Executive Summary

Summary
Titlethunderbird security update
Informations
NameRHSA-2010:0896First vendor Publication2010-11-17
VendorRedHatLast vendor Modification2010-11-17
Severity (Vendor) ModerateRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765)

Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183)

A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird had loaded. (CVE-2010-3178)

Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled.

A flaw was found in the script that launches Thunderbird. The LD_LIBRARY_PATH variable was appending a "." character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Thunderbird, if that user ran Thunderbird from within an attacker-controlled directory. (CVE-2010-3182)

All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards 642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards 642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write 642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp 642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter 642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls 642300 - CVE-2010-3182 Mozilla unsafe library loading flaw 646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0896.html

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-399Resource Management Errors
CWE-264Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11943
 
Oval ID: oval:org.mitre.oval:def:11943
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3175
Version: 17
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12132
 
Oval ID: oval:org.mitre.oval:def:12132
Title: Denial of service in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3176
Version: 23
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12120
 
Oval ID: oval:org.mitre.oval:def:12120
Title: Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 via crafted HTML document
Description: Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3178
Version: 23
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11675
 
Oval ID: oval:org.mitre.oval:def:11675
Title: Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Description: Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3179
Version: 23
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12158
 
Oval ID: oval:org.mitre.oval:def:12158
Title: Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Description: Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3180
Version: 23
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22324
 
Oval ID: oval:org.mitre.oval:def:22324
Title: RHSA-2010:0780: thunderbird security update (Moderate)
Description: A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Family: unix Class: patch
Reference(s): RHSA-2010:0780-01
CESA-2010:0780
CVE-2010-3176
CVE-2010-3180
CVE-2010-3182
Version: 42
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13844
 
Oval ID: oval:org.mitre.oval:def:13844
Title: DEPRECATED: A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Description: A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3182
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13508
 
Oval ID: oval:org.mitre.oval:def:13508
Title: USN-998-1 -- thunderbird vulnerabilities
Description: Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Eduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program
Family: unix Class: patch
Reference(s): USN-998-1
CVE-2010-3175
CVE-2010-3176
CVE-2010-3179
CVE-2010-3180
CVE-2010-3183
CVE-2010-3178
CVE-2010-3182
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13392
 
Oval ID: oval:org.mitre.oval:def:13392
Title: USN-997-1 -- firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities
Description: Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Robert Swiecki discovered that Firefox did not properly validate Gopher URLs. If a user were tricked into opening a crafted file via Gopher, an attacker could possibly run arbitrary JavaScript. Eduardo Vela Nava discovered that Firefox could be made to violate the same-origin policy by using modal calls with JavaScript. An attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Firefox did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program
Family: unix Class: patch
Reference(s): USN-997-1
CVE-2010-3175
CVE-2010-3176
CVE-2010-3179
CVE-2010-3180
CVE-2010-3183
CVE-2010-3177
CVE-2010-3178
CVE-2010-3182
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04
Ubuntu 9.04
Ubuntu 9.10
Product(s): firefox
firefox-3.0
firefox-3.5
xulrunner-1.9.1
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23160
 
Oval ID: oval:org.mitre.oval:def:23160
Title: ELSA-2010:0780: thunderbird security update (Moderate)
Description: A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Family: unix Class: patch
Reference(s): ELSA-2010:0780-01
CVE-2010-3176
CVE-2010-3180
CVE-2010-3182
Version: 17
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22374
 
Oval ID: oval:org.mitre.oval:def:22374
Title: RHSA-2010:0782: firefox security update (Critical)
Description: The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.
Family: unix Class: patch
Reference(s): RHSA-2010:0782-01
CESA-2010:0782
CVE-2010-3170
CVE-2010-3173
CVE-2010-3175
CVE-2010-3176
CVE-2010-3177
CVE-2010-3178
CVE-2010-3179
CVE-2010-3180
CVE-2010-3182
CVE-2010-3183
Version: 133
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): firefox
nss
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11891
 
Oval ID: oval:org.mitre.oval:def:11891
Title: Vulnerability in the LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9
Description: The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3183
Version: 24
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23154
 
Oval ID: oval:org.mitre.oval:def:23154
Title: ELSA-2010:0782: firefox security update (Critical)
Description: The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.
Family: unix Class: patch
Reference(s): ELSA-2010:0782-01
CVE-2010-3170
CVE-2010-3173
CVE-2010-3175
CVE-2010-3176
CVE-2010-3177
CVE-2010-3178
CVE-2010-3179
CVE-2010-3180
CVE-2010-3182
CVE-2010-3183
Version: 45
Platform(s): Oracle Linux 5
Product(s): firefox
nss
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22375
 
Oval ID: oval:org.mitre.oval:def:22375
Title: RHSA-2010:0809: xulrunner security update (Critical)
Description: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Family: unix Class: patch
Reference(s): RHSA-2010:0809-01
CESA-2010:0809
CVE-2010-3765
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22356
 
Oval ID: oval:org.mitre.oval:def:22356
Title: RHSA-2010:0812: thunderbird security update (Moderate)
Description: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Family: unix Class: patch
Reference(s): RHSA-2010:0812-01
CESA-2010:0812
CVE-2010-3765
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22273
 
Oval ID: oval:org.mitre.oval:def:22273
Title: RHSA-2010:0861: firefox security update (Critical)
Description: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Family: unix Class: patch
Reference(s): RHSA-2010:0861-02
CVE-2010-3175
CVE-2010-3176
CVE-2010-3177
CVE-2010-3178
CVE-2010-3179
CVE-2010-3180
CVE-2010-3182
CVE-2010-3183
CVE-2010-3765
Version: 120
Platform(s): Red Hat Enterprise Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22070
 
Oval ID: oval:org.mitre.oval:def:22070
Title: RHSA-2010:0896: thunderbird security update (Moderate)
Description: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Family: unix Class: patch
Reference(s): RHSA-2010:0896-01
CVE-2010-3175
CVE-2010-3176
CVE-2010-3178
CVE-2010-3179
CVE-2010-3180
CVE-2010-3182
CVE-2010-3183
CVE-2010-3765
Version: 107
Platform(s): Red Hat Enterprise Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13512
 
Oval ID: oval:org.mitre.oval:def:13512
Title: USN-1011-3 -- xulrunner-1.9.1, xulrunner-1.9.2 vulnerability
Description: USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Xulrunner. Original advisory details: Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.
Family: unix Class: patch
Reference(s): USN-1011-3
CVE-2010-3765
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): xulrunner-1.9.1
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13200
 
Oval ID: oval:org.mitre.oval:def:13200
Title: USN-1011-1 -- firefox, firefox-3.0, firefox-3.5 vulnerability
Description: Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.
Family: unix Class: patch
Reference(s): USN-1011-1
CVE-2010-3765
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): firefox
firefox-3.0
firefox-3.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13075
 
Oval ID: oval:org.mitre.oval:def:13075
Title: USN-1011-2 -- thunderbird vulnerability
Description: USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird. Original advisory details: Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program.
Family: unix Class: patch
Reference(s): USN-1011-2
CVE-2010-3765
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12108
 
Oval ID: oval:org.mitre.oval:def:12108
Title: Arbitrary code execution vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10
Description: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3765
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Seamonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23599
 
Oval ID: oval:org.mitre.oval:def:23599
Title: ELSA-2010:0896: thunderbird security update (Moderate)
Description: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Family: unix Class: patch
Reference(s): ELSA-2010:0896-01
CVE-2010-3175
CVE-2010-3176
CVE-2010-3178
CVE-2010-3179
CVE-2010-3180
CVE-2010-3182
CVE-2010-3183
CVE-2010-3765
Version: 37
Platform(s): Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23391
 
Oval ID: oval:org.mitre.oval:def:23391
Title: ELSA-2010:0861: firefox security update (Critical)
Description: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Family: unix Class: patch
Reference(s): ELSA-2010:0861-02
CVE-2010-3175
CVE-2010-3176
CVE-2010-3177
CVE-2010-3178
CVE-2010-3179
CVE-2010-3180
CVE-2010-3182
CVE-2010-3183
CVE-2010-3765
Version: 41
Platform(s): Oracle Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22847
 
Oval ID: oval:org.mitre.oval:def:22847
Title: ELSA-2010:0812: thunderbird security update (Moderate)
Description: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Family: unix Class: patch
Reference(s): ELSA-2010:0812-01
CVE-2010-3765
Version: 6
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22187
 
Oval ID: oval:org.mitre.oval:def:22187
Title: ELSA-2010:0809: xulrunner security update (Critical)
Description: Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
Family: unix Class: patch
Reference(s): ELSA-2010:0809-01
CVE-2010-3765
Version: 6
Platform(s): Oracle Linux 5
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28076
 
Oval ID: oval:org.mitre.oval:def:28076
Title: ELSA-2010-0809 -- xulrunner security update (critical)
Description: [1.9.2.11-4.0.1.el5_5] - Added xulrunner-oracle-default-prefs.js and removed the corresponding RedHat one. [1.9.2.11-4.el5_5] - Add upstream patch for CVE-2010-3765
Family: unix Class: patch
Reference(s): ELSA-2010-0809
CVE-2010-3765
Version: 3
Platform(s): Oracle Linux 5
Product(s): xulrunner
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application97
Application54
Application75

SAINT Exploits

DescriptionLink
Mozilla Firefox document.write and DOM insertion memory corruptionMore info here

ExploitDB Exploits

idDescription
2010-10-28Firefox Memory Corruption Proof of Concept (Simplified)

OpenVAS Exploits

DateDescription
2011-08-09Name : CentOS Update for thunderbird CESA-2010:0780 centos5 i386
File : nvt/gb_CESA-2010_0780_thunderbird_centos5_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2010:0782 centos5 i386
File : nvt/gb_CESA-2010_0782_firefox_centos5_i386.nasl
2010-12-02Name : Fedora Update for firefox FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_firefox_fc14.nasl
2010-12-02Name : Fedora Update for galeon FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_galeon_fc14.nasl
2010-12-02Name : Fedora Update for gnome-python2-extras FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_gnome-python2-extras_fc14.nasl
2010-12-02Name : Fedora Update for gnome-web-photo FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_gnome-web-photo_fc14.nasl
2010-12-02Name : Fedora Update for mozvoikko FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_mozvoikko_fc14.nasl
2010-12-02Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_perl-Gtk2-MozEmbed_fc14.nasl
2010-12-02Name : Fedora Update for xulrunner FEDORA-2010-16897
File : nvt/gb_fedora_2010_16897_xulrunner_fc14.nasl
2010-11-17Name : Debian Security Advisory DSA 2124-1 (xulrunner)
File : nvt/deb_2124_1.nasl
2010-11-17Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox51.nasl
2010-11-17Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox52.nasl
2010-11-16Name : Fedora Update for firefox FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_firefox_fc12.nasl
2010-11-16Name : Fedora Update for galeon FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_galeon_fc12.nasl
2010-11-16Name : Fedora Update for gnome-python2-extras FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_gnome-python2-extras_fc12.nasl
2010-11-16Name : Fedora Update for gnome-web-photo FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_gnome-web-photo_fc12.nasl
2010-11-16Name : Fedora Update for mozvoikko FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_mozvoikko_fc12.nasl
2010-11-16Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_perl-Gtk2-MozEmbed_fc12.nasl
2010-11-16Name : Fedora Update for xulrunner FEDORA-2010-16885
File : nvt/gb_fedora_2010_16885_xulrunner_fc12.nasl
2010-11-16Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:219 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2010_219.nasl
2010-11-16Name : CentOS Update for thunderbird CESA-2010:0812 centos4 i386
File : nvt/gb_CESA-2010_0812_thunderbird_centos4_i386.nasl
2010-11-16Name : SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2010:056
File : nvt/gb_suse_2010_056.nasl
2010-11-04Name : Ubuntu Update for Firefox vulnerability USN-1011-1
File : nvt/gb_ubuntu_USN_1011_1.nasl
2010-11-04Name : Ubuntu Update for thunderbird vulnerability USN-1011-2
File : nvt/gb_ubuntu_USN_1011_2.nasl
2010-11-04Name : Ubuntu Update for Xulrunner vulnerability USN-1011-3
File : nvt/gb_ubuntu_USN_1011_3.nasl
2010-11-04Name : RedHat Update for firefox RHSA-2010:0808-01
File : nvt/gb_RHSA-2010_0808-01_firefox.nasl
2010-11-04Name : RedHat Update for xulrunner RHSA-2010:0809-01
File : nvt/gb_RHSA-2010_0809-01_xulrunner.nasl
2010-11-04Name : RedHat Update for seamonkey RHSA-2010:0810-01
File : nvt/gb_RHSA-2010_0810-01_seamonkey.nasl
2010-11-04Name : RedHat Update for thunderbird RHSA-2010:0812-01
File : nvt/gb_RHSA-2010_0812-01_thunderbird.nasl
2010-11-04Name : Fedora Update for firefox FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_firefox_fc13.nasl
2010-11-04Name : Fedora Update for galeon FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_galeon_fc13.nasl
2010-11-04Name : Fedora Update for gnome-python2-extras FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_gnome-python2-extras_fc13.nasl
2010-11-04Name : Fedora Update for gnome-web-photo FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_gnome-web-photo_fc13.nasl
2010-11-04Name : Fedora Update for mozvoikko FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_mozvoikko_fc13.nasl
2010-11-04Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_perl-Gtk2-MozEmbed_fc13.nasl
2010-11-04Name : Fedora Update for xulrunner FEDORA-2010-16593
File : nvt/gb_fedora_2010_16593_xulrunner_fc13.nasl
2010-11-04Name : Fedora Update for firefox FEDORA-2010-16883
File : nvt/gb_fedora_2010_16883_firefox_fc13.nasl
2010-11-04Name : Fedora Update for galeon FEDORA-2010-16883
File : nvt/gb_fedora_2010_16883_galeon_fc13.nasl
2010-11-04Name : Fedora Update for gnome-python2-extras FEDORA-2010-16883
File : nvt/gb_fedora_2010_16883_gnome-python2-extras_fc13.nasl
2010-11-04Name : Fedora Update for gnome-web-photo FEDORA-2010-16883
File : nvt/gb_fedora_2010_16883_gnome-web-photo_fc13.nasl
2010-11-04Name : Fedora Update for mozvoikko FEDORA-2010-16883
File : nvt/gb_fedora_2010_16883_mozvoikko_fc13.nasl
2010-11-04Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16883
File : nvt/gb_fedora_2010_16883_perl-Gtk2-MozEmbed_fc13.nasl
2010-11-04Name : Fedora Update for xulrunner FEDORA-2010-16883
File : nvt/gb_fedora_2010_16883_xulrunner_fc13.nasl
2010-11-04Name : CentOS Update for thunderbird CESA-2010:0780 centos4 i386
File : nvt/gb_CESA-2010_0780_thunderbird_centos4_i386.nasl
2010-11-04Name : CentOS Update for seamonkey CESA-2010:0781 centos3 i386
File : nvt/gb_CESA-2010_0781_seamonkey_centos3_i386.nasl
2010-11-04Name : CentOS Update for seamonkey CESA-2010:0781 centos4 i386
File : nvt/gb_CESA-2010_0781_seamonkey_centos4_i386.nasl
2010-11-04Name : CentOS Update for firefox CESA-2010:0782 centos4 i386
File : nvt/gb_CESA-2010_0782_firefox_centos4_i386.nasl
2010-11-04Name : Mandriva Update for xulrunner MDVSA-2010:213 (xulrunner)
File : nvt/gb_mandriva_MDVSA_2010_213.nasl
2010-11-04Name : CentOS Update for firefox CESA-2010:0808 centos4 i386
File : nvt/gb_CESA-2010_0808_firefox_centos4_i386.nasl
2010-11-04Name : CentOS Update for seamonkey CESA-2010:0810 centos3 i386
File : nvt/gb_CESA-2010_0810_seamonkey_centos3_i386.nasl
2010-11-04Name : CentOS Update for seamonkey CESA-2010:0810 centos4 i386
File : nvt/gb_CESA-2010_0810_seamonkey_centos4_i386.nasl
2010-11-02Name : Mozilla Firefox Unspecified Vulnerability Oct-10 (Windows)
File : nvt/gb_firefox_unspecified_vuln_oct10_win.nasl
2010-10-28Name : Mozilla Products Multiple Vulnerabilities October-10 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_win_oct10.nasl
2010-10-28Name : Mozilla Products Multiple Unspecified Vulnerabilities (Windows)
File : nvt/gb_mozilla_prdts_mult_unspecified_vuln_win.nasl
2010-10-28Name : Mozilla Products Multiple Unspecified Vulnerabilities October-10(Windows)
File : nvt/gb_mozilla_prdts_mult_unspecified_vuln_win01.nasl
2010-10-26Name : Mandriva Update for firefox MDVSA-2010:210 (firefox)
File : nvt/gb_mandriva_MDVSA_2010_210.nasl
2010-10-26Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:211 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2010_211.nasl
2010-10-22Name : RedHat Update for thunderbird RHSA-2010:0780-01
File : nvt/gb_RHSA-2010_0780-01_thunderbird.nasl
2010-10-22Name : RedHat Update for seamonkey RHSA-2010:0781-01
File : nvt/gb_RHSA-2010_0781-01_seamonkey.nasl
2010-10-22Name : RedHat Update for firefox RHSA-2010:0782-01
File : nvt/gb_RHSA-2010_0782-01_firefox.nasl
2010-10-22Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-997-1
File : nvt/gb_ubuntu_USN_997_1.nasl
2010-10-22Name : Ubuntu Update for thunderbird vulnerabilities USN-998-1
File : nvt/gb_ubuntu_USN_998_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
68921Mozilla Thunderbird DOM Insertion document.write() Unspecified Overflow
68905Mozilla Firefox DOM Insertion document.write() Unspecified Overflow
68854Mozilla Multiple Products LookupGetterOrSetter Function window.__lookupGetter...
68853Mozilla Multiple Products on Linux Unspecified Application-launch Script LD_L...
68851Mozilla Multiple Products nsBarProp Function Use-after-free Closed Window loc...
68850Mozilla Multiple Products Text-rendering document.write Method Long Argument ...
68849Mozilla Multiple Products Javascript: URL Modal Call Crafted HTML Document Sa...
68847Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corrupti...
68846Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corrupti...

Snort® IPS/IDS

DateDescription
2014-01-10Mozilla Firefox appendChild use-after-free attempt
RuleID : 21363 - Revision : 5 - Type : BROWSER-FIREFOX
2014-01-10Mozilla Firefox appendChild use-after-free attempt
RuleID : 19292 - Revision : 5 - Type : BROWSER-FIREFOX
2014-01-10Mozilla Firefox html tag attributes memory corruption
RuleID : 19078 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10Mozilla Firefox appendChild use-after-free attempt
RuleID : 19077 - Revision : 7 - Type : BROWSER-FIREFOX
2014-01-10Mozilla Firefox appendChild use-after-free attempt
RuleID : 19076 - Revision : 7 - Type : BROWSER-FIREFOX
2014-01-10Mozilla Firefox html tag attributes memory corruption
RuleID : 17804 - Revision : 7 - Type : BROWSER-FIREFOX

Metasploit Database

idDescription
2010-10-25 Mozilla Firefox Interleaved document.write/appendChild Memory Corruption

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_seamonkey-101021.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_seamonkey-101028.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-101029.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-101028.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0780.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0781.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0782.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0808.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0809.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0810.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0812.nasl - Type : ACT_GATHER_INFO
2013-01-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101019_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101019_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20101019_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20101027_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101027_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101027_xulrunner_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101110_firefox_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20101117_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner191-101118.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-101103.nasl - Type : ACT_GATHER_INFO
2010-11-24Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0780.nasl - Type : ACT_GATHER_INFO
2010-11-24Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0781.nasl - Type : ACT_GATHER_INFO
2010-11-24Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0782.nasl - Type : ACT_GATHER_INFO
2010-11-24Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0808.nasl - Type : ACT_GATHER_INFO
2010-11-24Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0809.nasl - Type : ACT_GATHER_INFO
2010-11-24Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0810.nasl - Type : ACT_GATHER_INFO
2010-11-24Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0812.nasl - Type : ACT_GATHER_INFO
2010-11-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0861.nasl - Type : ACT_GATHER_INFO
2010-11-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0896.nasl - Type : ACT_GATHER_INFO
2010-11-05Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7208.nasl - Type : ACT_GATHER_INFO
2010-11-03Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2010-11-03Name : The remote Fedora host is missing a security update.
File : fedora_2010-17105.nasl - Type : ACT_GATHER_INFO
2010-11-03Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-101028.nasl - Type : ACT_GATHER_INFO
2010-11-03Name : The remote openSUSE host is missing a security update.
File : suse_11_2_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO
2010-11-03Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-101028.nasl - Type : ACT_GATHER_INFO
2010-11-03Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-101028.nasl - Type : ACT_GATHER_INFO
2010-11-03Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-101028.nasl - Type : ACT_GATHER_INFO
2010-11-03Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-101028.nasl - Type : ACT_GATHER_INFO
2010-11-03Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-101028.nasl - Type : ACT_GATHER_INFO
2010-11-03Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2124.nasl - Type : ACT_GATHER_INFO
2010-11-02Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-219.nasl - Type : ACT_GATHER_INFO
2010-11-01Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-16885.nasl - Type : ACT_GATHER_INFO
2010-11-01Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-305-01.nasl - Type : ACT_GATHER_INFO
2010-10-29Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-16897.nasl - Type : ACT_GATHER_INFO
2010-10-29Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1011-2.nasl - Type : ACT_GATHER_INFO
2010-10-29Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1011-3.nasl - Type : ACT_GATHER_INFO
2010-10-29Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0812.nasl - Type : ACT_GATHER_INFO
2010-10-29Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c223b00de27211df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-10-29Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-213.nasl - Type : ACT_GATHER_INFO
2010-10-29Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-16883.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote Windows host contains a web browser affected by a buffer overflow ...
File : mozilla_firefox_3515.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1011-1.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote Windows host contains a web browser affected by a buffer overflow ...
File : mozilla_firefox_3612.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-101021.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0808.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0809.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0810.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote Windows host contains a mail client that is affected by a buffer o...
File : mozilla_thunderbird_3010.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote Windows host contains a mail client that is affected by buffer ove...
File : mozilla_thunderbird_316.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-101022.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-101021.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-16593.nasl - Type : ACT_GATHER_INFO
2010-10-28Name : The remote Windows host contains a web browser affected by a buffer overflow ...
File : seamonkey_2010.nasl - Type : ACT_GATHER_INFO
2010-10-24Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-210.nasl - Type : ACT_GATHER_INFO
2010-10-24Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-211.nasl - Type : ACT_GATHER_INFO
2010-10-21Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-997-1.nasl - Type : ACT_GATHER_INFO
2010-10-21Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-998-1.nasl - Type : ACT_GATHER_INFO
2010-10-21Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3514.nasl - Type : ACT_GATHER_INFO
2010-10-21Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3611.nasl - Type : ACT_GATHER_INFO
2010-10-21Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_309.nasl - Type : ACT_GATHER_INFO
2010-10-21Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_315.nasl - Type : ACT_GATHER_INFO
2010-10-21Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c4f067b9dc4a11df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-10-21Name : The remote Windows host contains a web browser that is affected by multiple v...
File : seamonkey_209.nasl - Type : ACT_GATHER_INFO
2010-10-20Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0780.nasl - Type : ACT_GATHER_INFO
2010-10-20Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0781.nasl - Type : ACT_GATHER_INFO
2010-10-20Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0782.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:54:05
  • Multiple Updates