Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 102550 Multiple Security Vulnerabilities in Mozilla 1.4 and 1.7 for Solaris and for Sun JDS for Linux
Informations
Name SUN-102550 First vendor Publication 2008-09-11
Vendor Sun Last vendor Modification 2008-09-11
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Mozilla 1.4 for Solaris Mozilla 1.4 for Linux Mozilla v1.7
State: Resolved
First released: 22-Aug-2006

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_102550_multiple_security

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-399 Resource Management Errors
17 % CWE-264 Permissions, Privileges, and Access Controls
17 % CWE-189 Numeric Errors (CWE/SANS Top 25)
17 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
17 % CWE-20 Improper Input Validation
8 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10016
 
Oval ID: oval:org.mitre.oval:def:10016
Title: The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
Description: The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0292
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10055
 
Oval ID: oval:org.mitre.oval:def:10055
Title: Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.
Description: Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1730
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10232
 
Oval ID: oval:org.mitre.oval:def:10232
Title: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.
Description: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1732
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10243
 
Oval ID: oval:org.mitre.oval:def:10243
Title: Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.
Description: Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1724
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10364
 
Oval ID: oval:org.mitre.oval:def:10364
Title: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".
Description: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".
Family: unix Class: vulnerability
Reference(s): CVE-2006-1727
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1037
 
Oval ID: oval:org.mitre.oval:def:1037
Title: Mozilla Privilege Escalation via XBL.method.eval
Description: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1735
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10424
 
Oval ID: oval:org.mitre.oval:def:10424
Title: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.
Description: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1740
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10508
 
Oval ID: oval:org.mitre.oval:def:10508
Title: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
Description: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1728
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10755
 
Oval ID: oval:org.mitre.oval:def:10755
Title: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.
Description: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1734
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10782
 
Oval ID: oval:org.mitre.oval:def:10782
Title: The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Description: The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0884
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10815
 
Oval ID: oval:org.mitre.oval:def:10815
Title: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
Description: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
Family: unix Class: vulnerability
Reference(s): CVE-2006-1733
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10817
 
Oval ID: oval:org.mitre.oval:def:10817
Title: Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.
Description: Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1737
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1087
 
Oval ID: oval:org.mitre.oval:def:1087
Title: Mozilla JavaScript Garbage-collection Hazard Audit
Description: The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1742
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10922
 
Oval ID: oval:org.mitre.oval:def:10922
Title: Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
Description: Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1729
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10930
 
Oval ID: oval:org.mitre.oval:def:10930
Title: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.
Description: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1735
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11164
 
Oval ID: oval:org.mitre.oval:def:11164
Title: Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index.
Description: Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0748
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11202
 
Oval ID: oval:org.mitre.oval:def:11202
Title: A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
Description: A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1790
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11382
 
Oval ID: oval:org.mitre.oval:def:11382
Title: Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
Description: Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
Family: unix Class: vulnerability
Reference(s): CVE-2005-4134
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11704
 
Oval ID: oval:org.mitre.oval:def:11704
Title: nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.
Description: nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0749
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11803
 
Oval ID: oval:org.mitre.oval:def:11803
Title: The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
Description: The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
Family: unix Class: vulnerability
Reference(s): CVE-2006-0296
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11808
 
Oval ID: oval:org.mitre.oval:def:11808
Title: The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.
Description: The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1742
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1189
 
Oval ID: oval:org.mitre.oval:def:1189
Title: Mozilla Table Rebuilding Code Execution Vulnerability
Description: Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index.
Family: windows Class: vulnerability
Reference(s): CVE-2006-0748
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1247
 
Oval ID: oval:org.mitre.oval:def:1247
Title: Mozilla Privilege Escalation Using a JavaScript Function's Cloned Parent
Description: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1734
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1266
 
Oval ID: oval:org.mitre.oval:def:1266
Title: Mozilla Crashes with Evidence of Memory Corruption (Firefox Regression Fix)
Description: A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1790
Version: 2
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1493
 
Oval ID: oval:org.mitre.oval:def:1493
Title: Mozilla XML Attribute Name Validation Vulnerability
Description: The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.
Family: windows Class: vulnerability
Reference(s): CVE-2006-0296
Version: 4
Platform(s): Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1494
 
Oval ID: oval:org.mitre.oval:def:1494
Title: Mozilla JavaScript Garbage-Collection Hazards in jsfun.c
Description: The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects.
Family: windows Class: vulnerability
Reference(s): CVE-2006-0293
Version: 4
Platform(s): Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1548
 
Oval ID: oval:org.mitre.oval:def:1548
Title: Mozilla Downloading Executables with "Save Image As..."
Description: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1736
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1614
 
Oval ID: oval:org.mitre.oval:def:1614
Title: Mozilla CSS Letter-Spacing Heap Overflow Vulnerability
Description: Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1730
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1619
 
Oval ID: oval:org.mitre.oval:def:1619
Title: Mozilla Firefox History File Buffer Overflow
Description: Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
Family: windows Class: vulnerability
Reference(s): CVE-2005-4134
Version: 4
Platform(s): Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1649
 
Oval ID: oval:org.mitre.oval:def:1649
Title: Mozilla Privilege Escalation through Print Preview
Description: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".
Family: windows Class: vulnerability
Reference(s): CVE-2006-1727
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1667
 
Oval ID: oval:org.mitre.oval:def:1667
Title: Mozilla Crashes with Evidence of Memory Corruption (CSS BO)
Description: The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1739
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1687
 
Oval ID: oval:org.mitre.oval:def:1687
Title: Mozilla Crashes with Evidence of Memory Corruption (moz-grid)
Description: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1738
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1698
 
Oval ID: oval:org.mitre.oval:def:1698
Title: Mozilla Privilege Escalation Using crypto.generateCRMFRequest
Description: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1728
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1811
 
Oval ID: oval:org.mitre.oval:def:1811
Title: Mozilla Secure-site Spoof (requires security warning dialog)
Description: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1740
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1829
 
Oval ID: oval:org.mitre.oval:def:1829
Title: Mozilla Crashes with Evidence of Memory Corruption (RegEx)
Description: Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1737
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1848
 
Oval ID: oval:org.mitre.oval:def:1848
Title: Mozilla Mozilla Firefox Tag Order Vulnerability
Description: nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2006-0749
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1855
 
Oval ID: oval:org.mitre.oval:def:1855
Title: Mozilla Cross-site JavaScript Injection Using Event Handlers
Description: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
Family: windows Class: vulnerability
Reference(s): CVE-2006-1741
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1887
 
Oval ID: oval:org.mitre.oval:def:1887
Title: Mozilla Cross-site Scripting through window.controllers
Description: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1732
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1901
 
Oval ID: oval:org.mitre.oval:def:1901
Title: Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1724)
Description: Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1724
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1929
 
Oval ID: oval:org.mitre.oval:def:1929
Title: Mozilla File Stealing by Changing Input Type
Description: Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1729
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1955
 
Oval ID: oval:org.mitre.oval:def:1955
Title: Mozilla Cross-site Scripting Using .valueOf.call()
Description: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Family: windows Class: vulnerability
Reference(s): CVE-2006-1731
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:2020
 
Oval ID: oval:org.mitre.oval:def:2020
Title: Mozilla Accessing XBL Compilation Scope via valueOf.call()
Description: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."
Family: windows Class: vulnerability
Reference(s): CVE-2006-1733
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:2024
 
Oval ID: oval:org.mitre.oval:def:2024
Title: Mozilla JavaScript Execution in Mail When Forwarding In-line
Description: The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
Family: windows Class: vulnerability
Reference(s): CVE-2006-0884
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:670
 
Oval ID: oval:org.mitre.oval:def:670
Title: Mozilla JavaScript Garbage-Collection Hazards in jsinterp.c
Description: The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2006-0292
Version: 4
Platform(s): Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): mozilla
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9167
 
Oval ID: oval:org.mitre.oval:def:9167
Title: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
Description: Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".
Family: unix Class: vulnerability
Reference(s): CVE-2006-1741
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9405
 
Oval ID: oval:org.mitre.oval:def:9405
Title: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.
Description: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1738
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9604
 
Oval ID: oval:org.mitre.oval:def:9604
Title: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Description: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1731
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9817
 
Oval ID: oval:org.mitre.oval:def:9817
Title: The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.
Description: The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2006-1739
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5
Application 44
Application 6
Application 7
Application 8
Application 35
Application 31
Os 3
Os 1

OpenVAS Exploits

Date Description
2009-10-10 Name : SLES9: Security update for Mozilla suite
File : nvt/sles9p5019559.nasl
2009-05-05 Name : HP-UX Update for Thunderbird HPSBUX02156
File : nvt/gb_hp_ux_HPSBUX02156.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox)
File : nvt/glsa_200604_12.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200604-18 (mozilla)
File : nvt/glsa_200604_18.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird)
File : nvt/glsa_200605_09.nasl
2008-09-04 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox22.nasl
2008-09-04 Name : FreeBSD Ports: thunderbird, mozilla-thunderbird
File : nvt/freebsd_thunderbird6.nasl
2008-01-17 Name : Debian Security Advisory DSA 1044-1 (mozilla-firefox)
File : nvt/deb_1044_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1046-1 (mozilla)
File : nvt/deb_1046_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1051-1 (mozilla-thunderbird)
File : nvt/deb_1051_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1118-1 (mozilla)
File : nvt/deb_1118_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1120-1 (mozilla-firefox)
File : nvt/deb_1120_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1134-1 (mozilla-thunderbird)
File : nvt/deb_1134_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
24947 Mozilla Multiple Products Crafted Table Tag Arbitrary Code Execution

24680 Mozilla Multiple Products XBL Control Print Preview Privilege Escalation

24679 Mozilla Multiple Products crypto.generateCRMFRequest Method Arbitrary Code Ex...

24678 Mozilla Multiple Products Text Box Arbitrary File Access

24677 Mozilla Multiple Products CSS letter-spacing Property Overflow

24672 Mozilla Multiple Products DHTML Unspecified Memory Corruption (282105)

24671 Mozilla Multiple Products .valueOf.call() / .valueOf.apply() Same-origin Bypass

24670 Mozilla Multiple Products nsHTMLContentSink.cpp Crafted HTML Memory Corruption

24669 Mozilla Multiple Products window.controllers Array Same-origin Bypass

24668 Mozilla Multiple Products XBL Binding Multiple Method Privilege Escalation

24667 Mozilla Multiple Products Object.watch Method Arbitrary Code Execution

24666 Mozilla Multiple Products XBL.method.eval Javascript Function Privilege Escal...

24665 Mozilla Multiple Products Transparent Image Link Arbitrary File Download

24664 Mozilla Multiple Products Popup Window Trusted Site Spoofing

24663 Mozilla Multiple Products InstallTrigger.install() Method Memory Corruption

24662 Mozilla Multiple Products -moz-grid* Modification DoS

24661 Mozilla Multiple Products Javascript Regular Expression Parsing Overflow

24660 Mozilla Multiple Products CSS border-rendering Code Crafted CSS Memory Corrup...

24659 Mozilla Multiple Products Javascript Engine garbage-collection Temporary Vari...

24658 Mozilla Multiple Products Modal Alert Suspended Handler XSS

23653 Mozilla Thunderbird Mail Content iframe src Validation Failure XSS

Mozilla Suite, Mozilla Seamonkey and Mozilla Thunderbird contain a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the javascript content of an email upon forwarding it to another email receipient. This could allow a user to create a specially crafted email that would execute arbitrary code in a user's browser with user privileges without security restrictions, leading to a loss of integrity.
22894 Mozilla Multiple Products XULDocument.persist() Function Localstore.rdf XML I...

22892 Mozilla Multiple Products Web Page Title Processing Overflow DoS

22890 Mozilla Multiple Products JavaScript Engine Crafted Object Memory Corruption

21533 Multiple Browser Large History Entry DoS

Snort® IPS/IDS

Date Description
2017-12-29 Mozilla products CSS rendering out-of-bounds array write attempt
RuleID : 44991 - Revision : 3 - Type : BROWSER-FIREFOX
2017-08-23 Mozilla Firefox multiple vulnerabilities memory corruption attempt
RuleID : 43642 - Revision : 4 - Type : BROWSER-FIREFOX
2016-03-14 Mozilla Firefox Javascript large regex memory corruption attempt
RuleID : 36789 - Revision : 2 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Object.watch parent access attempt
RuleID : 20739 - Revision : 5 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla XBL.method memory corruption attempt
RuleID : 20730 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla XBL object init code execution attempt
RuleID : 20729 - Revision : 7 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox Javascript large regex memory corruption attempt
RuleID : 18298 - Revision : 7 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox InstallTrigger.install memory corruption attempt
RuleID : 18187 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla products -moz-grid and -moz-grid-group display styles code execution ...
RuleID : 18186 - Revision : 6 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla products CSS rendering out-of-bounds array write attempt
RuleID : 18078 - Revision : 7 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla products CSS rendering out-of-bounds array write attempt
RuleID : 18077 - Revision : 8 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox tag order memory corruption attempt
RuleID : 17581 - Revision : 13 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox tag order memory corruption attempt
RuleID : 16050 - Revision : 9 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox CSS Letter-Spacing overflow attempt
RuleID : 16044 - Revision : 9 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt
RuleID : 16038 - Revision : 8 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2007-12-21 Name : A web browser on the remote host is prone to multiple flaws.
File : mozilla_firefox_108.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-323-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-296-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-296-2.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-1585.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote host is missing Sun Security Patch number 120671-08
File : solaris9_120671.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote host is missing Sun Security Patch number 120671-08
File : solaris8_120671.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-487.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-488.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-489.nasl - Type : ACT_GATHER_INFO
2007-01-17 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-490.nasl - Type : ACT_GATHER_INFO
2006-12-06 Name : The remote host is missing Sun Security Patch number 120672-08
File : solaris9_x86_120672.nasl - Type : ACT_GATHER_INFO
2006-12-06 Name : The remote host is missing Sun Security Patch number 120672-08
File : solaris8_x86_120672.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119116-35
File : solaris10_x86_119116.nasl - Type : ACT_GATHER_INFO
2006-11-06 Name : The remote host is missing Sun Security Patch number 119115-36
File : solaris10_119115.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1051.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1118.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1120.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1134.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1046.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1044.nasl - Type : ACT_GATHER_INFO
2006-07-05 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2006-0200.nasl - Type : ACT_GATHER_INFO
2006-07-05 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2006-0328.nasl - Type : ACT_GATHER_INFO
2006-07-05 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2006-0330.nasl - Type : ACT_GATHER_INFO
2006-07-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0199.nasl - Type : ACT_GATHER_INFO
2006-07-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0329.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200605-09.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_61349f77c62011dab2fb000e0c2e438a.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_84630f4acd8c11dab7b9000c6ec775d9.nasl - Type : ACT_GATHER_INFO
2006-05-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200604-18.nasl - Type : ACT_GATHER_INFO
2006-05-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-276-1.nasl - Type : ACT_GATHER_INFO
2006-04-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-275-1.nasl - Type : ACT_GATHER_INFO
2006-04-26 Name : The remote host is missing a vendor-supplied security patch
File : suse_SA_2006_021.nasl - Type : ACT_GATHER_INFO
2006-04-26 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2006-0330.nasl - Type : ACT_GATHER_INFO
2006-04-26 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-075.nasl - Type : ACT_GATHER_INFO
2006-04-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200604-12.nasl - Type : ACT_GATHER_INFO
2006-04-26 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-078.nasl - Type : ACT_GATHER_INFO
2006-04-21 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-411.nasl - Type : ACT_GATHER_INFO
2006-04-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-271-1.nasl - Type : ACT_GATHER_INFO
2006-04-21 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-410.nasl - Type : ACT_GATHER_INFO
2006-04-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0329.nasl - Type : ACT_GATHER_INFO
2006-04-17 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2006-0328.nasl - Type : ACT_GATHER_INFO
2006-04-14 Name : A web browser on the remote host is prone to multiple flaws.
File : seamonkey_101.nasl - Type : ACT_GATHER_INFO
2006-04-14 Name : A web browser on the remote host is prone to multiple flaws.
File : mozilla_firefox_1502.nasl - Type : ACT_GATHER_INFO
2006-03-06 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-052.nasl - Type : ACT_GATHER_INFO
2006-02-10 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-037.nasl - Type : ACT_GATHER_INFO
2006-02-05 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-076.nasl - Type : ACT_GATHER_INFO
2006-02-05 Name : The remote Fedora Core host is missing a security update.
File : fedora_2006-075.nasl - Type : ACT_GATHER_INFO
2006-02-05 Name : A web browser on the remote host is prone to multiple flaws.
File : seamonkey_10.nasl - Type : ACT_GATHER_INFO
2006-02-05 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2006-0200.nasl - Type : ACT_GATHER_INFO
2006-02-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0199.nasl - Type : ACT_GATHER_INFO
2006-02-04 Name : A web browser on the remote host is prone to multiple flaws.
File : mozilla_firefox_1501.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-02-06 19:08:11
  • Multiple Updates