Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | seamonkey security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2010:0680 | First vendor Publication | 2010-09-07 |
| Vendor | RedHat | Last vendor Modification | 2010-09-07 |
| Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3169) A buffer overflow flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2010-2768) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 630055 - CVE-2010-3169 Mozilla Miscellaneous memory safety hazards 630056 - CVE-2010-2765 Mozilla Frameset integer overflow vulnerability (MFSA 2010-50) 630059 - CVE-2010-2767 Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51) 630062 - CVE-2010-2760 Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54) 630064 - CVE-2010-3168 Mozilla XUL tree removal crash and remote code execution (MFSA 2010-55) 630067 - CVE-2010-3167 Mozilla Dangling pointer vulnerability in nsTreeContentView (MFSA 2010-56) 630074 - CVE-2010-2768 Mozilla UTF-7 XSS by overriding document charset using <object> type attribute (MFSA 2010-61) |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2010-0680.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 43 % | CWE-399 | Resource Management Errors |
| 29 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 14 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 14 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11519 | |||
| Oval ID: | oval:org.mitre.oval:def:11519 | ||
| Title: | Mozilla Multiple Products FRAMESET Element cols Attribute Handling Overflow | ||
| Description: | Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2765 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11735 | |||
| Oval ID: | oval:org.mitre.oval:def:11735 | ||
| Title: | Mozilla Multiple Products Document Charset OBJECT Element UTF-7 XSS Protection Mechanism Bypass | ||
| Description: | Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2768 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11799 | |||
| Oval ID: | oval:org.mitre.oval:def:11799 | ||
| Title: | Mozilla Multiple Products nsTreeSelection Selection Range Calculation Overflow | ||
| Description: | Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2760 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11969 | |||
| Oval ID: | oval:org.mitre.oval:def:11969 | ||
| Title: | Mozilla Multiple Products navigator.plugins DOM Plugin Array Destruction Navigator Object Dangling Pointer Arbitrary Code Execution | ||
| Description: | The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2767 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12001 | |||
| Oval ID: | oval:org.mitre.oval:def:12001 | ||
| Title: | Mozilla Multiple Products XUL Tree Removal Property Change Role Restriction Weakness DoS | ||
| Description: | Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3168 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12136 | |||
| Oval ID: | oval:org.mitre.oval:def:12136 | ||
| Title: | Mozilla Multiple Products nsTreeContentView Function XUL Tree Node Removal Deleted Memory Dangling Pointer Arbitrary Code Execution | ||
| Description: | The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3167 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12145 | |||
| Oval ID: | oval:org.mitre.oval:def:12145 | ||
| Title: | Mozilla Multiple Products Browser Engine Unspecified Memory Corruption | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3169 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12717 | |||
| Oval ID: | oval:org.mitre.oval:def:12717 | ||
| Title: | DSA-2106-2 xulrunner -- several | ||
| Description: | DSA-2106-1 introduced a regression that could lead to an application crash. This update fixes this problem. For reference, the text of the original advisory is provided below. Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: - - Implementation errors in XUL processing allow the execution of arbitrary code - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy - - An integer overflow in frame handling allows the execution of arbitrary code - - An implementation error in DOM handling allows the execution of arbitrary code - - Incorrect pointer handling in the plugin code allow the execution of arbitrary code - - Incorrect handling of an object tag may lead to the bypass of cross site scripting filters - - Incorrect copy and paste handling could lead to cross site scripting - - Crashes in the layout engine may lead to the execution of arbitrary code For the stable distribution, the problem has been fixed in version 1.9.0.19-5. The packages for the mips architecture are not included in this update. They will be released as soon as they become available. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2106-2 CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12733 | |||
| Oval ID: | oval:org.mitre.oval:def:12733 | ||
| Title: | DSA-2106-1 xulrunner -- several | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: - - Implementation errors in XUL processing allow the execution of arbitrary code - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy - - An integer overflow in frame handling allows the execution of arbitrary code - - An implementation error in DOM handling allows the execution of arbitrary code - - Incorrect pointer handling in the plugin code allow the execution of arbitrary code - - Incorrect handling of an object tag may lead to the bypass of cross site scripting filters - - Incorrect copy and paste handling could lead to cross site scripting - - Crashes in the layout engine may lead to the execution of arbitrary code For the stable distribution, these problems have been fixed in version 1.9.0.19-4. For the unstable distribution, these problems have been fixed in version 3.5.12-1 of the iceweasel source package. For the experimental distribution, these problems have been fixed in version 3.6.9-1 of the iceweasel source package. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2106-1 CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13194 | |||
| Oval ID: | oval:org.mitre.oval:def:13194 | ||
| Title: | USN-978-1 -- thunderbird vulnerabilities | ||
| Description: | Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. It was discovered that the XPCSafeJSObjectWrapper security wrapper did not always honor the same-origin policy. If JavaScript was enabled, an attacker could exploit this to run untrusted JavaScript from other domains. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. If JavaScript was enabled, an attacker could utilize this to perform cross-site scripting attacks. A buffer overflow was discovered in Thunderbird when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-978-1 CVE-2010-2760 CVE-2010-2767 CVE-2010-3167 CVE-2010-2763 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-3168 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3169 | Version: | 5 |
| Platform(s): | Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13381 | |||
| Oval ID: | oval:org.mitre.oval:def:13381 | ||
| Title: | USN-978-2 -- thunderbird regression | ||
| Description: | USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported stability problems under certain circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. It was discovered that the XPCSafeJSObjectWrapper security wrapper did not always honor the same-origin policy. If JavaScript was enabled, an attacker could exploit this to run untrusted JavaScript from other domains. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. If JavaScript was enabled, an attacker could utilize this to perform cross-site scripting attacks. A buffer overflow was discovered in Thunderbird when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-978-2 CVE-2010-2760 CVE-2010-2767 CVE-2010-3167 CVE-2010-2763 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-3168 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3169 | Version: | 5 |
| Platform(s): | Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21457 | |||
| Oval ID: | oval:org.mitre.oval:def:21457 | ||
| Title: | RHSA-2010:0682: thunderbird security update (Moderate) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0682-01 CESA-2010:0682 CVE-2010-2760 CVE-2010-2765 CVE-2010-2767 CVE-2010-2768 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 94 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22355 | |||
| Oval ID: | oval:org.mitre.oval:def:22355 | ||
| Title: | RHSA-2010:0681: firefox security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0681-01 CESA-2010:0681 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 159 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | firefox nspr nss xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22852 | |||
| Oval ID: | oval:org.mitre.oval:def:22852 | ||
| Title: | ELSA-2010:0681: firefox security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0681-01 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 53 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox nspr nss xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23121 | |||
| Oval ID: | oval:org.mitre.oval:def:23121 | ||
| Title: | ELSA-2010:0682: thunderbird security update (Moderate) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0682-01 CVE-2010-2760 CVE-2010-2765 CVE-2010-2767 CVE-2010-2768 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 33 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-08-09 | Name : CentOS Update for firefox CESA-2010:0681 centos5 i386 File : nvt/gb_CESA-2010_0681_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0682 centos5 i386 File : nvt/gb_CESA-2010_0682_thunderbird_centos5_i386.nasl |
| 2010-11-16 | Name : SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2010:056 File : nvt/gb_suse_2010_056.nasl |
| 2010-10-19 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2010:049 File : nvt/gb_suse_2010_049.nasl |
| 2010-10-10 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox50.nasl |
| 2010-10-10 | Name : Debian Security Advisory DSA 2106-1 (xulrunner) File : nvt/deb_2106_1.nasl |
| 2010-09-22 | Name : Ubuntu Update for thunderbird regression USN-978-2 File : nvt/gb_ubuntu_USN_978_2.nasl |
| 2010-09-22 | Name : Ubuntu Update for Firefox and Xulrunner regression USN-975-2 File : nvt/gb_ubuntu_USN_975_2.nasl |
| 2010-09-14 | Name : Mandriva Update for firefox MDVSA-2010:173 (firefox) File : nvt/gb_mandriva_MDVSA_2010_173.nasl |
| 2010-09-10 | Name : Fedora Update for xulrunner FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_xulrunner_fc12.nasl |
| 2010-09-10 | Name : CentOS Update for seamonkey CESA-2010:0680 centos3 i386 File : nvt/gb_CESA-2010_0680_seamonkey_centos3_i386.nasl |
| 2010-09-10 | Name : Ubuntu Update for thunderbird vulnerabilities USN-978-1 File : nvt/gb_ubuntu_USN_978_1.nasl |
| 2010-09-10 | Name : CentOS Update for seamonkey CESA-2010:0680 centos4 i386 File : nvt/gb_CESA-2010_0680_seamonkey_centos4_i386.nasl |
| 2010-09-10 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-975-1 File : nvt/gb_ubuntu_USN_975_1.nasl |
| 2010-09-10 | Name : CentOS Update for firefox CESA-2010:0681 centos4 i386 File : nvt/gb_CESA-2010_0681_firefox_centos4_i386.nasl |
| 2010-09-10 | Name : CentOS Update for thunderbird CESA-2010:0682 centos4 i386 File : nvt/gb_CESA-2010_0682_thunderbird_centos4_i386.nasl |
| 2010-09-10 | Name : Mozilla Products Multiple Vulnerabilities sep-10 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_sep10.nasl |
| 2010-09-10 | Name : RedHat Update for seamonkey RHSA-2010:0680-01 File : nvt/gb_RHSA-2010_0680-01_seamonkey.nasl |
| 2010-09-10 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_perl-Gtk2-MozEmbed_fc12.nasl |
| 2010-09-10 | Name : Fedora Update for mozvoikko FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_mozvoikko_fc12.nasl |
| 2010-09-10 | Name : Fedora Update for gnome-web-photo FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_gnome-web-photo_fc12.nasl |
| 2010-09-10 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_gnome-python2-extras_fc12.nasl |
| 2010-09-10 | Name : Fedora Update for galeon FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_galeon_fc12.nasl |
| 2010-09-10 | Name : Fedora Update for firefox FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_firefox_fc12.nasl |
| 2010-09-10 | Name : RedHat Update for thunderbird RHSA-2010:0682-01 File : nvt/gb_RHSA-2010_0682-01_thunderbird.nasl |
| 2010-09-10 | Name : RedHat Update for firefox RHSA-2010:0681-01 File : nvt/gb_RHSA-2010_0681-01_firefox.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 67913 | Mozilla Multiple Products Browser Engine Unspecified Memory Corruption |
| 67912 | Mozilla Multiple Products XUL Tree Removal Property Change Role Restriction W... |
| 67911 | Mozilla Multiple Products nsTreeContentView Function XUL Tree Node Removal De... |
| 67906 | Mozilla Multiple Products Document Charset OBJECT Element UTF-7 XSS Protectio... |
| 67905 | Mozilla Multiple Products navigator.plugins DOM Plugin Array Destruction Navi... |
| 67903 | Mozilla Multiple Products FRAMESET Element cols Attribute Handling Overflow |
| 66601 | Mozilla Multiple Products nsTreeSelection Selection Range Calculation Overflow |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-100917.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-100916.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0680.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0681.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0682.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100907_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100907_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100907_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2011-04-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0681.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100921.nasl - Type : ACT_GATHER_INFO |
| 2010-11-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7208.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-101022.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
| 2010-10-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-100916.nasl - Type : ACT_GATHER_INFO |
| 2010-10-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO |
| 2010-10-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-100917.nasl - Type : ACT_GATHER_INFO |
| 2010-10-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO |
| 2010-09-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO |
| 2010-09-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-100917.nasl - Type : ACT_GATHER_INFO |
| 2010-09-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100917.nasl - Type : ACT_GATHER_INFO |
| 2010-09-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO |
| 2010-09-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-975-2.nasl - Type : ACT_GATHER_INFO |
| 2010-09-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-978-2.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0680.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-173.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0681.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0682.nasl - Type : ACT_GATHER_INFO |
| 2010-09-09 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-14362.nasl - Type : ACT_GATHER_INFO |
| 2010-09-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-978-1.nasl - Type : ACT_GATHER_INFO |
| 2010-09-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2106.nasl - Type : ACT_GATHER_INFO |
| 2010-09-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-975-1.nasl - Type : ACT_GATHER_INFO |
| 2010-09-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4a21ce2cbb1311df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_307.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_207.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0682.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0680.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3512.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_369.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_313.nasl - Type : ACT_GATHER_INFO |
| 2010-08-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-958-1.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:53:49 |
|
