Executive Summary
Summary | |
---|---|
Title | seamonkey security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0781 | First vendor Publication | 2010-10-19 |
Vendor | RedHat | Last vendor Modification | 2010-10-19 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3176, CVE-2010-3180) A flaw was found in the way the Gopher parser in SeaMonkey converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running SeaMonkey, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH variable was appending a "." character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running SeaMonkey, if that user ran SeaMonkey from within an attacker-controlled directory. (CVE-2010-3182) It was found that the SSL DHE (Diffie-Hellman Ephemeral) mode implementation for key exchanges in SeaMonkey accepted DHE keys that were 256 bits in length. This update removes support for 256 bit DHE keys, as such keys are easily broken using modern hardware. (CVE-2010-3173) A flaw was found in the way SeaMonkey matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. SeaMonkey incorrectly accepted connections to IP addresses that fell within the SSL certificate's wildcard range as valid SSL connections, possibly allowing an attacker to conduct a man-in-the-middle attack. (CVE-2010-3170) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 630047 - CVE-2010-3170 firefox/nss: Doesn't handle wildcards in Common Name properly 642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards 642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp 642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs 642300 - CVE-2010-3182 Mozilla unsafe library loading flaw 642302 - CVE-2010-3173 Mozilla insecure Diffie-Hellman key exchange |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0781.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-310 | Cryptographic Issues |
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12118 | |||
Oval ID: | oval:org.mitre.oval:def:12118 | ||
Title: | Vulnerability in SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 | ||
Description: | The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3173 | Version: | 25 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12132 | |||
Oval ID: | oval:org.mitre.oval:def:12132 | ||
Title: | Denial of service in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3176 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12158 | |||
Oval ID: | oval:org.mitre.oval:def:12158 | ||
Title: | Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 | ||
Description: | Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3180 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12202 | |||
Oval ID: | oval:org.mitre.oval:def:12202 | ||
Title: | Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9 | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3177 | Version: | 18 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12254 | |||
Oval ID: | oval:org.mitre.oval:def:12254 | ||
Title: | SSL Server X.509 Certificate Spoofing Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 | ||
Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3170 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12568 | |||
Oval ID: | oval:org.mitre.oval:def:12568 | ||
Title: | DSA-2123-1 nss -- several | ||
Description: | Several vulnerabilities have been discovered in Mozilla's Network Security Services library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3170 NSS recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2010-3173 NSS does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. For the stable distribution, these problems have been fixed in version 3.12.3.1-0lenny2. For the unstable distribution and the upcoming stable distribution, these problems have been fixed in version 3.12.8-1. We recommend that you upgrade your NSS packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2123-1 CVE-2010-3170 CVE-2010-3173 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nss |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13508 | |||
Oval ID: | oval:org.mitre.oval:def:13508 | ||
Title: | USN-998-1 -- thunderbird vulnerabilities | ||
Description: | Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Eduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program | ||
Family: | unix | Class: | patch |
Reference(s): | USN-998-1 CVE-2010-3175 CVE-2010-3176 CVE-2010-3179 CVE-2010-3180 CVE-2010-3183 CVE-2010-3178 CVE-2010-3182 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13844 | |||
Oval ID: | oval:org.mitre.oval:def:13844 | ||
Title: | DEPRECATED: A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||
Description: | A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3182 | Version: | 14 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19768 | |||
Oval ID: | oval:org.mitre.oval:def:19768 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3173 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20226 | |||
Oval ID: | oval:org.mitre.oval:def:20226 | ||
Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3170 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21848 | |||
Oval ID: | oval:org.mitre.oval:def:21848 | ||
Title: | RHSA-2010:0862: nss security update (Low) | ||
Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0862-02 CVE-2010-3170 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | nss nss-softokn nss-util |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22324 | |||
Oval ID: | oval:org.mitre.oval:def:22324 | ||
Title: | RHSA-2010:0780: thunderbird security update (Moderate) | ||
Description: | A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0780-01 CESA-2010:0780 CVE-2010-3176 CVE-2010-3180 CVE-2010-3182 | Version: | 42 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23160 | |||
Oval ID: | oval:org.mitre.oval:def:23160 | ||
Title: | ELSA-2010:0780: thunderbird security update (Moderate) | ||
Description: | A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0780-01 CVE-2010-3176 CVE-2010-3180 CVE-2010-3182 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23275 | |||
Oval ID: | oval:org.mitre.oval:def:23275 | ||
Title: | ELSA-2010:0862: nss security update (Low) | ||
Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0862-02 CVE-2010-3170 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | nss nss-softokn nss-util |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27951 | |||
Oval ID: | oval:org.mitre.oval:def:27951 | ||
Title: | DEPRECATED: ELSA-2010-0862 -- nss security update (low) | ||
Description: | nss: [3.12.8-1.0.1.el6] - Update expired PayPalEE.cert to fix build failure - Use blank image instead of clean.gif in nss-3.12.8-stripped.tar.bz2 [3.12.8-1] - Update to 3.12.8 nss-softokn: [3.12.8-1] - Update to 3.12.8 nss-util: [3.12.7-1] - Update to 3.12.7 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0862 CVE-2010-3170 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | nss nss-softokn nss-util |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0780 centos5 i386 File : nvt/gb_CESA-2010_0780_thunderbird_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2010:0782 centos5 i386 File : nvt/gb_CESA-2010_0782_firefox_centos5_i386.nasl |
2010-12-02 | Name : Fedora Update for nss FEDORA-2010-15897 File : nvt/gb_fedora_2010_15897_nss_fc14.nasl |
2010-12-02 | Name : Fedora Update for nss-util FEDORA-2010-15897 File : nvt/gb_fedora_2010_15897_nss-util_fc14.nasl |
2010-12-02 | Name : Fedora Update for nss-softokn FEDORA-2010-15897 File : nvt/gb_fedora_2010_15897_nss-softokn_fc14.nasl |
2010-12-02 | Name : Fedora Update for xulrunner FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_xulrunner_fc14.nasl |
2010-12-02 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_perl-Gtk2-MozEmbed_fc14.nasl |
2010-12-02 | Name : Fedora Update for mozvoikko FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_mozvoikko_fc14.nasl |
2010-12-02 | Name : Fedora Update for gnome-web-photo FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_gnome-web-photo_fc14.nasl |
2010-12-02 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_gnome-python2-extras_fc14.nasl |
2010-12-02 | Name : Fedora Update for galeon FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_galeon_fc14.nasl |
2010-12-02 | Name : Fedora Update for firefox FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_firefox_fc14.nasl |
2010-11-17 | Name : Debian Security Advisory DSA 2124-1 (xulrunner) File : nvt/deb_2124_1.nasl |
2010-11-17 | Name : Debian Security Advisory DSA 2123-1 (nss) File : nvt/deb_2123_1.nasl |
2010-11-17 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox52.nasl |
2010-11-16 | Name : Fedora Update for galeon FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_galeon_fc12.nasl |
2010-11-16 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_gnome-python2-extras_fc12.nasl |
2010-11-16 | Name : Fedora Update for firefox FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_firefox_fc12.nasl |
2010-11-16 | Name : Fedora Update for gnome-web-photo FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_gnome-web-photo_fc12.nasl |
2010-11-16 | Name : Fedora Update for mozvoikko FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_mozvoikko_fc12.nasl |
2010-11-16 | Name : Fedora Update for nss FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss_fc12.nasl |
2010-11-16 | Name : Fedora Update for nss-util FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss-util_fc12.nasl |
2010-11-16 | Name : Fedora Update for nss-softokn FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss-softokn_fc12.nasl |
2010-11-16 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_perl-Gtk2-MozEmbed_fc12.nasl |
2010-11-16 | Name : Fedora Update for xulrunner FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_xulrunner_fc12.nasl |
2010-11-16 | Name : SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2010:056 File : nvt/gb_suse_2010_056.nasl |
2010-11-04 | Name : Fedora Update for mozvoikko FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_mozvoikko_fc13.nasl |
2010-11-04 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_perl-Gtk2-MozEmbed_fc13.nasl |
2010-11-04 | Name : CentOS Update for thunderbird CESA-2010:0780 centos4 i386 File : nvt/gb_CESA-2010_0780_thunderbird_centos4_i386.nasl |
2010-11-04 | Name : CentOS Update for seamonkey CESA-2010:0781 centos3 i386 File : nvt/gb_CESA-2010_0781_seamonkey_centos3_i386.nasl |
2010-11-04 | Name : CentOS Update for seamonkey CESA-2010:0781 centos4 i386 File : nvt/gb_CESA-2010_0781_seamonkey_centos4_i386.nasl |
2010-11-04 | Name : CentOS Update for firefox CESA-2010:0782 centos4 i386 File : nvt/gb_CESA-2010_0782_firefox_centos4_i386.nasl |
2010-11-04 | Name : Fedora Update for nss-softokn FEDORA-2010-15520 File : nvt/gb_fedora_2010_15520_nss-softokn_fc13.nasl |
2010-11-04 | Name : Fedora Update for nss-util FEDORA-2010-15520 File : nvt/gb_fedora_2010_15520_nss-util_fc13.nasl |
2010-11-04 | Name : Fedora Update for firefox FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_firefox_fc13.nasl |
2010-11-04 | Name : Fedora Update for xulrunner FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_xulrunner_fc13.nasl |
2010-11-04 | Name : Fedora Update for galeon FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_galeon_fc13.nasl |
2010-11-04 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_gnome-python2-extras_fc13.nasl |
2010-11-04 | Name : Fedora Update for gnome-web-photo FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_gnome-web-photo_fc13.nasl |
2010-11-04 | Name : Fedora Update for nss FEDORA-2010-15520 File : nvt/gb_fedora_2010_15520_nss_fc13.nasl |
2010-10-28 | Name : Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows) File : nvt/gb_mozilla_prdts_mult_xss_vuln_win.nasl |
2010-10-28 | Name : Mozilla Products Multiple Vulnerabilities October-10 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_oct10.nasl |
2010-10-28 | Name : Mozilla Products Multiple Unspecified Vulnerabilities October-10(Windows) File : nvt/gb_mozilla_prdts_mult_unspecified_vuln_win01.nasl |
2010-10-26 | Name : Mandriva Update for firefox MDVSA-2010:210 (firefox) File : nvt/gb_mandriva_MDVSA_2010_210.nasl |
2010-10-26 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:211 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2010_211.nasl |
2010-10-22 | Name : RedHat Update for thunderbird RHSA-2010:0780-01 File : nvt/gb_RHSA-2010_0780-01_thunderbird.nasl |
2010-10-22 | Name : RedHat Update for seamonkey RHSA-2010:0781-01 File : nvt/gb_RHSA-2010_0781-01_seamonkey.nasl |
2010-10-22 | Name : RedHat Update for firefox RHSA-2010:0782-01 File : nvt/gb_RHSA-2010_0782-01_firefox.nasl |
2010-10-22 | Name : Ubuntu Update for nss vulnerabilities USN-1007-1 File : nvt/gb_ubuntu_USN_1007_1.nasl |
2010-10-22 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-997-1 File : nvt/gb_ubuntu_USN_997_1.nasl |
2010-10-22 | Name : Ubuntu Update for thunderbird vulnerabilities USN-998-1 File : nvt/gb_ubuntu_USN_998_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68853 | Mozilla Multiple Products on Linux Unspecified Application-launch Script LD_L... Mozilla Firefox, Thunderbird and SeaMonkey on Linux are prone to a flaw in the way they load dynamic-link libraries (DLL). The programs use a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the programs will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening the program executable file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. |
68851 | Mozilla Multiple Products nsBarProp Function Use-after-free Closed Window loc... Mozilla Firefox, Thunderbird and SeaMonkey contain a use-after-free vulnerability related to the 'nsBarProp' function. This may allow a remote attacker to execute arbitrary code by accessing a closed window's locationbar property. |
68848 | Mozilla Multiple Products Gopher Parser Crafted File / Directory Name XSS Mozilla Firefox and SeaMonkey contain a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the file or directory names upon submission to the Gopher parser. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
68847 | Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corrupti... Mozilla Firefox, Thunderbird and SeaMonkey contain multiple flaws related to the browser engine that may allow a remote attacker to cause a denial of service via memory corruption. It is also possible, though not yet confirmed, that this may allow the execution of arbitrary code. |
68844 | Mozilla Multiple Products SSL Implementation Diffie-Hellman Ephemeral Mode Mi... Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw related to the SSL implementation's failure to properly set the minimum key length for Diffie-Hellman Ephemeral mode. This may allow a remote attacker to trivially brute-force the cryptographic protection. |
68079 | Mozilla Multiple Products SSL Certificate IP Address Wildcard Matching Weakness |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-12-01 | IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity : Category I - VMSKEY : V0030769 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-101029.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0780.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0781.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0782.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0862.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20101019_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101019_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_firefox_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_nss_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20101117_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101019_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-10-28 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-101103.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libfreebl3-101018.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-101118.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0781.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0782.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0780.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0861.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0896.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0862.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7208.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-7196.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-15989.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2124.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2123.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-101028.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-101028.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-16885.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-15897.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-16897.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-15520.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-101022.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-16593.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-211.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-210.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3611.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3514.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_315.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-998-1.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-997-1.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1007-1.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_209.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c4f067b9dc4a11df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_309.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0780.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0781.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0782.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:56 |
|