Executive Summary
Summary | |
---|---|
Title | firefox security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1674 | First vendor Publication | 2009-12-16 |
Vendor | RedHat | Last vendor Modification | 2009-12-16 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986) A flaw was found in the Firefox NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially-crafted web page, they could send arbitrary requests, authenticated with the user's NTLM credentials, to other applications on the user's system. (CVE-2009-3983) A flaw was found in the way Firefox displayed the SSL location bar indicator. An attacker could create an unencrypted web page that appears to be encrypted, possibly tricking the user into believing they are visiting a secure page. (CVE-2009-3984) A flaw was found in the way Firefox displayed blank pages after a user navigates to an invalid address. If a user visits an attacker-controlled web page that results in a blank page, the attacker could inject content into that blank page, possibly tricking the user into believing they are viewing a legitimate page. (CVE-2009-3985) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.1 |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1674.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10047 | |||
Oval ID: | oval:org.mitre.oval:def:10047 | ||
Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3983 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10956 | |||
Oval ID: | oval:org.mitre.oval:def:10956 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3979 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11568 | |||
Oval ID: | oval:org.mitre.oval:def:11568 | ||
Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3986 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13666 | |||
Oval ID: | oval:org.mitre.oval:def:13666 | ||
Title: | DSA-1956-1 xulrunner -- several | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3986: David James discovered that the window.opener property allows Chrome privilege escalation. CVE-2009-3985: Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. CVE-2009-3984: Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. CVE-2009-3983: Takehiro Takahashi discovered that the NTLM implementaion is vulnerable to reflection attacks. CVE-2009-3981: Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3979: Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 1.9.0.16-1. For the unstable distribution, these problems have been fixed in version 1.9.1.6-1. We recommend that you upgrade your xulrunner packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1956-1 CVE-2009-3986 CVE-2009-3985 CVE-2009-3984 CVE-2009-3983 CVE-2009-3981 CVE-2009-3979 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22838 | |||
Oval ID: | oval:org.mitre.oval:def:22838 | ||
Title: | ELSA-2009:1674: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1674-01 CVE-2009-3979 CVE-2009-3981 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29342 | |||
Oval ID: | oval:org.mitre.oval:def:29342 | ||
Title: | RHSA-2009:1674 -- firefox security update (Critical) | ||
Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1674 CESA-2009:1674-CentOS 5 CVE-2009-3979 CVE-2009-3981 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7038 | |||
Oval ID: | oval:org.mitre.oval:def:7038 | ||
Title: | DSA-1956 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: David James discovered that the window.opener property allows Chrome privilege escalation. Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. Takehiro Takahashi discovered that the NTLM implementation is vulnerable to reflection attacks. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1956 CVE-2009-3986 CVE-2009-3985 CVE-2009-3984 CVE-2009-3983 CVE-2009-3981 CVE-2009-3979 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8240 | |||
Oval ID: | oval:org.mitre.oval:def:8240 | ||
Title: | Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3983 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8379 | |||
Oval ID: | oval:org.mitre.oval:def:8379 | ||
Title: | Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3984 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8480 | |||
Oval ID: | oval:org.mitre.oval:def:8480 | ||
Title: | Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3985 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8487 | |||
Oval ID: | oval:org.mitre.oval:def:8487 | ||
Title: | Mozilla Firefox and SeaMonkey Multiple Remote Memory Corruption Vulnerabilities | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3979 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8489 | |||
Oval ID: | oval:org.mitre.oval:def:8489 | ||
Title: | Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3986 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8523 | |||
Oval ID: | oval:org.mitre.oval:def:8523 | ||
Title: | Mozilla Firefox 3.0 and SeaMonkey Remote Memory Corruption Vulnerability | ||
Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3981 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8584 | |||
Oval ID: | oval:org.mitre.oval:def:8584 | ||
Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3981 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9791 | |||
Oval ID: | oval:org.mitre.oval:def:9791 | ||
Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3984 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9911 | |||
Oval ID: | oval:org.mitre.oval:def:9911 | ||
Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3985 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-12-18 | Mozilla Firefox Location Bar Spoofing Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386 File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1674 centos5 i386 File : nvt/gb_CESA-2009_1674_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1674 centos4 i386 File : nvt/gb_CESA-2009_1674_firefox_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1673 centos4 i386 File : nvt/gb_CESA-2009_1673_seamonkey_centos4_i386.nasl |
2010-04-29 | Name : Fedora Update for seamonkey FEDORA-2010-7100 File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl |
2010-03-30 | Name : FreeBSD Ports: seamonkey, linux-seamonkey File : nvt/freebsd_seamonkey.nasl |
2010-03-22 | Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1 File : nvt/gb_ubuntu_USN_915_1.nasl |
2010-03-22 | Name : RedHat Update for thunderbird RHSA-2010:0154-02 File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl |
2010-03-22 | Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386 File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl |
2010-01-15 | Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-877-1 File : nvt/gb_ubuntu_USN_877_1.nasl |
2010-01-15 | Name : Ubuntu Update for firefox-3.5, xulrunner-1.9.1 regression USN-878-1 File : nvt/gb_ubuntu_USN_878_1.nasl |
2009-12-30 | Name : Mandriva Security Advisory MDVSA-2009:339 (firefox) File : nvt/mdksa_2009_339.nasl |
2009-12-30 | Name : CentOS Security Advisory CESA-2009:1673 (seamonkey) File : nvt/ovcesa2009_1673.nasl |
2009-12-30 | Name : CentOS Security Advisory CESA-2009:1674 (firefox) File : nvt/ovcesa2009_1674.nasl |
2009-12-30 | Name : SuSE Security Advisory SUSE-SA:2009:063 (MozillaFirefox) File : nvt/suse_sa_2009_063.nasl |
2009-12-30 | Name : Ubuntu USN-873-1 (xulrunner-1.9) File : nvt/ubuntu_873_1.nasl |
2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1673 File : nvt/RHSA_2009_1673.nasl |
2009-12-30 | Name : Ubuntu USN-874-1 (xulrunner-1.9.1) File : nvt/ubuntu_874_1.nasl |
2009-12-30 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox43.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13366 (gnome-python2-extras) File : nvt/fcore_2009_13366.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13362 (seamonkey) File : nvt/fcore_2009_13362.nasl |
2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13333 (firefox) File : nvt/fcore_2009_13333.nasl |
2009-12-30 | Name : Debian Security Advisory DSA 1956-1 (xulrunner) File : nvt/deb_1956_1.nasl |
2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1674 File : nvt/RHSA_2009_1674.nasl |
2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_firefox_mult_vuln_dec09_lin01.nasl |
2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_firefox_mult_vuln_dec09_lin02.nasl |
2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_firefox_mult_vuln_dec09_win01.nasl |
2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_firefox_mult_vuln_dec09_win02.nasl |
2009-12-23 | Name : Seamonkey Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_seamonkey_mult_vuln_dec09_lin.nasl |
2009-12-23 | Name : Seamonkey Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_seamonkey_mult_vuln_dec09_win.nasl |
2009-12-23 | Name : Thunderbird Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_thunderbird_mult_vuln_dec09_lin.nasl |
2009-12-23 | Name : Thunderbird Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_thunderbird_mult_vuln_dec09_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61101 | Mozilla Multiple Browser NTLM Reflection Authentication Credential Disclosure |
61100 | Mozilla Multiple Browsers document.location 204 Response SSL Status Spoofing |
61099 | Mozilla Multiple Browsers document.location Blank Page Content Spoofing |
61096 | Mozilla Firefox Browser Engine Unspecified Memory Corruption |
61095 | Mozilla Multiple Browsers Chrome window.opener Property Privilege Escalation |
61094 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1674.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1673.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091216_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091215_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6734.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6735.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-338.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12616.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO |
2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2010-03-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1119.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote SuSE system is missing a security patch for MozillaThunderbird File : suse_11_2_MozillaThunderbird-100305.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1956.nasl - Type : ACT_GATHER_INFO |
2010-01-22 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_301.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-878-1.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-877-1.nasl - Type : ACT_GATHER_INFO |
2010-01-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-091223.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6736.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-339.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-091221.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6733.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-091217.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-873-1.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-874-1.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1674.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1673.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-13333.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13362.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-13366.nasl - Type : ACT_GATHER_INFO |
2009-12-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_01c57d20ea2611debd3900248c9b4be7.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3016.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_356.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_201.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1673.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1674.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:08 |
|