Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Titleseamonkey security update
Informations
NameRHSA-2011:0888First vendor Publication2011-06-21
VendorRedHatLast vendor Modification2011-06-21
Severity (Vendor) CriticalRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated seamonkey packages that fix several security issues are now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor.

A flaw was found in the way SeaMonkey handled malformed JPEG images. A website containing a malicious JPEG image could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2377)

Multiple dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376)

An integer overflow flaw was found in the way SeaMonkey handled JavaScript Array objects. A website containing malicious JavaScript could cause SeaMonkey to execute that JavaScript with the privileges of the user running SeaMonkey. (CVE-2011-2371)

A use-after-free flaw was found in the way SeaMonkey handled malformed JavaScript. A website containing malicious JavaScript could cause SeaMonkey to execute that JavaScript with the privileges of the user running SeaMonkey. (CVE-2011-2373)

It was found that SeaMonkey could treat two separate cookies as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain. (CVE-2011-2362)

All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

714576 - CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376 Mozilla Miscellaneous memory safety hazards (MFSA 2011-19) 714577 - CVE-2011-2373 Mozilla Use-after-free vulnerability when viewing XUL document with script disabled (MFSA 2011-20) 714580 - CVE-2011-2371 Mozilla Integer overflow and arbitrary code execution (MFSA 2011-22) 714581 - CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 Mozilla Multiple dangling pointer vulnerabilities (MFSA 2011-23) 714583 - CVE-2011-2362 Mozilla Cookie isolation error (MFSA 2011-24) 714929 - CVE-2011-2377 Mozilla Crash caused by corrupted JPEG image (MFSA 2011-21)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2011-0888.html

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors
CWE-264Permissions, Privileges, and Access Controls
CWE-189Numeric Errors (CWE/SANS Top 25)
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-94Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13543
 
Oval ID: oval:org.mitre.oval:def:13543
Title: Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
Description: Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0083
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14432
 
Oval ID: oval:org.mitre.oval:def:14432
Title: Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.
Description: Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0085
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14152
 
Oval ID: oval:org.mitre.oval:def:14152
Title: USN-1149-1 -- firefox, xulrunner-1.9.2 vulnerabilities
Description: firefox: safe and easy web browser from Mozilla - xulrunner-1.9.2: XUL + XPCOM application runner Multiple Vulnerabilities were fixed in Firefox and Xulrunner
Family: unix Class: patch
Reference(s): USN-1149-1
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2376
CVE-2011-2373
CVE-2011-2377
CVE-2011-2371
CVE-2011-0083
CVE-2011-0085
CVE-2011-2363
CVE-2011-2362
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
Product(s): firefox
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13980
 
Oval ID: oval:org.mitre.oval:def:13980
Title: USN-1149-2 -- firefox regression
Description: firefox: safe and easy web browser from Mozilla Details: USN-1149-1 fixed vulnerabilities in Firefox. Unfortunately, a regression was introduced that prevented cookies from being stored properly when the hostname was a single character. This update fixes the problem. We apologize for the inconvenience. Original advisory In rare instances, Firefox could have trouble accessing some websites.
Family: unix Class: patch
Reference(s): USN-1149-2
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2376
CVE-2011-2373
CVE-2011-2377
CVE-2011-2371
CVE-2011-0083
CVE-2011-0085
CVE-2011-2363
CVE-2011-2362
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13693
 
Oval ID: oval:org.mitre.oval:def:13693
Title: Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.
Description: Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2362
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13635
 
Oval ID: oval:org.mitre.oval:def:13635
Title: USN-1150-1 -- thunderbird vulnerabilities
Description: thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities were fixed in Thunderbird.
Family: unix Class: patch
Reference(s): USN-1150-1
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2376
CVE-2011-2373
CVE-2011-2377
CVE-2011-2371
CVE-2011-0083
CVE-2011-0085
CVE-2011-2363
CVE-2011-2362
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14046
 
Oval ID: oval:org.mitre.oval:def:14046
Title: Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
Description: Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2363
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13318
 
Oval ID: oval:org.mitre.oval:def:13318
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2364
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14184
 
Oval ID: oval:org.mitre.oval:def:14184
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2365
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13987
 
Oval ID: oval:org.mitre.oval:def:13987
Title: Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
Description: Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2371
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14178
 
Oval ID: oval:org.mitre.oval:def:14178
Title: Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
Description: Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2373
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14123
 
Oval ID: oval:org.mitre.oval:def:14123
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2374
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14071
 
Oval ID: oval:org.mitre.oval:def:14071
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2375
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20220
 
Oval ID: oval:org.mitre.oval:def:20220
Title: DSA-2273-3 icedove - multiple issues
Description: Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
Family: unix Class: patch
Reference(s): DSA-2273-3
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2376
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14396
 
Oval ID: oval:org.mitre.oval:def:14396
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2376
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13034
 
Oval ID: oval:org.mitre.oval:def:13034
Title: DSA-2268-1 iceweasel -- several
Description: Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated. CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2268-1
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2376
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12781
 
Oval ID: oval:org.mitre.oval:def:12781
Title: DSA-2269-1 iceape -- several
Description: Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated. CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code. The oldstable distribution is not affected. The iceape package only provides the XPCOM code.
Family: unix Class: patch
Reference(s): DSA-2269-1
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2376
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): iceape
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13872
 
Oval ID: oval:org.mitre.oval:def:13872
Title: Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.
Description: Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2377
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22026
 
Oval ID: oval:org.mitre.oval:def:22026
Title: RHSA-2011:0887: thunderbird security update (Critical)
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: unix Class: patch
Reference(s): RHSA-2011:0887-01
CESA-2011:0887
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
Version: 172
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21772
 
Oval ID: oval:org.mitre.oval:def:21772
Title: RHSA-2011:0886: thunderbird security update (Critical)
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: unix Class: patch
Reference(s): RHSA-2011:0886-01
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
Version: 146
Platform(s): Red Hat Enterprise Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21435
 
Oval ID: oval:org.mitre.oval:def:21435
Title: RHSA-2011:0885: firefox security and bug fix update (Critical)
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: unix Class: patch
Reference(s): RHSA-2011:0885-01
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
Version: 172
Platform(s): Red Hat Enterprise Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14401
 
Oval ID: oval:org.mitre.oval:def:14401
Title: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2605
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23741
 
Oval ID: oval:org.mitre.oval:def:23741
Title: ELSA-2011:0886: thunderbird security update (Critical)
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: unix Class: patch
Reference(s): ELSA-2011:0886-01
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
Version: 49
Platform(s): Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23411
 
Oval ID: oval:org.mitre.oval:def:23411
Title: ELSA-2011:0885: firefox security and bug fix update (Critical)
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: unix Class: patch
Reference(s): ELSA-2011:0885-01
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
Version: 57
Platform(s): Oracle Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23271
 
Oval ID: oval:org.mitre.oval:def:23271
Title: ELSA-2011:0887: thunderbird security update (Critical)
Description: CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
Family: unix Class: patch
Reference(s): ELSA-2011:0887-01
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
Version: 57
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28020
 
Oval ID: oval:org.mitre.oval:def:28020
Title: ELSA-2011-0886 -- thunderbird security update (critical)
Description: [3.1.11-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.11-2] - Update to 3.1.11
Family: unix Class: patch
Reference(s): ELSA-2011-0886
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2375
CVE-2011-2376
CVE-2011-2377
CVE-2011-2605
Version: 1
Platform(s): Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application122
Application59
Application85

ExploitDB Exploits

idDescription
2012-02-27Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit
2011-10-12Mozilla Firefox Array.reduceRight() Integer Overflow Exploit

OpenVAS Exploits

DateDescription
2012-07-30Name : CentOS Update for firefox CESA-2011:0885 centos4 x86_64
File : nvt/gb_CESA-2011_0885_firefox_centos4_x86_64.nasl
2012-07-30Name : CentOS Update for firefox CESA-2011:0885 centos5 x86_64
File : nvt/gb_CESA-2011_0885_firefox_centos5_x86_64.nasl
2012-07-30Name : CentOS Update for thunderbird CESA-2011:0887 centos4 x86_64
File : nvt/gb_CESA-2011_0887_thunderbird_centos4_x86_64.nasl
2012-07-30Name : CentOS Update for thunderbird CESA-2011:0887 centos5 x86_64
File : nvt/gb_CESA-2011_0887_thunderbird_centos5_x86_64.nasl
2012-07-30Name : CentOS Update for seamonkey CESA-2011:0888 centos4 x86_64
File : nvt/gb_CESA-2011_0888_seamonkey_centos4_x86_64.nasl
2012-06-06Name : RedHat Update for thunderbird RHSA-2011:0886-01
File : nvt/gb_RHSA-2011_0886-01_thunderbird.nasl
2011-08-18Name : SuSE Update for MozillaFirefox,MozillaThunderbird SUSE-SA:2011:028
File : nvt/gb_suse_2011_028.nasl
2011-08-18Name : CentOS Update for firefox CESA-2011:0885 centos4 i386
File : nvt/gb_CESA-2011_0885_firefox_centos4_i386.nasl
2011-08-18Name : CentOS Update for thunderbird CESA-2011:0887 centos4 i386
File : nvt/gb_CESA-2011_0887_thunderbird_centos4_i386.nasl
2011-08-18Name : CentOS Update for seamonkey CESA-2011:0888 centos4 i386
File : nvt/gb_CESA-2011_0888_seamonkey_centos4_i386.nasl
2011-08-09Name : CentOS Update for firefox CESA-2011:0885 centos5 i386
File : nvt/gb_CESA-2011_0885_firefox_centos5_i386.nasl
2011-08-09Name : CentOS Update for thunderbird CESA-2011:0887 centos5 i386
File : nvt/gb_CESA-2011_0887_thunderbird_centos5_i386.nasl
2011-08-03Name : Debian Security Advisory DSA 2268-1 (iceweasel)
File : nvt/deb_2268_1.nasl
2011-08-03Name : Debian Security Advisory DSA 2269-1 (iceape)
File : nvt/deb_2269_1.nasl
2011-08-03Name : Debian Security Advisory DSA 2273-1 (icedove)
File : nvt/deb_2273_1.nasl
2011-08-03Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox57.nasl
2011-07-18Name : Ubuntu Update for thunderbird USN-1150-1
File : nvt/gb_ubuntu_USN_1150_1.nasl
2011-07-08Name : Ubuntu Update for firefox USN-1149-2
File : nvt/gb_ubuntu_USN_1149_2.nasl
2011-07-07Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01
File : nvt/gb_mozilla_prdts_mult_vuln_win01_jul11.nasl
2011-07-07Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02
File : nvt/gb_mozilla_prdts_mult_vuln_win02_jul11.nasl
2011-07-07Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03
File : nvt/gb_mozilla_prdts_mult_vuln_win03_jul11.nasl
2011-07-07Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 04
File : nvt/gb_mozilla_prdts_mult_vuln_win04_jul11.nasl
2011-07-07Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_win_jul11.nasl
2011-07-07Name : Mozilla Products Multiple Denial of Service Vulnerabilities July-11 (Windows)
File : nvt/gb_mozilla_prdts_mult_dos_vuln_win_jul11.nasl
2011-06-24Name : Mandriva Update for mozilla MDVSA-2011:111 (mozilla)
File : nvt/gb_mandriva_MDVSA_2011_111.nasl
2011-06-24Name : Ubuntu Update for firefox USN-1149-1
File : nvt/gb_ubuntu_USN_1149_1.nasl
2011-06-24Name : Ubuntu Update for firefox USN-1157-1
File : nvt/gb_ubuntu_USN_1157_1.nasl
2011-06-24Name : Ubuntu Update for mozvoikko USN-1157-2
File : nvt/gb_ubuntu_USN_1157_2.nasl
2011-06-24Name : Ubuntu Update for firefox USN-1157-3
File : nvt/gb_ubuntu_USN_1157_3.nasl
2011-06-24Name : RedHat Update for firefox RHSA-2011:0885-01
File : nvt/gb_RHSA-2011_0885-01_firefox.nasl
2011-06-24Name : RedHat Update for thunderbird RHSA-2011:0887-01
File : nvt/gb_RHSA-2011_0887-01_thunderbird.nasl
2011-06-24Name : RedHat Update for seamonkey RHSA-2011:0888-01
File : nvt/gb_RHSA-2011_0888-01_seamonkey.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
74319Mozilla Multiple Products netwerk/cookie/nsCookieService.cpp nsCookieService:...
73188Mozilla Multiple Products Trailing Dot Cookie Cross-domain Information Disclo...
73187Mozilla Multiple Products nsXULCommandDispatcher.cpp Use-after-free Remote Co...
73186Mozilla Multiple Products nsSVGPointList::AppendElement() Use-after-free Remo...
73185Mozilla Multiple Products nsSVGPathSegList::ReplaceItem() Use-after-free Remo...
73184Mozilla Multiple Products Array.reduceRight() Method Overflow
73183Mozilla Multiple Products multipart/x-mixed-replace Image Handling Memory Cor...
73182Mozilla Multiple Products XUL Document Handling Use-after-free Arbitrary Code...
73181Mozilla Multiple Products Unspecified DoS (2011-2365)
73180Mozilla Multiple Products Unspecified DoS (2011-2364)
73179Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2376)
73178Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2375)
73177Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2374)

Snort® IPS/IDS

DateDescription
2014-03-08Mozilla Array.reduceRight integer overflow attempt
RuleID : 29625 - Revision : 1 - Type : BROWSER-FIREFOX
2014-03-08Mozilla Array.reduceRight integer overflow attempt
RuleID : 29624 - Revision : 1 - Type : BROWSER-FIREFOX
2014-01-10Mozilla Array.reduceRight integer overflow
RuleID : 24188 - Revision : 2 - Type : BROWSER-FIREFOX
2014-01-10Mozilla Array.reduceRight integer overflow
RuleID : 24187 - Revision : 2 - Type : BROWSER-FIREFOX
2014-01-10Phoenix exploit kit post-compromise behavior
RuleID : 21860 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10Phoenix exploit kit landing page
RuleID : 21640 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10Mozilla Array.reduceRight integer overflow
RuleID : 19714 - Revision : 3 - Type : BROWSER-FIREFOX
2014-01-10Mozilla Array.reduceRight integer overflow
RuleID : 19713 - Revision : 3 - Type : BROWSER-FIREFOX

Metasploit Database

idDescription
2011-06-21 Mozilla Firefox Array.reduceRight() Integer Overflow

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_mozilla-js192-110622.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_MozillaThunderbird-110628.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-110622.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-110627.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0885.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0886.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0887.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0888.nasl - Type : ACT_GATHER_INFO
2013-01-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110621_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110621_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20110621_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing a security update.
File : sl_20110621_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7596.nasl - Type : ACT_GATHER_INFO
2011-08-17Name : The remote Windows host contains a web browser that may be affected by multip...
File : seamonkey_22.nasl - Type : ACT_GATHER_INFO
2011-08-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0888.nasl - Type : ACT_GATHER_INFO
2011-07-18Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1150-1.nasl - Type : ACT_GATHER_INFO
2011-07-07Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2273.nasl - Type : ACT_GATHER_INFO
2011-07-05Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2268.nasl - Type : ACT_GATHER_INFO
2011-07-05Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2269.nasl - Type : ACT_GATHER_INFO
2011-07-01Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7597.nasl - Type : ACT_GATHER_INFO
2011-07-01Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-110628.nasl - Type : ACT_GATHER_INFO
2011-06-30Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1149-2.nasl - Type : ACT_GATHER_INFO
2011-06-24Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_3_6_18.nasl - Type : ACT_GATHER_INFO
2011-06-24Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_5_0.nasl - Type : ACT_GATHER_INFO
2011-06-24Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1157-3.nasl - Type : ACT_GATHER_INFO
2011-06-23Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0885.nasl - Type : ACT_GATHER_INFO
2011-06-23Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2011-0887.nasl - Type : ACT_GATHER_INFO
2011-06-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-111.nasl - Type : ACT_GATHER_INFO
2011-06-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1149-1.nasl - Type : ACT_GATHER_INFO
2011-06-23Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1157-1.nasl - Type : ACT_GATHER_INFO
2011-06-23Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1157-2.nasl - Type : ACT_GATHER_INFO
2011-06-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0885.nasl - Type : ACT_GATHER_INFO
2011-06-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0886.nasl - Type : ACT_GATHER_INFO
2011-06-22Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-0887.nasl - Type : ACT_GATHER_INFO
2011-06-22Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0888.nasl - Type : ACT_GATHER_INFO
2011-06-21Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3618.nasl - Type : ACT_GATHER_INFO
2011-06-21Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_50.nasl - Type : ACT_GATHER_INFO
2011-06-21Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_3111.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:54:50
  • Multiple Updates