Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | firefox security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2013:0820 | First vendor Publication | 2013-05-14 |
| Vendor | RedHat | Last vendor Modification | 2013-05-14 |
| Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 962591 - CVE-2013-0801 Mozilla: Miscellaneous memory safety hazards (rv:17.0.6) (MFSA 2013-41) 962596 - CVE-2013-1670 Mozilla: Privileged access for content level constructor (MFSA 2013-42) 962598 - CVE-2013-1674 Mozilla: Use-after-free with video and onresize event (MFSA 2013-46) 962601 - CVE-2013-1675 Mozilla: Uninitialized functions in DOMSVGZoomEvent (MFSA 2013-47) 962603 - CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48) |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2013-0820.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 40 % | CWE-399 | Resource Management Errors |
| 40 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 10 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 10 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:16577 | |||
| Oval ID: | oval:org.mitre.oval:def:16577 | ||
| Title: | The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors. | ||
| Description: | The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1678 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16956 | |||
| Oval ID: | oval:org.mitre.oval:def:16956 | ||
| Title: | The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Description: | The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1676 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16976 | |||
| Oval ID: | oval:org.mitre.oval:def:16976 | ||
| Title: | Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent sensitive information from process memory via a crafted web site. | ||
| Description: | Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1675 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16979 | |||
| Oval ID: | oval:org.mitre.oval:def:16979 | ||
| Title: | The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Description: | The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1677 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16988 | |||
| Oval ID: | oval:org.mitre.oval:def:16988 | ||
| Title: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1681 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17031 | |||
| Oval ID: | oval:org.mitre.oval:def:17031 | ||
| Title: | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1680 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17046 | |||
| Oval ID: | oval:org.mitre.oval:def:17046 | ||
| Title: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. | ||
| Description: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1670 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17062 | |||
| Oval ID: | oval:org.mitre.oval:def:17062 | ||
| Title: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0801 | Version: | 23 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17085 | |||
| Oval ID: | oval:org.mitre.oval:def:17085 | ||
| Title: | Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1679 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17093 | |||
| Oval ID: | oval:org.mitre.oval:def:17093 | ||
| Title: | USN-1822-1 -- Firefox vulnerabilities | ||
| Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
| Family: | unix | Class: | patch |
| Reference(s): | usn-1822-1 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1671 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 7 |
| Platform(s): | Ubuntu 13.04 Ubuntu 12.04 Ubuntu 12.10 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17147 | |||
| Oval ID: | oval:org.mitre.oval:def:17147 | ||
| Title: | Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video. | ||
| Description: | Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1674 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17825 | |||
| Oval ID: | oval:org.mitre.oval:def:17825 | ||
| Title: | DSA-2699-1 iceweasel - several | ||
| Description: | Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary code, privilege escalation, information leaks or cross-site-scripting. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2699-1 CVE-2013-0773 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 8 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18282 | |||
| Oval ID: | oval:org.mitre.oval:def:18282 | ||
| Title: | USN-1823-1 -- thunderbird vulnerabilities | ||
| Description: | Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1823-1 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 7 |
| Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21038 | |||
| Oval ID: | oval:org.mitre.oval:def:21038 | ||
| Title: | RHSA-2013:0821: thunderbird security update (Important) | ||
| Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0821-01 CESA-2013:0821 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 143 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21139 | |||
| Oval ID: | oval:org.mitre.oval:def:21139 | ||
| Title: | RHSA-2013:0820: firefox security update (Critical) | ||
| Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:0820-01 CESA-2013:0820 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 143 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22889 | |||
| Oval ID: | oval:org.mitre.oval:def:22889 | ||
| Title: | DEPRECATED: ELSA-2013:0821: thunderbird security update (Important) | ||
| Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0821-01 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 46 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22971 | |||
| Oval ID: | oval:org.mitre.oval:def:22971 | ||
| Title: | DEPRECATED: ELSA-2013:0820: firefox security update (Critical) | ||
| Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0820-01 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 46 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23946 | |||
| Oval ID: | oval:org.mitre.oval:def:23946 | ||
| Title: | ELSA-2013:0821: thunderbird security update (Important) | ||
| Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0821-01 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 45 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24014 | |||
| Oval ID: | oval:org.mitre.oval:def:24014 | ||
| Title: | ELSA-2013:0820: firefox security update (Critical) | ||
| Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:0820-01 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 45 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26956 | |||
| Oval ID: | oval:org.mitre.oval:def:26956 | ||
| Title: | DEPRECATED: ELSA-2013-0820 -- firefox security update (critical) | ||
| Description: | firefox [17.0.6-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.6-1] - Update to 17.0.6 ESR [17.0.5-2] - Updated XulRunner check xulrunner [17.0.6-2.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.6-2] - Update to 17.0.6 ESR [17.0.5-2] - Updated nss and nspr versions | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0820 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27481 | |||
| Oval ID: | oval:org.mitre.oval:def:27481 | ||
| Title: | DEPRECATED: ELSA-2013-0821 -- thunderbird security update (important) | ||
| Description: | [17.0.6-2.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.6-2] - Update to 17.0.6 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-0821 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2014-08-19 | Firefox toString console.time Privileged Javascript Injection |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-448.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-447.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-438.nasl - Type : ACT_GATHER_INFO |
| 2013-09-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-23.nasl - Type : ACT_GATHER_INFO |
| 2013-07-18 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130628-130702.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0821.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0820.nasl - Type : ACT_GATHER_INFO |
| 2013-07-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2720.nasl - Type : ACT_GATHER_INFO |
| 2013-06-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2699.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1706_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130514_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130514_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1706.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_21.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1706_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_6_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_6.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_21.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_6_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-05-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4a1ca8a4bd8211e2b7a0d43d7e0c7c02.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0820.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0820.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0821.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1822-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1823-1.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0821.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:57:11 |
|
| 2013-05-16 17:21:31 |
|
| 2013-05-15 00:18:46 |
|
