Executive Summary
Summary | |
---|---|
Title | firefox security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1530 | First vendor Publication | 2009-10-27 |
Vendor | RedHat | Last vendor Modification | 2009-10-27 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370) A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3372) A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3373) A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563) A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.15. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.15, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 524815 - CVE-2009-3274 Firefox: Predictable /tmp pathname use 530151 - CVE-2009-3370 Firefox form history vulnerable to stealing 530155 - CVE-2009-3372 Firefox crash in proxy auto-configuration regexp parsing 530156 - CVE-2009-3373 Firefox heap buffer overflow in GIF color map parser 530157 - CVE-2009-3374 Firefox chrome privilege escalation in XPCVariant::VariantDataToJS() 530162 - CVE-2009-1563 Firefox heap buffer overflow in string to number conversion 530167 - CVE-2009-3375 Firefox cross-origin data theft through document.getSelection() 530168 - CVE-2009-3376 Firefox download filename spoofing with RTL override 530567 - CVE-2009-3380 Firefox crashes with evidence of memory corruption 530569 - CVE-2009-3382 Firefox crashes with evidence of memory corruption |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1530.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
25 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10440 | |||
Oval ID: | oval:org.mitre.oval:def:10440 | ||
Title: | content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. | ||
Description: | content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3375 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10684 | |||
Oval ID: | oval:org.mitre.oval:def:10684 | ||
Title: | Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Description: | Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3373 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10836 | |||
Oval ID: | oval:org.mitre.oval:def:10836 | ||
Title: | Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. | ||
Description: | Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3370 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10977 | |||
Oval ID: | oval:org.mitre.oval:def:10977 | ||
Title: | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. | ||
Description: | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3372 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11219 | |||
Oval ID: | oval:org.mitre.oval:def:11219 | ||
Title: | layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
Description: | layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3382 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13156 | |||
Oval ID: | oval:org.mitre.oval:def:13156 | ||
Title: | DSA-1922-1 xulrunner -- several | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3380 Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler and Boris Zbarsky reported crashes in layout engine, which might allow the execution of arbitrary code. CVE-2009-3382 Carsten Book reported a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3376 Jesse Ruderman and Sid Stamm discovered spoofing vulnerability in the file download dialog. CVE-2009-3375 Gregory Fleischer discovered a bypass of the same-origin policy using the document.getSelection function. CVE-2009-3374 "moz_bug_r_a4" discovered a privilege escalation to Chrome status in the XPCOM utility XPCVariant::VariantDataToJS. CVE-2009-3373 "regenrecht" discovered a buffer overflow in the GIF parser, which might lead to the execution of arbitrary code. CVE-2009-3372 Marco C. discovered that a programming error in the proxy auto configuration code might lead to denial of service or the execution of arbitrary code. CVE-2009-3274 Jeremy Brown discovered that the filename of a downloaded file which is opened by the user is predictable, which might lead to tricking the user into a malicious file if the attacker has local access to the system. CVE-2009-3370 Paul Stone discovered that history information from web forms could be stolen. For the stable distribution, these problems have been fixed in version 1.9.0.15-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.1.4-1. We recommend that you upgrade your xulrunner packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1922-1 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5581 | |||
Oval ID: | oval:org.mitre.oval:def:5581 | ||
Title: | Mozilla Firefox 3.0.x before 3.0.15 cause a denial of service in layout/base/nsCSSFrameConstructor.cpp | ||
Description: | layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3382 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5935 | |||
Oval ID: | oval:org.mitre.oval:def:5935 | ||
Title: | Remote bypass vulnerability in content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 via the document.getSelection function | ||
Description: | content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3375 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6347 | |||
Oval ID: | oval:org.mitre.oval:def:6347 | ||
Title: | Arbitrary code execution in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 ia a crafted regular expression in a Proxy Auto-configuration (PAC) file. | ||
Description: | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3372 | Version: | 17 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6455 | |||
Oval ID: | oval:org.mitre.oval:def:6455 | ||
Title: | Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events | ||
Description: | Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3370 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6541 | |||
Oval ID: | oval:org.mitre.oval:def:6541 | ||
Title: | Spoofed file extensions via a crafted filename containing Unicode character in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 | ||
Description: | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3376 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6548 | |||
Oval ID: | oval:org.mitre.oval:def:6548 | ||
Title: | Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 via unspecified vectors. | ||
Description: | Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3373 | Version: | 17 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6565 | |||
Oval ID: | oval:org.mitre.oval:def:6565 | ||
Title: | Vulnerability in the XPCVariant::VariantDataToJS function in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 | ||
Description: | The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3374 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6580 | |||
Oval ID: | oval:org.mitre.oval:def:6580 | ||
Title: | Multiple vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 to cause a denial of service | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3380 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7945 | |||
Oval ID: | oval:org.mitre.oval:def:7945 | ||
Title: | DSA-1922 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler and Boris Zbarsky reported crashes in layout engine, which might allow the execution of arbitrary code. Carsten Book reported a crash in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman and Sid Stamm discovered spoofing vulnerability in the file download dialog. Gregory Fleischer discovered a bypass of the same-origin policy using the document.getSelection() function. "moz_bug_r_a4" discovered a privilege escalation to Chrome status in the XPCOM utility XPCVariant::VariantDataToJS. "regenrecht" discovered a buffer overflow in the GIF parser, which might lead to the execution of arbitrary code. Marco C. discovered that a programming error in the proxy auto configuration code might lead to denial of service or the execution of arbitrary code. Jeremy Brown discovered that the filename of a downloaded file which is opened by the user is predictable, which might lead to tricking the user into a malicious file if the attacker has local access to the system. Paul Stone discovered that history information from web forms could be stolen. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1922 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8888 | |||
Oval ID: | oval:org.mitre.oval:def:8888 | ||
Title: | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||
Description: | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1563 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9641 | |||
Oval ID: | oval:org.mitre.oval:def:9641 | ||
Title: | Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. | ||
Description: | Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3274 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9789 | |||
Oval ID: | oval:org.mitre.oval:def:9789 | ||
Title: | The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." | ||
Description: | The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3374 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2013-08-19 | Mozilla Firefox 3.5.4 - Local Color Map Exploit |
2009-11-19 | Opera 10.01 Remote Array Overrun |
2009-11-19 | K-Meleon 1.5.3 Remote Array Overrun |
2009-11-19 | SeaMonkey 1.1.8 Remote Array Overrun |
2009-11-19 | KDE KDELibs 4.3.3 Remote Array Overrun |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386 File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1531 centos4 i386 File : nvt/gb_CESA-2009_1531_seamonkey_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1531 centos3 i386 File : nvt/gb_CESA-2009_1531_seamonkey_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1530 centos4 i386 File : nvt/gb_CESA-2009_1530_firefox_centos4_i386.nasl |
2010-04-29 | Name : Fedora Update for seamonkey FEDORA-2010-7100 File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl |
2010-03-30 | Name : FreeBSD Ports: seamonkey, linux-seamonkey File : nvt/freebsd_seamonkey.nasl |
2010-03-22 | Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1 File : nvt/gb_ubuntu_USN_915_1.nasl |
2010-03-22 | Name : RedHat Update for thunderbird RHSA-2010:0154-02 File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl |
2010-03-22 | Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386 File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:290-1 (firefox) File : nvt/mdksa_2009_290_1.nasl |
2009-11-23 | Name : Ubuntu USN-853-1 (xulrunner-1.9.1) File : nvt/ubuntu_853_1.nasl |
2009-11-11 | Name : SLES10: Security update for Mozilla Firefox File : nvt/sles10_MozillaFirefox7.nasl |
2009-11-11 | Name : SLES10: Security update for Mozilla XULRunner File : nvt/sles10_mozilla-xulrunn0.nasl |
2009-11-11 | Name : SLES11: Security update for Mozilla Firefox File : nvt/sles11_MozillaFirefox7.nasl |
2009-11-11 | Name : SLES11: Security update for Mozilla XULRunner File : nvt/sles11_mozilla-xulrunn1.nasl |
2009-11-11 | Name : SuSE Security Advisory SUSE-SA:2009:052 (MozillaFirefox) File : nvt/suse_sa_2009_052.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1531 (seamonkey) File : nvt/ovcesa2009_1531.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1530 (firefox) File : nvt/ovcesa2009_1530.nasl |
2009-11-11 | Name : Mandriva Security Advisory MDVSA-2009:290 (firefox) File : nvt/mdksa_2009_290.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1531 File : nvt/RHSA_2009_1531.nasl |
2009-11-11 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox42.nasl |
2009-11-11 | Name : Fedora Core 10 FEDORA-2009-10981 (blam) File : nvt/fcore_2009_10981.nasl |
2009-11-11 | Name : Fedora Core 11 FEDORA-2009-10878 (chmsee) File : nvt/fcore_2009_10878.nasl |
2009-11-11 | Name : Debian Security Advisory DSA 1931-1 (nspr) File : nvt/deb_1931_1.nasl |
2009-11-11 | Name : Debian Security Advisory DSA 1922-1 (xulrunner) File : nvt/deb_1922_1.nasl |
2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1530 File : nvt/RHSA_2009_1530.nasl |
2009-11-04 | Name : Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Win) File : nvt/gb_seamonkey_mult_vuln_nov09_win.nasl |
2009-11-04 | Name : Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Linux) File : nvt/gb_seamonkey_mult_vuln_nov09_lin.nasl |
2009-11-02 | Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Win) File : nvt/gb_firefox_mult_vuln_nov09_win.nasl |
2009-11-02 | Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Linux) File : nvt/gb_firefox_mult_vuln_nov09_lin.nasl |
2009-11-02 | Name : Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Win) File : nvt/gb_firefox_dos_vuln_nov09_win.nasl |
2009-11-02 | Name : Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Linux) File : nvt/gb_firefox_dos_vuln_nov09_lin.nasl |
2009-09-23 | Name : Insecure Saving Of Downloadable File In Mozilla Firefox (Linux) File : nvt/secpod_firefox_insecure_saving_download_file.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61091 | Mozilla Multiple Products libc dtoa Implementation Floating Point Parsing Mem... |
59394 | Mozilla Multiple Browsers Proxy Auto-configuration (PAC) File Regular Express... |
59393 | Mozilla Multiple Browsers GIF Color Map Parser Overflow |
59392 | Mozilla Firefox XPCOM XPCVariant::VariantDataToJS Utility Chrome Privileged J... |
59391 | Mozilla Firefox Key Event Javascript Methods Form History Remote Disclosure |
59390 | Mozilla Firefox document.getSelection Function Cross-origin Data Disclosure |
59389 | Mozilla Multiple Browsers Filename Right-to-left (RTL) Override Character Dow... |
59384 | Mozilla Firefox Browser Engine nsCachedStyleData::GetStyleDisplay Function Me... |
59381 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3... |
57844 | Mozilla Firefox on Linux Temporary File Download Manipulation Weakness |
Snort® IPS/IDS
Date | Description |
---|---|
2017-12-21 | Mozilla Firefox browser engine memory corruption attempt RuleID : 44978 - Revision : 2 - Type : BROWSER-FIREFOX |
2014-03-06 | Mozilla Firefox browser engine memory corruption attempt RuleID : 29579 - Revision : 2 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox browser engine memory corruption attempt RuleID : 16347 - Revision : 5 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0001_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1531.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1530.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091027_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091027_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6609.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-6631.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6617.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-294.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12616.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO |
2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2010-03-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20024.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1922.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1931.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0001.nasl - Type : ACT_GATHER_INFO |
2009-12-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-290.nasl - Type : ACT_GATHER_INFO |
2009-11-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-853-2.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-6630.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-nspr-091103.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-091102.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-091103.nasl - Type : ACT_GATHER_INFO |
2009-11-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-10981.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-091030.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6616.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-091030.nasl - Type : ACT_GATHER_INFO |
2009-11-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6606.nasl - Type : ACT_GATHER_INFO |
2009-11-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-853-1.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_20.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-10878.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_354.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3015.nasl - Type : ACT_GATHER_INFO |
2009-10-29 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c87aa2d2c3c411deab08000f20797ede.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO |
2009-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:59 |
|