvt/fcore_2009_7614.nasl |
2009-07-29 | Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl |
2009-07-29 | Name : Debian Security Advisory DSA 1830-1 (icedove) File : nvt/deb_1830_1.nasl |
2009-07-29 | Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl |
2009-06-30 | Name : Ubuntu USN-782-1 (thunderbird) File : nvt/ubuntu_782_1.nasl |
2009-06-30 | Name : Mandrake Security Advisory MDVSA-2009:141 (mozilla-thunderbird) File : nvt/mdksa_2009_141.nasl |
2009-06-30 | Name : Ubuntu USN-792-1 (openssl) File : nvt/ubuntu_792_1.nasl |
2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1125 File : nvt/RHSA_2009_1125.nasl |
2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1126 File : nvt/RHSA_2009_1126.nasl |
2009-06-30 | Name : CentOS Security Advisory CESA-2009:1126 (thunderbird) File : nvt/ovcesa2009_1126.nasl |
2009-06-23 | Name : Debian Security Advisory DSA 1820-1 (xulrunner) File : nvt/deb_1820_1.nasl |
2009-06-23 | Name : CentOS Security Advisory CESA-2009:1095 (firefox) File : nvt/ovcesa2009_1095.nasl |
2009-06-23 | Name : Fedora Core 9 FEDORA-2009-6411 (firefox) File : nvt/fcore_2009_6411.nasl |
2009-06-23 | Name : SuSE Security Advisory SUSE-SA:2009:034 (MozillaFirefox) File : nvt/suse_sa_2009_034.nasl |
2009-06-23 | Name : Fedora Core 10 FEDORA-2009-6366 (firefox) File : nvt/fcore_2009_6366.nasl |
2009-06-23 | Name : Ubuntu USN-779-1 (xulrunner-1.9) File : nvt/ubuntu_779_1.nasl |
2009-06-23 | Name : Mandrake Security Advisory MDVSA-2009:134 (firefox) File : nvt/mdksa_2009_134.nasl |
2009-06-16 | Name : Mozilla Firefox Multiple Vulnerability Jun-09 (Win) File : nvt/gb_firefox_mult_vuln_jun09_win.nasl |
2009-06-16 | Name : Mozilla Thunderbird Multiple Vulnerability Jun-09 (Win) File : nvt/gb_thunderbird_mult_vuln_jun09_win.nasl |
2009-06-16 | Name : Mozilla Thunderbird Multiple Vulnerability Jun-09 (Linux) File : nvt/gb_thunderbird_mult_vuln_jun09_lin.nasl |
2009-06-16 | Name : Mozilla Seamonkey Multiple Vulnerability Jun-09 (Win) File : nvt/gb_seamonkey_mult_vuln_jun09_win.nasl |
2009-06-16 | Name : Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux) File : nvt/gb_seamonkey_mult_vuln_jun09_lin.nasl |
2009-06-16 | Name : Mozilla Firefox Multiple Vulnerability Jun-09 (Linux) File : nvt/gb_firefox_mult_vuln_jun09_lin.nasl |
2009-06-15 | Name : RedHat Security Advisory RHSA-2009:1096 File : nvt/RHSA_2009_1096.nasl |
2009-06-15 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox39.nasl |
2009-06-15 | Name : CentOS Security Advisory CESA-2009:1096 (seamonkey) File : nvt/ovcesa2009_1096.nasl |
2009-06-15 | Name : RedHat Security Advisory RHSA-2009:1095 File : nvt/RHSA_2009_1095.nasl |
2009-06-05 | Name : Ubuntu USN-771-1 (libmodplug) File : nvt/ubuntu_771_1.nasl |
2009-06-05 | Name : Ubuntu USN-764-1 (xulrunner-1.9) File : nvt/ubuntu_764_1.nasl |
2009-06-05 | Name : Ubuntu USN-763-1 (xine-lib) File : nvt/ubuntu_763_1.nasl |
2009-06-05 | Name : Ubuntu USN-772-1 (mpfr) File : nvt/ubuntu_772_1.nasl |
2009-06-05 | Name : Ubuntu USN-773-1 (pango1.0) File : nvt/ubuntu_773_1.nasl |
2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:111 (firefox) File : nvt/mdksa_2009_111.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:0437 (seamonkey) File : nvt/ovcesa2009_0437.nasl |
2009-05-20 | Name : Mandrake Security Advisory MDVSA-2009:111-1 (firefox) File : nvt/mdksa_2009_111_1.nasl |
2009-05-20 | Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl |
2009-05-11 | Name : Debian Security Advisory DSA 1797-1 (xulrunner) File : nvt/deb_1797_1.nasl |
2009-04-30 | Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_thunderbird_mult_vuln_apr09_lin.nasl |
2009-04-30 | Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_firefox_mult_vuln_apr09_lin.nasl |
2009-04-30 | Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_firefox_mult_vuln_apr09_win.nasl |
2009-04-30 | Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_seamonkey_mult_vuln_apr09_lin.nasl |
2009-04-30 | Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_thunderbird_mult_vuln_apr09_win.nasl |
2009-04-30 | Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_seamonkey_mult_vuln_apr09_win.nasl |
2009-04-28 | Name : CentOS Security Advisory CESA-2009:0437-02 (seamonkey) File : nvt/ovcesa2009_0437_02.nasl |
2009-04-28 | Name : CentOS Security Advisory CESA-2009:0436 (firefox) File : nvt/ovcesa2009_0436.nasl |
2009-04-28 | Name : RedHat Security Advisory RHSA-2009:0436 File : nvt/RHSA_2009_0436.nasl |
2009-04-28 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox38.nasl |
2009-04-28 | Name : Fedora Core 10 FEDORA-2009-3893 (epiphany) File : nvt/fcore_2009_3893.nasl |
2009-04-28 | Name : Fedora Core 9 FEDORA-2009-3875 (firefox) File : nvt/fcore_2009_3875.nasl |
2009-04-28 | Name : RedHat Security Advisory RHSA-2009:0437 File : nvt/RHSA_2009_0437.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-178-01 mozilla-thunderbird File : nvt/esoft_slk_ssa_2009_178_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-176-01 seamonkey File : nvt/esoft_slk_ssa_2009_176_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-167-01 mozilla-firefox File : nvt/esoft_slk_ssa_2009_167_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55157 | Mozilla Multiple Products Garbage-collection Implementation Crafted Event Han... |
55155 | Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption |
55154 | Mozilla Multiple Products JavaScript Engine jsinterp.c c.hasOwnProperty Memor... |
55153 | Mozilla Multiple Products JavaScript Engine jsxml.c ParseXMLSource Memory Cor... |
55152 | Mozilla Multiple Products JavaScript Engine js_LeaveSharpObject Memory Corrup... |
55147 | Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corruption |
55146 | Mozilla Multiple Products Browser Engine xulrunner nsWindow::SetCursor Functi... |
55145 | Mozilla Multiple Products Browser Engine nsHTMLEditor::HideResizers contentEd... |
55144 | Mozilla Multiple Products Browser Engine AtomTableClearEntry Multiple Method ... |
55143 | Mozilla Multiple Products Browser Engine nsListBoxBodyFrame::GetNextItemBox x... |
55142 | Mozilla Multiple Products Browser Engine PL_DHashTableFinish style Tag Handli... |
55141 | Mozilla Multiple Products Browser Engine IsPercentageAware Function Memory Co... |
55140 | Mozilla Multiple Products Browser Engine nsTextFrame::ClearTextRun Accessibil... |
55139 | Mozilla Multiple Products Browser Engine UnhookTextRunFromFrames / ClearAllTe... |
55138 | Mozilla Multiple Products Browser Engine nsEventStateManager::GetContentState... |
53971 | Mozilla Multiple Products nsSVGElement::BindToTree svg Handling Memory Corrup... |
53969 | Mozilla Multiple Products JavaScript Engine gvar Optimization JSOP_DEFVAR Hea... |
53968 | Mozilla Multiple Products XMLHttpRequest Document Creation Principal-based Se... |
53959 | Mozilla Multiple Products XPCNativeWrapper.toString XSS |
53958 | Mozilla Multiple Products view-source: Scheme Adobe Flash Same-origin Policy ... |
53957 | Mozilla Multiple Products jar Scheme Content-disposition Header Bypass |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla Firefox browser engine memory corruption attempt RuleID : 17613 - Revision : 11 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1095.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1096.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1125.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090611_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090625_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090611_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090421_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090421_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1830.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1095.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-6538.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-091007.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-091007.nasl - Type : ACT_GATHER_INFO |
2009-10-07 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12519.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-6347.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-090617.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-090617.nasl - Type : ACT_GATHER_INFO |
2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7614.nasl - Type : ACT_GATHER_INFO |
2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7567.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-141.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-178-01.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-176-01.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-782-1.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1125.nasl - Type : ACT_GATHER_INFO |
2009-06-23 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1117.nasl - Type : ACT_GATHER_INFO |
2009-06-23 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20022.nasl - Type : ACT_GATHER_INFO |
2009-06-19 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-6310.nasl - Type : ACT_GATHER_INFO |
2009-06-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1820.nasl - Type : ACT_GATHER_INFO |
2009-06-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-134.nasl - Type : ACT_GATHER_INFO |
2009-06-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-167-01.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-6411.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-6366.nasl - Type : ACT_GATHER_INFO |
2009-06-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-779-1.nasl - Type : ACT_GATHER_INFO |
2009-06-15 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_da185955573811deb857000f20797ede.nasl - Type : ACT_GATHER_INFO |
2009-06-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1096.nasl - Type : ACT_GATHER_INFO |
2009-06-12 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3011.nasl - Type : ACT_GATHER_INFO |
2009-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1095.nasl - Type : ACT_GATHER_INFO |
2009-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1096.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-111.nasl - Type : ACT_GATHER_INFO |
2009-05-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1797.nasl - Type : ACT_GATHER_INFO |
2009-04-27 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3893.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-764-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3875.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3b18e2372f1511de96720030843d3802.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_309.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
2009-04-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
2009-04-10 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1116.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:37 |
|