Executive Summary
Summary | |
---|---|
Title | firefox security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0112 | First vendor Publication | 2010-02-17 |
Vendor | RedHat | Last vendor Modification | 2010-02-17 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0159, CVE-2010-0160) Two flaws were found in the way certain content was processed. An attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript. (CVE-2009-3988, CVE-2010-0162) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.18. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 566047 - CVE-2010-0159 Mozilla crashes with evidence of memory corruption (MFSA 2010-01) 566049 - CVE-2010-0160 Mozilla implementation of Web Workers can lead to crash with evidence of memory corruption (MFSA 2010-02) 566050 - CVE-2009-1571 Mozilla incorrectly frees used memory (MFSA 2010-03) 566051 - CVE-2009-3988 Mozilla violation of same-origin policy due to properties set on objects passed to showModalDialog (MFSA 2010-04) 566052 - CVE-2010-0162 Mozilla bypass of same-origin policy due to improper SVG document processing (MFSA 2010-05) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0112.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
25 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10697 | |||
Oval ID: | oval:org.mitre.oval:def:10697 | ||
Title: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0162 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11166 | |||
Oval ID: | oval:org.mitre.oval:def:11166 | ||
Title: | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
Description: | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0160 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11227 | |||
Oval ID: | oval:org.mitre.oval:def:11227 | ||
Title: | Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | ||
Description: | Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1571 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13349 | |||
Oval ID: | oval:org.mitre.oval:def:13349 | ||
Title: | DSA-1999-1 xulrunner -- several | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1571 Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. CVE-2009-3988 Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. CVE-2010-0159 Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. CVE-2010-0160 Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. CVE-2010-0162 Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. For the stable distribution, these problems have been fixed in version 1.9.0.18-1. For the unstable distribution, these problems have been fixed in version 1.9.1.8-1. We recommend that you upgrade your xulrunner packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1999-1 CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7463 | |||
Oval ID: | oval:org.mitre.oval:def:7463 | ||
Title: | DSA-1999 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1999 CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8355 | |||
Oval ID: | oval:org.mitre.oval:def:8355 | ||
Title: | Mozilla Firefox and SeaMonkey XSS Vulnerability due to window.dialogArguments being readable cross-domain | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3988 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8465 | |||
Oval ID: | oval:org.mitre.oval:def:8465 | ||
Title: | Mozilla Firefox and SeaMonkey Web Worker Array Handling Heap Corruption Vulnerability | ||
Description: | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0160 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8485 | |||
Oval ID: | oval:org.mitre.oval:def:8485 | ||
Title: | Mozilla Firefox, Thunderbird and SeaMonkey Browser Engine Memory Corruption Vulnerability | ||
Description: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0159 | Version: | 20 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8615 | |||
Oval ID: | oval:org.mitre.oval:def:8615 | ||
Title: | Mozilla Firefox, Thunderbird and SeaMonkey Use-After-Free HTML Parser Vulnerability | ||
Description: | Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1571 | Version: | 20 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8631 | |||
Oval ID: | oval:org.mitre.oval:def:8631 | ||
Title: | Mozilla Firefox and SeaMonkey XSS hazard using SVG document and binary Content-Type | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0162 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9384 | |||
Oval ID: | oval:org.mitre.oval:def:9384 | ||
Title: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3988 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9590 | |||
Oval ID: | oval:org.mitre.oval:def:9590 | ||
Title: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | ||
Description: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0159 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-05-21 | Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for firefox CESA-2010:0112 centos5 i386 File : nvt/gb_CESA-2010_0112_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386 File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl |
2010-03-22 | Name : RedHat Update for thunderbird RHSA-2010:0154-02 File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl |
2010-03-22 | Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386 File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl |
2010-03-12 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:051 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2010_051.nasl |
2010-03-05 | Name : Fedora Update for sunbird FEDORA-2010-3267 File : nvt/gb_fedora_2010_3267_sunbird_fc11.nasl |
2010-03-05 | Name : Fedora Update for thunderbird FEDORA-2010-3267 File : nvt/gb_fedora_2010_3267_thunderbird_fc11.nasl |
2010-03-05 | Name : SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2010:015 File : nvt/gb_suse_2010_015.nasl |
2010-03-05 | Name : Fedora Update for sunbird FEDORA-2010-3230 File : nvt/gb_fedora_2010_3230_sunbird_fc12.nasl |
2010-03-05 | Name : Fedora Update for thunderbird FEDORA-2010-3230 File : nvt/gb_fedora_2010_3230_thunderbird_fc12.nasl |
2010-03-02 | Name : Fedora Update for evolution-rss FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_evolution-rss_fc11.nasl |
2010-03-02 | Name : Fedora Update for chmsee FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_chmsee_fc11.nasl |
2010-03-02 | Name : Fedora Update for firefox FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_firefox_fc11.nasl |
2010-03-02 | Name : Fedora Update for galeon FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_galeon_fc11.nasl |
2010-03-02 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_gnome-python2-extras_fc11.nasl |
2010-03-02 | Name : Fedora Update for gnome-web-photo FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_gnome-web-photo_fc11.nasl |
2010-03-02 | Name : Fedora Update for google-gadgets FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_google-gadgets_fc11.nasl |
2010-03-02 | Name : Fedora Update for hulahop FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_hulahop_fc11.nasl |
2010-03-02 | Name : Fedora Update for kazehakase FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_kazehakase_fc11.nasl |
2010-03-02 | Name : Fedora Update for monodevelop FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_monodevelop_fc11.nasl |
2010-03-02 | Name : Fedora Update for mozvoikko FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_mozvoikko_fc11.nasl |
2010-03-02 | Name : Fedora Update for pcmanx-gtk2 FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_pcmanx-gtk2_fc11.nasl |
2010-03-02 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_perl-Gtk2-MozEmbed_fc11.nasl |
2010-03-02 | Name : Fedora Update for ruby-gnome2 FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_ruby-gnome2_fc11.nasl |
2010-03-02 | Name : Fedora Update for xulrunner FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_xulrunner_fc11.nasl |
2010-03-02 | Name : Fedora Update for yelp FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_yelp_fc11.nasl |
2010-03-02 | Name : Fedora Update for epiphany-extensions FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_epiphany-extensions_fc11.nasl |
2010-03-02 | Name : Fedora Update for blam FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_blam_fc12.nasl |
2010-03-02 | Name : Fedora Update for firefox FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_firefox_fc12.nasl |
2010-03-02 | Name : Fedora Update for galeon FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_galeon_fc12.nasl |
2010-03-02 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_gnome-python2-extras_fc12.nasl |
2010-03-02 | Name : Fedora Update for gnome-web-photo FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_gnome-web-photo_fc12.nasl |
2010-03-02 | Name : Fedora Update for mozvoikko FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_mozvoikko_fc12.nasl |
2010-03-02 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_perl-Gtk2-MozEmbed_fc12.nasl |
2010-03-02 | Name : Fedora Update for xulrunner FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_xulrunner_fc12.nasl |
2010-03-02 | Name : Fedora Update for seamonkey FEDORA-2010-1932 File : nvt/gb_fedora_2010_1932_seamonkey_fc12.nasl |
2010-03-02 | Name : Fedora Update for Miro FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_Miro_fc11.nasl |
2010-03-02 | Name : Fedora Update for blam FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_blam_fc11.nasl |
2010-03-02 | Name : Fedora Update for eclipse FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_eclipse_fc11.nasl |
2010-03-02 | Name : Fedora Update for epiphany FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_epiphany_fc11.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Win) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_win01.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Linux) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_lin.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Lin) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_lin01.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Windows) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_win.nasl |
2010-02-25 | Name : Debian Security Advisory DSA 1999-1 (xulrunner) File : nvt/deb_1999_1.nasl |
2010-02-22 | Name : Mandriva Update for firefox MDVSA-2010:042 (firefox) File : nvt/gb_mandriva_MDVSA_2010_042.nasl |
2010-02-19 | Name : RedHat Update for seamonkey RHSA-2010:0113-01 File : nvt/gb_RHSA-2010_0113-01_seamonkey.nasl |
2010-02-19 | Name : RedHat Update for firefox RHSA-2010:0112-01 File : nvt/gb_RHSA-2010_0112-01_firefox.nasl |
2010-02-19 | Name : CentOS Update for seamonkey CESA-2010:0113 centos4 i386 File : nvt/gb_CESA-2010_0113_seamonkey_centos4_i386.nasl |
2010-02-19 | Name : Ubuntu Update for Firefox 3.0 and Xulrunner 1.9 vulnerabilities USN-895-1 File : nvt/gb_ubuntu_USN_895_1.nasl |
2010-02-19 | Name : Ubuntu Update for Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities USN-896-1 File : nvt/gb_ubuntu_USN_896_1.nasl |
2010-02-19 | Name : CentOS Update for seamonkey CESA-2010:0113 centos3 i386 File : nvt/gb_CESA-2010_0113_seamonkey_centos3_i386.nasl |
2010-02-19 | Name : CentOS Update for firefox CESA-2010:0112 centos4 i386 File : nvt/gb_CESA-2010_0112_firefox_centos4_i386.nasl |
2010-02-18 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox44.nasl |
2010-02-15 | Name : Mandriva Update for mmc-web-base MDVA-2010:051 (mmc-web-base) File : nvt/gb_mandriva_MDVA_2010_051.nasl |
2010-01-29 | Name : Mandriva Update for urpmi MDVA-2010:042 (urpmi) File : nvt/gb_mandriva_MDVA_2010_042.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62428 | Mozilla Multiple Browsers Web Worker Array Handling Heap Corruption |
62427 | Mozilla Multiple Browsers window.dialogArguments Same-origin Policy Bypass XSS |
62426 | Mozilla Multiple Browsers SVG Document Binary Content-Type Header XSS Weakness |
62425 | Mozilla Multiple Browsers HTML Parser Use-after-free Memory Corruption |
62424 | Mozilla Multiple Browsers Unspecified Memory Corruption (534082) |
62423 | Mozilla Multiple Browsers Unspecified Memory Corruption (501934) |
62422 | Mozilla Multiple Browsers Unspecified Memory Corruption (528300) |
62421 | Mozilla Multiple Browsers Unspecified Memory Corruption (528134) |
62420 | Mozilla Multiple Browsers Unspecified Memory Corruption (527567) |
62419 | Mozilla Multiple Browsers Unspecified Memory Corruption (467005) |
62418 | Mozilla Multiple Browsers Unspecified Memory Corruption (530880) |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100217_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6867.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6866.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1932.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-1936.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-3230.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-3267.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-1727.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote SuSE system is missing a security patch for MozillaThunderbird File : suse_11_2_MozillaThunderbird-100305.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-051.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_302.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-100223.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-100223.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-100219.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100218.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100218.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100219.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6863.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6871.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1999.nasl - Type : ACT_GATHER_INFO |
2010-02-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-042.nasl - Type : ACT_GATHER_INFO |
2010-02-19 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f82c85d81c6e11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-895-1.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-896-1.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_203.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_358.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3018.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:15 |
|