Executive Summary

Summary
Titlefirefox security and bug fix update
Informations
NameRHSA-2012:0387First vendor Publication2012-03-14
VendorRedHatLast vendor Modification2012-03-14
Severity (Vendor) CriticalRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated firefox packages that fix multiple security issues and three bugs
are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Mozilla Firefox is an open source web browser.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2012-0461, CVE-2012-0462, CVE-2012-0464)

Two flaws were found in the way Firefox parsed certain Scalable Vector
Graphics (SVG) image files. A web page containing a malicious SVG image
file could cause an information leak, or cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2012-0456, CVE-2012-0457)

A flaw could allow a malicious site to bypass intended restrictions,
possibly leading to a cross-site scripting (XSS) attack if a user were
tricked into dropping a "javascript:" link onto a frame. (CVE-2012-0455)

It was found that the home page could be set to a "javascript:" link. If a
user were tricked into setting such a home page by dragging a link to the
home button, it could cause Firefox to repeatedly crash, eventually
leading to arbitrary code execution with the privileges of the user
running Firefox. (CVE-2012-0458)

A flaw was found in the way Firefox parsed certain web content containing
"cssText". A web page containing malicious content could cause Firefox to
crash or, potentially, execute arbitrary code with the privileges of the
user running Firefox. (CVE-2012-0459)

It was found that by using the DOM fullscreen API, untrusted content could
bypass the mozRequestFullscreen security protections. A web page containing
malicious web content could exploit this API flaw to cause user interface
spoofing. (CVE-2012-0460)

A flaw was found in the way Firefox handled pages with multiple Content
Security Policy (CSP) headers. This could lead to a cross-site scripting
attack if used in conjunction with a website that has a header injection
flaw. (CVE-2012-0451)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 10.0.3 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.

This update also fixes the following bugs:

* When using the Traditional Chinese locale (zh-TW), a segmentation fault
sometimes occurred when closing Firefox. (BZ#729632)

* Inputting any text in the Web Console (Tools -> Web Developer ->
Web Console) caused Firefox to crash. (BZ#784048)

* The java-1.6.0-ibm-plugin and java-1.6.0-sun-plugin packages require the
"/usr/lib/mozilla/plugins/" directory on 32-bit systems, and the
"/usr/lib64/mozilla/plugins/" directory on 64-bit systems. These
directories are created by the xulrunner package; however, they were
missing from the xulrunner package provided by the RHEA-2012:0327 update.
Therefore, upgrading to RHEA-2012:0327 removed those directories, causing
dependency errors when attempting to install the java-1.6.0-ibm-plugin or
java-1.6.0-sun-plugin package. With this update, xulrunner once again
creates the plugins directory. This issue did not affect users of Red Hat
Enterprise Linux

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2012-0387.html

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls
CWE-399Resource Management Errors
CWE-200Information Exposure
CWE-94Failure to Control Generation of Code ('Code Injection')
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14909
 
Oval ID: oval:org.mitre.oval:def:14909
Title: CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers.
Description: CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0451
Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14829
 
Oval ID: oval:org.mitre.oval:def:14829
Title: Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue.
Description: Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0455
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15007
 
Oval ID: oval:org.mitre.oval:def:15007
Title: The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read.
Description: The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0456
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14775
 
Oval ID: oval:org.mitre.oval:def:14775
Title: Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.
Description: Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0457
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15122
 
Oval ID: oval:org.mitre.oval:def:15122
Title: Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.
Description: Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0458
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15066
 
Oval ID: oval:org.mitre.oval:def:15066
Title: The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe.
Description: The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0459
Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15114
 
Oval ID: oval:org.mitre.oval:def:15114
Title: Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page.
Description: Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0460
Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15009
 
Oval ID: oval:org.mitre.oval:def:15009
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0461
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15012
 
Oval ID: oval:org.mitre.oval:def:15012
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0462
Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21392
 
Oval ID: oval:org.mitre.oval:def:21392
Title: RHSA-2012:0388: thunderbird security update (Critical)
Description: Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.
Family: unix Class: patch
Reference(s): RHSA-2012:0388-01
CESA-2012:0388
CVE-2012-0451
CVE-2012-0455
CVE-2012-0456
CVE-2012-0457
CVE-2012-0458
CVE-2012-0459
CVE-2012-0460
CVE-2012-0461
CVE-2012-0462
CVE-2012-0464
Version: 133
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21087
 
Oval ID: oval:org.mitre.oval:def:21087
Title: RHSA-2012:0387: firefox security and bug fix update (Critical)
Description: Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.
Family: unix Class: patch
Reference(s): RHSA-2012:0387-01
CESA-2012:0387
CVE-2012-0451
CVE-2012-0455
CVE-2012-0456
CVE-2012-0457
CVE-2012-0458
CVE-2012-0459
CVE-2012-0460
CVE-2012-0461
CVE-2012-0462
CVE-2012-0464
Version: 133
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14170
 
Oval ID: oval:org.mitre.oval:def:14170
Title: Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.
Description: Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0464
Version: 14
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23382
 
Oval ID: oval:org.mitre.oval:def:23382
Title: ELSA-2012:0388: thunderbird security update (Critical)
Description: Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.
Family: unix Class: patch
Reference(s): ELSA-2012:0388-01
CVE-2012-0451
CVE-2012-0455
CVE-2012-0456
CVE-2012-0457
CVE-2012-0458
CVE-2012-0459
CVE-2012-0460
CVE-2012-0461
CVE-2012-0462
CVE-2012-0464
Version: 42
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23093
 
Oval ID: oval:org.mitre.oval:def:23093
Title: ELSA-2012:0387: firefox security and bug fix update (Critical)
Description: Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.
Family: unix Class: patch
Reference(s): ELSA-2012:0387-01
CVE-2012-0451
CVE-2012-0455
CVE-2012-0456
CVE-2012-0457
CVE-2012-0458
CVE-2012-0459
CVE-2012-0460
CVE-2012-0461
CVE-2012-0462
CVE-2012-0464
Version: 42
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22923
 
Oval ID: oval:org.mitre.oval:def:22923
Title: ELSA-2012:0388: thunderbird security update (Critical)
Description: Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.
Family: unix Class: patch
Reference(s): ELSA-2012:0388-01
CVE-2012-0451
CVE-2012-0455
CVE-2012-0456
CVE-2012-0457
CVE-2012-0458
CVE-2012-0459
CVE-2012-0460
CVE-2012-0461
CVE-2012-0462
CVE-2012-0464
Version: 42
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22729
 
Oval ID: oval:org.mitre.oval:def:22729
Title: ELSA-2012:0387: firefox security and bug fix update (Critical)
Description: Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.
Family: unix Class: patch
Reference(s): ELSA-2012:0387-01
CVE-2012-0451
CVE-2012-0455
CVE-2012-0456
CVE-2012-0457
CVE-2012-0458
CVE-2012-0459
CVE-2012-0460
CVE-2012-0461
CVE-2012-0462
CVE-2012-0464
Version: 42
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application213
Application3
Application100
Application103
Application3

OpenVAS Exploits

DateDescription
2013-09-18Name : Debian Security Advisory DSA 2458-2 (iceape - several vulnerabilities
File : nvt/deb_2458_2.nasl
2012-08-03Name : Mandriva Update for mozilla MDVSA-2012:032 (mozilla)
File : nvt/gb_mandriva_MDVSA_2012_032.nasl
2012-08-03Name : Mandriva Update for mozilla MDVSA-2012:032-1 (mozilla)
File : nvt/gb_mandriva_MDVSA_2012_032_1.nasl
2012-07-30Name : CentOS Update for firefox CESA-2012:0387 centos5
File : nvt/gb_CESA-2012_0387_firefox_centos5.nasl
2012-07-30Name : CentOS Update for firefox CESA-2012:0387 centos6
File : nvt/gb_CESA-2012_0387_firefox_centos6.nasl
2012-07-30Name : CentOS Update for thunderbird CESA-2012:0388 centos5
File : nvt/gb_CESA-2012_0388_thunderbird_centos5.nasl
2012-07-30Name : CentOS Update for thunderbird CESA-2012:0388 centos6
File : nvt/gb_CESA-2012_0388_thunderbird_centos6.nasl
2012-07-09Name : RedHat Update for thunderbird RHSA-2012:0388-01
File : nvt/gb_RHSA-2012_0388-01_thunderbird.nasl
2012-04-30Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox66.nasl
2012-04-30Name : Debian Security Advisory DSA 2433-1 (iceweasel)
File : nvt/deb_2433_1.nasl
2012-04-30Name : Debian Security Advisory DSA 2437-1 (icedove)
File : nvt/deb_2437_1.nasl
2012-04-23Name : Ubuntu Update for gsettings-desktop-schemas USN-1400-5
File : nvt/gb_ubuntu_USN_1400_5.nasl
2012-04-05Name : Ubuntu Update for thunderbird USN-1400-4
File : nvt/gb_ubuntu_USN_1400_4.nasl
2012-03-26Name : Ubuntu Update for thunderbird USN-1401-2
File : nvt/gb_ubuntu_USN_1401_2.nasl
2012-03-22Name : Ubuntu Update for thunderbird USN-1400-3
File : nvt/gb_ubuntu_USN_1400_3.nasl
2012-03-22Name : Ubuntu Update for xulrunner-1.9.2 USN-1401-1
File : nvt/gb_ubuntu_USN_1401_1.nasl
2012-03-20Name : Mozilla Products Multiple Vulnerabilities - Mar12 (Mac OS X 01)
File : nvt/gb_mozilla_prdts_mult_vuln_mar12_macosx01.nasl
2012-03-19Name : Mozilla Products Multiple Vulnerabilities - Mar12 (Mac OS X)
File : nvt/gb_mozilla_prdts_mult_vuln_mar12_macosx.nasl
2012-03-19Name : Mozilla Products Multiple Vulnerabilities - Mar12 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_mar12_win.nasl
2012-03-19Name : Mozilla Products Multiple Vulnerabilities - Mar12 (Win 01)
File : nvt/gb_mozilla_prdts_mult_vuln_mar12_win01.nasl
2012-03-19Name : Ubuntu Update for firefox USN-1400-1
File : nvt/gb_ubuntu_USN_1400_1.nasl
2012-03-19Name : Ubuntu Update for ubufox USN-1400-2
File : nvt/gb_ubuntu_USN_1400_2.nasl
2012-03-16Name : RedHat Update for firefox RHSA-2012:0387-01
File : nvt/gb_RHSA-2012_0387-01_firefox.nasl

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0387.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2012-0388.nasl - Type : ACT_GATHER_INFO
2013-01-08Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120314_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120314_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-04-25Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2458.nasl - Type : ACT_GATHER_INFO
2012-04-20Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1400-5.nasl - Type : ACT_GATHER_INFO
2012-04-18Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-032.nasl - Type : ACT_GATHER_INFO
2012-04-04Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1400-4.nasl - Type : ACT_GATHER_INFO
2012-03-29Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_firefox-201203-8029.nasl - Type : ACT_GATHER_INFO
2012-03-29Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-120320.nasl - Type : ACT_GATHER_INFO
2012-03-26Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1401-2.nasl - Type : ACT_GATHER_INFO
2012-03-22Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2437.nasl - Type : ACT_GATHER_INFO
2012-03-22Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1400-3.nasl - Type : ACT_GATHER_INFO
2012-03-20Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1401-1.nasl - Type : ACT_GATHER_INFO
2012-03-19Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1400-1.nasl - Type : ACT_GATHER_INFO
2012-03-19Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1400-2.nasl - Type : ACT_GATHER_INFO
2012-03-16Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2433.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Windows host contains a web browser that is affected by multiple v...
File : seamonkey_28.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Mac OS X host contains a mail client that is potentially affected ...
File : macosx_thunderbird_10_0_3.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_10_0_3.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3628.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Mac OS X host contains a mail client that is potentially affected ...
File : macosx_thunderbird_3_1_20.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Windows host contains a mail client that is potentially affected b...
File : mozilla_thunderbird_1003.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_3_6_28.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Windows host contains a mail client that is potentially affected b...
File : mozilla_thunderbird_3120.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0387.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2012-0388.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_1003.nasl - Type : ACT_GATHER_INFO
2012-03-15Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_a1050b8b6db311e18b370011856a6e37.nasl - Type : ACT_GATHER_INFO
2012-03-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0387.nasl - Type : ACT_GATHER_INFO
2012-03-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0388.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:55:47
  • Multiple Updates