Executive Summary
Summary | |
---|---|
Title | thunderbird security update |
Informations | |||
---|---|---|---|
Name | RHSA-2012:1351 | First vendor Publication | 2012-10-09 |
Vendor | RedHat | Last vendor Modification | 2012-10-09 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188) Two flaws in Thunderbird could allow malicious content to bypass intended restrictions, possibly leading to information disclosure, or Thunderbird executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution. (CVE-2012-3986, CVE-2012-3991) Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, script injection, or spoofing attacks. (CVE-2012-1956, CVE-2012-3992, CVE-2012-3994) Two flaws were found in the way Chrome Object Wrappers were implemented. Malicious content could be used to perform cross-site scripting attacks or cause Thunderbird to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili, miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White, moz_bug_r_a4, and Mariusz Mlynski as the original reporters of these issues. Note: None of the issues in this advisory can be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.8 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 851912 - CVE-2012-1956 Mozilla: Location object can be shadowed using Object.defineProperty (MFSA 2012-59) 863614 - CVE-2012-3982 Mozilla: Miscellaneous memory safety hazards (rv:10.0.8) (MFSA 2012-74) 863618 - CVE-2012-3986 Mozilla: Some DOMWindowUtils methods bypass security checks (MFSA 2012-77) 863619 - CVE-2012-3988 Mozilla: DOS and crash with full screen and history navigation (MFSA 2012-79) 863621 - CVE-2012-3991 Mozilla: GetProperty function can bypass security checks (MFSA 2012-81) 863622 - CVE-2012-3994 Mozilla: top object and location property accessible by plugins (MFSA 2012-82) 863623 - CVE-2012-3993 CVE-2012-4184 Mozilla: Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties (MFSA 2012-83) 863624 - CVE-2012-3992 Mozilla: Spoofing and script injection through location.hash (MFSA 2012-84) 863625 - CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85) 863626 - CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86) 863628 - CVE-2012-3990 Mozilla: Use-after-free in the IME State Manager (MFSA 2012-87) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2012-1351.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
32 % | CWE-416 | Use After Free |
26 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
21 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
5 % | CWE-269 | Improper Privilege Management |
5 % | CWE-264 | Permissions, Privileges, and Access Controls |
5 % | CWE-125 | Out-of-bounds Read |
5 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16009 | |||
Oval ID: | oval:org.mitre.oval:def:16009 | ||
Title: | Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4185 | Version: | 19 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16191 | |||
Oval ID: | oval:org.mitre.oval:def:16191 | ||
Title: | Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4182 | Version: | 19 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16193 | |||
Oval ID: | oval:org.mitre.oval:def:16193 | ||
Title: | Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Description: | Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4186 | Version: | 19 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16334 | |||
Oval ID: | oval:org.mitre.oval:def:16334 | ||
Title: | Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation. | ||
Description: | Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3988 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16367 | |||
Oval ID: | oval:org.mitre.oval:def:16367 | ||
Title: | Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. | ||
Description: | Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1956 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16425 | |||
Oval ID: | oval:org.mitre.oval:def:16425 | ||
Title: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors. | ||
Description: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4187 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16428 | |||
Oval ID: | oval:org.mitre.oval:def:16428 | ||
Title: | Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Description: | Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4180 | Version: | 19 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16523 | |||
Oval ID: | oval:org.mitre.oval:def:16523 | ||
Title: | Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4181 | Version: | 19 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16612 | |||
Oval ID: | oval:org.mitre.oval:def:16612 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3982 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16642 | |||
Oval ID: | oval:org.mitre.oval:def:16642 | ||
Title: | Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. | ||
Description: | Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3990 | Version: | 19 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16646 | |||
Oval ID: | oval:org.mitre.oval:def:16646 | ||
Title: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. | ||
Description: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3991 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16718 | |||
Oval ID: | oval:org.mitre.oval:def:16718 | ||
Title: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. | ||
Description: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3993 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16798 | |||
Oval ID: | oval:org.mitre.oval:def:16798 | ||
Title: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property. | ||
Description: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3994 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16808 | |||
Oval ID: | oval:org.mitre.oval:def:16808 | ||
Title: | The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Description: | The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3995 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16834 | |||
Oval ID: | oval:org.mitre.oval:def:16834 | ||
Title: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. | ||
Description: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3986 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16850 | |||
Oval ID: | oval:org.mitre.oval:def:16850 | ||
Title: | Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4183 | Version: | 19 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16882 | |||
Oval ID: | oval:org.mitre.oval:def:16882 | ||
Title: | Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4179 | Version: | 19 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16946 | |||
Oval ID: | oval:org.mitre.oval:def:16946 | ||
Title: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Description: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4184 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16964 | |||
Oval ID: | oval:org.mitre.oval:def:16964 | ||
Title: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4188 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16987 | |||
Oval ID: | oval:org.mitre.oval:def:16987 | ||
Title: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. | ||
Description: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3992 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18099 | |||
Oval ID: | oval:org.mitre.oval:def:18099 | ||
Title: | DSA-2569-1 icedove - several | ||
Description: | Multiple vulnerabilities have been discovered in Icedove, Debian's version of the Mozilla Thunderbird mail client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2569-1 CVE-2012-3982 CVE-2012-3986 CVE-2012-3990 CVE-2012-3991 CVE-2012-4179 CVE-2012-4180 CVE-2012-4182 CVE-2012-4186 CVE-2012-4188 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18202 | |||
Oval ID: | oval:org.mitre.oval:def:18202 | ||
Title: | USN-1600-1 -- firefox vulnerabilities | ||
Description: | Multiple security issues were fixed in Firefox. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1600-1 CVE-2012-3982 CVE-2012-3983 CVE-2012-3988 CVE-2012-3989 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-4184 CVE-2012-3990 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 7 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18498 | |||
Oval ID: | oval:org.mitre.oval:def:18498 | ||
Title: | DSA-2565-1 iceweasel - several | ||
Description: | Multiple vulnerabilities have been discovered in Iceweasel, Debian's version of the Mozilla Firefox web browser. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2565-1 CVE-2012-3982 CVE-2012-3986 CVE-2012-3990 CVE-2012-3991 CVE-2012-4179 CVE-2012-4180 CVE-2012-4182 CVE-2012-4186 CVE-2012-4188 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21310 | |||
Oval ID: | oval:org.mitre.oval:def:21310 | ||
Title: | RHSA-2012:1351: thunderbird security update (Critical) | ||
Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1351-01 CESA-2012:1351 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 263 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21541 | |||
Oval ID: | oval:org.mitre.oval:def:21541 | ||
Title: | RHSA-2012:1350: firefox security and bug fix update (Critical) | ||
Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1350-01 CESA-2012:1350 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 263 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23162 | |||
Oval ID: | oval:org.mitre.oval:def:23162 | ||
Title: | DEPRECATED: ELSA-2012:1350: firefox security and bug fix update (Critical) | ||
Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1350-01 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 86 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23279 | |||
Oval ID: | oval:org.mitre.oval:def:23279 | ||
Title: | DEPRECATED: ELSA-2012:1351: thunderbird security update (Critical) | ||
Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1351-01 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 86 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23317 | |||
Oval ID: | oval:org.mitre.oval:def:23317 | ||
Title: | ELSA-2012:1350: firefox security and bug fix update (Critical) | ||
Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1350-01 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 85 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23475 | |||
Oval ID: | oval:org.mitre.oval:def:23475 | ||
Title: | ELSA-2012:1351: thunderbird security update (Critical) | ||
Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1351-01 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 85 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27459 | |||
Oval ID: | oval:org.mitre.oval:def:27459 | ||
Title: | DEPRECATED: ELSA-2012-1351 -- thunderbird security update (critical) | ||
Description: | [10.0.8-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.8-1] - Update to 10.0.8 ESR | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-1351 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27697 | |||
Oval ID: | oval:org.mitre.oval:def:27697 | ||
Title: | DEPRECATED: ELSA-2012-1350 -- firefox security and bug fix update (critical) | ||
Description: | firefox [10.0.8-1.0.2.el6_3] - Updated firefox-oracle-default-prefs.js based on latest firefox-redhat-default-prefs.js [10.0.8-1.0.1.el6_3] - Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js [10.0.8-1] - Update to 10.0.8 ESR xulrunner [10.0.8-1.0.1.el6_3] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.8-1] - Update to 10.0.8 ESR | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-1350 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2013-12-24 | Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution |
OpenVAS Exploits
Date | Description |
---|---|
2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1345-1 (MozillaFirefox) File : nvt/gb_suse_2012_1345_1.nasl |
2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox) File : nvt/gb_suse_2012_1064_1.nasl |
2012-11-16 | Name : Debian Security Advisory DSA 2569-1 (icedove) File : nvt/deb_2569_1.nasl |
2012-11-16 | Name : Debian Security Advisory DSA 2572-1 (iceape) File : nvt/deb_2572_1.nasl |
2012-10-29 | Name : Debian Security Advisory DSA 2565-1 (iceweasel) File : nvt/deb_2565_1.nasl |
2012-10-16 | Name : Ubuntu Update for thunderbird USN-1611-1 File : nvt/gb_ubuntu_USN_1611_1.nasl |
2012-10-15 | Name : Mozilla Firefox Multiple Vulnerabilities-01 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln01_oct12_win.nasl |
2012-10-15 | Name : Mozilla Firefox Multiple Vulnerabilities-01 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln01_oct12_macosx.nasl |
2012-10-13 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox70.nasl |
2012-10-11 | Name : CentOS Update for thunderbird CESA-2012:1351 centos5 File : nvt/gb_CESA-2012_1351_thunderbird_centos5.nasl |
2012-10-11 | Name : Ubuntu Update for firefox USN-1600-1 File : nvt/gb_ubuntu_USN_1600_1.nasl |
2012-10-11 | Name : CentOS Update for firefox CESA-2012:1350 centos5 File : nvt/gb_CESA-2012_1350_firefox_centos5.nasl |
2012-10-11 | Name : RedHat Update for thunderbird RHSA-2012:1351-01 File : nvt/gb_RHSA-2012_1351-01_thunderbird.nasl |
2012-10-11 | Name : RedHat Update for firefox RHSA-2012:1350-01 File : nvt/gb_RHSA-2012_1350-01_firefox.nasl |
2012-10-11 | Name : CentOS Update for thunderbird CESA-2012:1351 centos6 File : nvt/gb_CESA-2012_1351_thunderbird_centos6.nasl |
2012-10-11 | Name : CentOS Update for firefox CESA-2012:1350 centos6 File : nvt/gb_CESA-2012_1350_firefox_centos6.nasl |
2012-10-03 | Name : Ubuntu Update for thunderbird USN-1551-2 File : nvt/gb_ubuntu_USN_1551_2.nasl |
2012-09-17 | Name : Ubuntu Update for firefox USN-1548-2 File : nvt/gb_ubuntu_USN_1548_2.nasl |
2012-09-06 | Name : Ubuntu Update for firefox USN-1548-1 File : nvt/gb_ubuntu_USN_1548_1.nasl |
2012-09-04 | Name : Ubuntu Update for thunderbird USN-1551-1 File : nvt/gb_ubuntu_USN_1551_1.nasl |
2012-08-30 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2012:147 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2012_147.nasl |
2012-08-30 | Name : Mozilla Products Memory Corruption Vulnerabilities - August12 (Mac OS X) File : nvt/gb_mozilla_prdts_mem_corr_vuln_aug12_macosx.nasl |
2012-08-30 | Name : Mozilla Products Memory Corruption Vulnerabilities - August12 (Windows) File : nvt/gb_mozilla_prdts_mem_corr_vuln_aug12_win.nasl |
2012-08-30 | Name : Mandriva Update for firefox MDVSA-2012:145 (firefox) File : nvt/gb_mandriva_MDVSA_2012_145.nasl |
2012-08-30 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox69.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2015-09-08 | Mozilla Firefox InstallWrapper error handling code execution attempt RuleID : 35461 - Revision : 2 - Type : BROWSER-FIREFOX |
2015-09-08 | Mozilla Firefox InstallWrapper error handling code execution attempt RuleID : 35460 - Revision : 2 - Type : BROWSER-FIREFOX |
2014-03-06 | WAV processing buffer overflow attempt RuleID : 29546 - Revision : 4 - Type : FILE-MULTIMEDIA |
2014-03-06 | WAV processing buffer overflow attempt RuleID : 29545 - Revision : 4 - Type : FILE-MULTIMEDIA |
2014-03-06 | WAV processing buffer overflow attempt RuleID : 29544 - Revision : 4 - Type : FILE-MULTIMEDIA |
2014-03-06 | WAV processing buffer overflow attempt RuleID : 29543 - Revision : 4 - Type : FILE-MULTIMEDIA |
2014-03-06 | WAV processing buffer overflow attempt RuleID : 29542 - Revision : 3 - Type : FILE-MULTIMEDIA |
2014-03-06 | WAV processing buffer overflow attempt RuleID : 29541 - Revision : 3 - Type : FILE-MULTIMEDIA |
2014-03-06 | WAV processing buffer overflow attempt RuleID : 29540 - Revision : 3 - Type : FILE-MULTIMEDIA |
2014-03-06 | WAV processing buffer overflow attempt RuleID : 29539 - Revision : 3 - Type : FILE-MULTIMEDIA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2012-1351-1.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-709.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-538.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-534.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1350.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-1351.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201208-120831.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201210-121015.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-11-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2572.nasl - Type : ACT_GATHER_INFO |
2012-10-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2569.nasl - Type : ACT_GATHER_INFO |
2012-10-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2565.nasl - Type : ACT_GATHER_INFO |
2012-10-17 | Name : A web browser on the remote host is affected by multiple flaws. File : seamonkey_213.nasl - Type : ACT_GATHER_INFO |
2012-10-17 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_160.nasl - Type : ACT_GATHER_INFO |
2012-10-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-201210-8327.nasl - Type : ACT_GATHER_INFO |
2012-10-17 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_1008.nasl - Type : ACT_GATHER_INFO |
2012-10-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_160.nasl - Type : ACT_GATHER_INFO |
2012-10-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1008.nasl - Type : ACT_GATHER_INFO |
2012-10-17 | Name : The remote Mac OS X host contains a mail client that is affected by multiple ... File : macosx_thunderbird_16_0.nasl - Type : ACT_GATHER_INFO |
2012-10-17 | Name : The remote Mac OS X host contains a mail client that is affected by multiple ... File : macosx_thunderbird_10_0_8.nasl - Type : ACT_GATHER_INFO |
2012-10-17 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_16_0.nasl - Type : ACT_GATHER_INFO |
2012-10-17 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_10_0_8.nasl - Type : ACT_GATHER_INFO |
2012-10-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1611-1.nasl - Type : ACT_GATHER_INFO |
2012-10-11 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6e5a9afd12d311e2b47dc8600054b392.nasl - Type : ACT_GATHER_INFO |
2012-10-11 | Name : The remote Scientific Linux host is missing a security update. File : sl_20121009_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-10-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121009_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-10-11 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-1351.nasl - Type : ACT_GATHER_INFO |
2012-10-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1350.nasl - Type : ACT_GATHER_INFO |
2012-10-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1351.nasl - Type : ACT_GATHER_INFO |
2012-10-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1350.nasl - Type : ACT_GATHER_INFO |
2012-10-10 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1600-1.nasl - Type : ACT_GATHER_INFO |
2012-09-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1551-2.nasl - Type : ACT_GATHER_INFO |
2012-09-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-201208-8269.nasl - Type : ACT_GATHER_INFO |
2012-09-12 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1548-2.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-147.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-145.nasl - Type : ACT_GATHER_INFO |
2012-08-31 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1551-1.nasl - Type : ACT_GATHER_INFO |
2012-08-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2b8cad90f28911e1a21514dae9ebcf89.nasl - Type : ACT_GATHER_INFO |
2012-08-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1548-1.nasl - Type : ACT_GATHER_INFO |
2012-08-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_212.nasl - Type : ACT_GATHER_INFO |
2012-08-29 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_150.nasl - Type : ACT_GATHER_INFO |
2012-08-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_150.nasl - Type : ACT_GATHER_INFO |
2012-08-29 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_15_0.nasl - Type : ACT_GATHER_INFO |
2012-08-29 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_15_0.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:56:25 |
|