Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 258748 Multiple Security Vulnerabilities in Mozilla Thunderbird Versions Prior to 2.0.0.19 May Allow Execution of Arbitrary Code or Unauthorized Access to Data
Informations
Name SUN-258748 First vendor Publication 2009-05-13
Vendor Sun Last vendor Modification 2009-05-13
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Mozilla Thunderbird v2.0 Solaris 10 Operating System OpenSolaris

Multiple security vulnerabilities in thunderbird(1) versions prior to 2.0.0.19 shipped with Solaris 10 may allow an unprivileged remote user to take any of the following actions:

- Execute arbitrary code on the system where thunderbird(1) is being run
- Gain unauthorized access to sensitive data
- Perform Cross-Site Scripting (XSS) attacks to bypass access controls


Certain vulnerabilities may also allow a user to crash the thunderbird(1) application, which is a type of Denial of Service (DoS).

The following URL provides additional details about the vulnerabilities addressed in Thunderbird versions prior to 2.0.0.19:


The following CVEs describe these issues in more detail:


State: Resolved
First released: 13-May-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_258748_multiple_security

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-264 Permissions, Privileges, and Access Controls
17 % CWE-399 Resource Management Errors
17 % CWE-200 Information Exposure
17 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
17 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10512
 
Oval ID: oval:org.mitre.oval:def:10512
Title: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
Description: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
Family: unix Class: vulnerability
Reference(s): CVE-2008-5506
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11040
 
Oval ID: oval:org.mitre.oval:def:11040
Title: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.
Description: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5508
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11053
 
Oval ID: oval:org.mitre.oval:def:11053
Title: The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.
Description: The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5500
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11423
 
Oval ID: oval:org.mitre.oval:def:11423
Title: The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.
Description: The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5503
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11881
 
Oval ID: oval:org.mitre.oval:def:11881
Title: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."
Description: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."
Family: unix Class: vulnerability
Reference(s): CVE-2008-5511
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12973
 
Oval ID: oval:org.mitre.oval:def:12973
Title: DSA-1696-1 icedove -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. CVE-2008-1380 It was discovered that crashes in the Javascript engine could potentially lead to the execution of arbitrary code. CVE-2008-3835 "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect could be bypassed. CVE-2008-4058 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4059 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4060 Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. CVE-2008-4067 It was discovered that a directory traversal allows attackers to read arbitrary files via a certain characters. CVE-2008-4068 It was discovered that a directory traversal allows attackers to bypass security restrictions and obtain sensitive information. CVE-2008-4070 It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. CVE-2008-4582 Liu Die Yu and Boris Zbarsky discovered an information leak through local shortcut files. CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. CVE-2008-5018 It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. CVE-2008-5022 "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners could be bypassed. CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. For the stable distribution these problems have been fixed in version 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1. Packages for s390 will be provided later. For the upcoming stable distribution these problems will be fixed soon. For the unstable distribution these problems have been fixed in version 2.0.0.19-1. We recommend that you upgrade your icedove packages.
Family: unix Class: patch
Reference(s): DSA-1696-1
CVE-2008-0016
CVE-2008-1380
CVE-2008-3835
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
CVE-2008-4070
CVE-2008-4582
CVE-2008-5012
CVE-2008-5014
CVE-2008-5017
CVE-2008-5018
CVE-2008-5021
CVE-2008-5022
CVE-2008-5024
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13213
 
Oval ID: oval:org.mitre.oval:def:13213
Title: USN-701-2 -- mozilla-thunderbird vulnerabilities
Description: Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. If a user had Javascript enabled, an attacker could exploit this to read data from other domains. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. When Javascript is enabled, it�s possible that sensitive information could be revealed in the XMLHttpRequest response. Chris Evans discovered that Thunderbird did not properly protect a user�s data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker may be able to steal a limited amount of private data. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Several flaws were discovered in the Javascript engine. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker could exploit this to execute arbitrary Javascript code within the context of another website or with chrome privileges
Family: unix Class: patch
Reference(s): USN-701-2
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Ubuntu 6.06
Product(s): mozilla-thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13233
 
Oval ID: oval:org.mitre.oval:def:13233
Title: USN-701-1 -- thunderbird vulnerabilities
Description: Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. If a user had Javascript enabled, an attacker could exploit this to read data from other domains. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. When Javascript is enabled, it�s possible that sensitive information could be revealed in the XMLHttpRequest response. Chris Evans discovered that Thunderbird did not properly protect a user�s data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker may be able to steal a limited amount of private data. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Kojima Hajime discovered that Thunderbird did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Several flaws were discovered in the Javascript engine. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker could exploit this to execute arbitrary Javascript code within the context of another website or with chrome privileges
Family: unix Class: patch
Reference(s): USN-701-1
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5510
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Ubuntu 7.10
Ubuntu 8.10
Ubuntu 8.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13245
 
Oval ID: oval:org.mitre.oval:def:13245
Title: DSA-1697-1 iceape -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. CVE-2008-0304 It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code. CVE-2008-2785 It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. CVE-2008-2798 Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2008-2799 Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-2800 "moz_bug_r_a4" discovered several cross-site scripting vulnerabilities. CVE-2008-2801 Collin Jackson and Adam Barth discovered that Javascript code could be executed in the context or signed JAR archives. CVE-2008-2802 "moz_bug_r_a4" discovered that XUL documements can escalate privileges by accessing the pre-compiled "fastload" file. CVE-2008-2803 "moz_bug_r_a4" discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript function could lead to the execution of arbitrary code. Iceape itself is not affected, but some addons are. CVE-2008-2805 Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious web sites to force the browser to upload local files to the server, which could lead to information disclosure. CVE-2008-2807 Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. CVE-2008-2808 Masahiro Yamada discovered that file URLS in directory listings were insufficiently escaped. CVE-2008-2809 John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings of secure connections. CVE-2008-2810 It was discovered that URL shortcut files could be used to bypass the same-origin restrictions. This issue does not affect current Iceape, but might occur with additional extensions installed. CVE-2008-2811 Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. CVE-2008-2933 Billy Rios discovered that passing an URL containing a pipe symbol to Iceape can lead to Chrome privilege escalation. CVE-2008-3835 "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect could be bypassed. CVE-2008-3836 "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. CVE-2008-3837 Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. CVE-2008-4058 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4059 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4060 Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. CVE-2008-4067 Boris Zbarsky discovered that resource: URls allow directory traversal when using URL-encoded slashes. CVE-2008-4068 Georgi Guninski discovered that resource: URLs could bypass local access restrictions. CVE-2008-4069 Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. CVE-2008-4070 It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. CVE-2008-5013 It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. CVE-2008-0017 Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. CVE-2008-5022 "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners could be bypassed. CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. CVE-2008-4582 Liu Die Yu discovered an information leak through local shortcut files. CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. For the stable distribution these problems have been fixed in version 1.0.13~pre080614i-0etch1. For the upcoming stable distribution distribution these problems will be fixed soon. For the unstable distribution these problems have been fixed in version 1.1.14-1. We recommend that you upgrade your iceape packages.
Family: unix Class: patch
Reference(s): DSA-1697-1
CVE-2008-0016
CVE-2008-0304
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2810
CVE-2008-2811
CVE-2008-2933
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
CVE-2008-4070
CVE-2008-4582
CVE-2008-5012
CVE-2008-5013
CVE-2008-5014
CVE-2008-5017
CVE-2008-0017
CVE-2008-5021
CVE-2008-5024
CVE-2008-5022
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): iceape
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13754
 
Oval ID: oval:org.mitre.oval:def:13754
Title: DSA-1704-2 netatalk -- arbitrary code execution
Description: The update in DSA 1704-1 was incomplete as it missed to escape a few important characters which enabled an attacker to overwrite arbitrary files. It was discovered that netatalk, an implementation of the AppleTalk suite, is affected by a command injection vulnerability when processing PostScript streams via papd. This is leading to arbitrary remote code execution. Note that this only affects installations that are configured to use a pipe command in combination with wildcard symbols substituted with values of the printed job. For the stable distribution this problem has been fixed in version 2.0.3-4+etch2. For the unstable distribution this problem has been fixed in version 2.0.4~beta2-1.1. We recommend that you upgrade your netatalk package.
Family: unix Class: patch
Reference(s): DSA-1704-2
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 5
Platform(s): Debian GNU/Linux 4.0
Product(s): netatalk
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16973
 
Oval ID: oval:org.mitre.oval:def:16973
Title: USN-690-3 -- firefox vulnerabilities
Description: Several flaws were discovered in the browser engine.
Family: unix Class: patch
Reference(s): USN-690-3
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5511
CVE-2008-5512
Version: 7
Platform(s): Ubuntu 6.06
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17791
 
Oval ID: oval:org.mitre.oval:def:17791
Title: DSA-1704-1 xulrunner - several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.
Family: unix Class: patch
Reference(s): DSA-1704-1
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7636
 
Oval ID: oval:org.mitre.oval:def:7636
Title: DSA-1704 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68)
Family: unix Class: patch
Reference(s): DSA-1704
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7950
 
Oval ID: oval:org.mitre.oval:def:7950
Title: DSA-1697 iceape -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. (MFSA 2008-37) It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code. (MFSA 2008-26) It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. (MFSA 2008-34) Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-21) Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. (MFSA 2008-21) "moz_bug_r_a4" discovered several cross-site scripting vulnerabilities. (MFSA 2008-22) Collin Jackson and Adam Barth discovered that Javascript code could be executed in the context or signed JAR archives. (MFSA 2008-23) "moz_bug_r_a4" discovered that XUL documements can escalate privileges by accessing the pre-compiled "fastload" file. (MFSA 2008-24) "moz_bug_r_a4" discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceape itself is not affected, but some addons are. (MFSA 2008-25) Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious web sites to force the browser to upload local files to the server, which could lead to information disclosure. (MFSA 2008-27) Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. (MFSA 2008-29) Masahiro Yamada discovered that file URLs in directory listings were insufficiently escaped. (MFSA 2008-30) John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings of secure connections. (MFSA 2008-31) It was discovered that URL shortcut files could be used to bypass the same-origin restrictions. This issue does not affect current Iceape, but might occur with additional extensions installed. (MFSA 2008-32) Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. (MFSA 2008-33) Billy Rios discovered that passing an URL containing a pipe symbol to Iceape can lead to Chrome privilege escalation. (MFSA 2008-35) "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38) "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. (MFSA 2008-39) Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. (MFSA 2008-40) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. (MFSA 2008-41) Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. (MFSA 2008-43) Boris Zbarsky discovered that resource: URLs allow directory traversal when using URL-encoded slashes. (MFSA 2008-44) Georgi Guninski discovered that resource: URLs could bypass local access restrictions. (MFSA 2008-44) Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. (MFSA 2008-45) It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. (MFSA 2008-46) Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. (MFSA 2008-48) It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. (MFSA 2008-49) Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. (MFSA 2008-50) It was discovered that crashes in the layout engine could lead to arbitrary code execution. (MFSA 2008-52) Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. (MFSA 2008-54) It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. (MFSA 2008-55) "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. (MFSA 2008-56) Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. (MFSA 2008-58) Liu Die Yu discovered an information leak through local shortcut files. (MFSA 2008-59) Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68)
Family: unix Class: patch
Reference(s): DSA-1697
CVE-2008-0016
CVE-2008-0304
CVE-2008-2785
CVE-2008-2798
CVE-2008-2799
CVE-2008-2800
CVE-2008-2801
CVE-2008-2802
CVE-2008-2803
CVE-2008-2805
CVE-2008-2807
CVE-2008-2808
CVE-2008-2809
CVE-2008-2810
CVE-2008-2811
CVE-2008-2933
CVE-2008-3835
CVE-2008-3836
CVE-2008-3837
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
CVE-2008-4069
CVE-2008-4070
CVE-2008-4582
CVE-2008-5012
CVE-2008-5013
CVE-2008-5014
CVE-2008-5017
CVE-2008-0017
CVE-2008-5021
CVE-2008-5024
CVE-2008-5022
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): iceape
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8021
 
Oval ID: oval:org.mitre.oval:def:8021
Title: DSA-1696 icedove -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. (MFSA 2008-37) It was discovered that crashes in the Javascript engine could potentially lead to the execution of arbitrary code. (MFSA 2008-20) "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. (MFSA 2008-41) Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. (MFSA 2008-43) It was discovered that a directory traversal allows attackers to read arbitrary files via a certain character. (MFSA 2008-44) It was discovered that a directory traversal allows attackers to bypass security restrictions and obtain sensitive information. (MFSA 2008-44) It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. (MFSA 2008-46) Liu Die Yu and Boris Zbarsky discovered an information leak through local shortcut files. (MFSA 2008-47, MFSA 2008-59) Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. (MFSA 2008-48) Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. (MFSA 2008-50) It was discovered that crashes in the layout engine could lead to arbitrary code execution. (MFSA 2008-52) It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. (MFSA 2008-52) It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. (MFSA 2008-55) "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. (MFSA 2008-56) Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. (MFSA 2008-58) Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68)
Family: unix Class: patch
Reference(s): DSA-1696
CVE-2008-0016
CVE-2008-1380
CVE-2008-3835
CVE-2008-4058
CVE-2008-4059
CVE-2008-4060
CVE-2008-4061
CVE-2008-4062
CVE-2008-4065
CVE-2008-4067
CVE-2008-4068
CVE-2008-4070
CVE-2008-4582
CVE-2008-5012
CVE-2008-5014
CVE-2008-5017
CVE-2008-5018
CVE-2008-5021
CVE-2008-5022
CVE-2008-5024
CVE-2008-5500
CVE-2008-5503
CVE-2008-5506
CVE-2008-5507
CVE-2008-5508
CVE-2008-5511
CVE-2008-5512
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9376
 
Oval ID: oval:org.mitre.oval:def:9376
Title: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
Description: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5507
Version: 6
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9662
 
Oval ID: oval:org.mitre.oval:def:9662
Title: The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
Description: The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5510
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9814
 
Oval ID: oval:org.mitre.oval:def:9814
Title: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers."
Description: Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers."
Family: unix Class: vulnerability
Reference(s): CVE-2008-5512
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 158
Application 35
Application 75
Os 4
Os 2

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for thunderbird CESA-2009:0002 centos4 i386
File : nvt/gb_CESA-2009_0002_thunderbird_centos4_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2009:0002 centos5 i386
File : nvt/gb_CESA-2009_0002_thunderbird_centos5_i386.nasl
2009-10-13 Name : SLES10: Security update for Epiphany
File : nvt/sles10_epiphany.nasl
2009-10-13 Name : SLES10: Security update for MozillaFirefox
File : nvt/sles10_MozillaFirefox.nasl
2009-10-10 Name : SLES9: Security update for Epiphany
File : nvt/sles9p5040940.nasl
2009-06-05 Name : Ubuntu USN-707-1 (cupsys)
File : nvt/ubuntu_707_1.nasl
2009-06-03 Name : Solaris Update for Mozilla 1.7 125539-06
File : nvt/gb_solaris_125539_06.nasl
2009-06-03 Name : Solaris Update for Mozilla Firefox Web browser 125540-06
File : nvt/gb_solaris_125540_06.nasl
2009-06-03 Name : Solaris Update for Mozilla 1.7 125541-04
File : nvt/gb_solaris_125541_04.nasl
2009-06-03 Name : Solaris Update for Mozilla Thunderbird email client 125542-04
File : nvt/gb_solaris_125542_04.nasl
2009-04-09 Name : Mandriva Update for mozilla-firefox MDVSA-2008:244 (mozilla-firefox)
File : nvt/gb_mandriva_MDVSA_2008_244.nasl
2009-04-09 Name : Mandriva Update for firefox MDVSA-2008:245 (firefox)
File : nvt/gb_mandriva_MDVSA_2008_245.nasl
2009-03-23 Name : Ubuntu Update for firefox vulnerabilities USN-690-3
File : nvt/gb_ubuntu_USN_690_3.nasl
2009-03-23 Name : Ubuntu Update for firefox vulnerabilities USN-690-2
File : nvt/gb_ubuntu_USN_690_2.nasl
2009-03-23 Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-690-1
File : nvt/gb_ubuntu_USN_690_1.nasl
2009-03-06 Name : RedHat Update for firefox RHSA-2008:1036-01
File : nvt/gb_RHSA-2008_1036-01_firefox.nasl
2009-03-06 Name : RedHat Update for seamonkey RHSA-2008:1037-01
File : nvt/gb_RHSA-2008_1037-01_seamonkey.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:1037 centos3 x86_64
File : nvt/gb_CESA-2008_1037_seamonkey_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:1037 centos3 i386
File : nvt/gb_CESA-2008_1037_seamonkey_centos3_i386.nasl
2009-02-27 Name : CentOS Update for seamonkey CESA-2008:1037-01 centos2 i386
File : nvt/gb_CESA-2008_1037-01_seamonkey_centos2_i386.nasl
2009-02-13 Name : Fedora Update for epiphany-extensions FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_epiphany-extensions_fc9.nasl
2009-02-13 Name : Fedora Update for chmsee FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_chmsee_fc9.nasl
2009-02-13 Name : Fedora Update for devhelp FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_devhelp_fc9.nasl
2009-02-13 Name : Fedora Update for firefox FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_firefox_fc9.nasl
2009-02-13 Name : Fedora Update for epiphany FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_epiphany_fc9.nasl
2009-02-13 Name : Fedora Update for evolution-rss FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_evolution-rss_fc9.nasl
2009-02-13 Name : Fedora Update for xulrunner FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_xulrunner_fc9.nasl
2009-02-13 Name : Fedora Update for cairo-dock FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_cairo-dock_fc9.nasl
2009-02-13 Name : Fedora Update for blam FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_blam_fc9.nasl
2009-02-13 Name : Fedora Update for Miro FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_Miro_fc9.nasl
2009-02-13 Name : Fedora Update for seamonkey FEDORA-2008-11586
File : nvt/gb_fedora_2008_11586_seamonkey_fc9.nasl
2009-02-13 Name : Fedora Update for ruby-gnome2 FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_ruby-gnome2_fc8.nasl
2009-02-13 Name : Fedora Update for openvrml FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_openvrml_fc8.nasl
2009-02-13 Name : Fedora Update for liferea FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_liferea_fc8.nasl
2009-02-13 Name : Fedora Update for galeon FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_galeon_fc9.nasl
2009-02-13 Name : Fedora Update for gnome-python2-extras FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_gnome-python2-extras_fc9.nasl
2009-02-13 Name : Fedora Update for gnome-web-photo FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_gnome-web-photo_fc9.nasl
2009-02-13 Name : Fedora Update for google-gadgets FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_google-gadgets_fc9.nasl
2009-02-13 Name : Fedora Update for gtkmozembedmm FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_gtkmozembedmm_fc9.nasl
2009-02-13 Name : Fedora Update for kazehakase FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_kazehakase_fc9.nasl
2009-02-13 Name : Fedora Update for mozvoikko FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_mozvoikko_fc9.nasl
2009-02-13 Name : Fedora Update for mugshot FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_mugshot_fc9.nasl
2009-02-13 Name : Fedora Update for ruby-gnome2 FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_ruby-gnome2_fc9.nasl
2009-02-13 Name : Fedora Update for totem FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_totem_fc9.nasl
2009-02-13 Name : Fedora Update for yelp FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_yelp_fc8.nasl
2009-02-13 Name : Fedora Update for yelp FEDORA-2008-11598
File : nvt/gb_fedora_2008_11598_yelp_fc9.nasl
2009-02-13 Name : Ubuntu USN-717-3 (firefox)
File : nvt/ubuntu_717_3.nasl
2009-02-13 Name : Fedora Update for galeon FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_galeon_fc10.nasl
2009-02-13 Name : Fedora Update for pcmanx-gtk2 FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_pcmanx-gtk2_fc10.nasl
2009-02-13 Name : Fedora Update for mugshot FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_mugshot_fc10.nasl
2009-02-13 Name : Fedora Update for mozvoikko FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_mozvoikko_fc10.nasl
2009-02-13 Name : Fedora Update for kazehakase FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_kazehakase_fc10.nasl
2009-02-13 Name : Fedora Update for google-gadgets FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_google-gadgets_fc10.nasl
2009-02-13 Name : Fedora Update for gnome-web-photo FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_gnome-web-photo_fc10.nasl
2009-02-13 Name : Fedora Update for gnome-python2-extras FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_gnome-python2-extras_fc10.nasl
2009-02-13 Name : Fedora Update for gecko-sharp2 FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_gecko-sharp2_fc10.nasl
2009-02-13 Name : Fedora Update for gnome-web-photo FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_gnome-web-photo_fc8.nasl
2009-02-13 Name : Fedora Update for firefox FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_firefox_fc10.nasl
2009-02-13 Name : Fedora Update for evolution-rss FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_evolution-rss_fc10.nasl
2009-02-13 Name : Fedora Update for epiphany FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_epiphany_fc10.nasl
2009-02-13 Name : Fedora Update for epiphany-extensions FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_epiphany-extensions_fc10.nasl
2009-02-13 Name : Fedora Update for devhelp FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_devhelp_fc10.nasl
2009-02-13 Name : Fedora Update for blam FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_blam_fc10.nasl
2009-02-13 Name : Fedora Update for Miro FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_Miro_fc10.nasl
2009-02-13 Name : Fedora Update for seamonkey FEDORA-2008-11490
File : nvt/gb_fedora_2008_11490_seamonkey_fc10.nasl
2009-02-13 Name : Fedora Update for xulrunner FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_xulrunner_fc10.nasl
2009-02-13 Name : Fedora Update for galeon FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_galeon_fc8.nasl
2009-02-13 Name : Fedora Update for firefox FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_firefox_fc8.nasl
2009-02-13 Name : Fedora Update for evolution-rss FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_evolution-rss_fc8.nasl
2009-02-13 Name : Fedora Update for epiphany FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_epiphany_fc8.nasl
2009-02-13 Name : Fedora Update for kazehakase FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_kazehakase_fc8.nasl
2009-02-13 Name : Fedora Update for gnome-python2-extras FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_gnome-python2-extras_fc8.nasl
2009-02-13 Name : Fedora Update for epiphany-extensions FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_epiphany-extensions_fc8.nasl
2009-02-13 Name : Fedora Update for devhelp FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_devhelp_fc8.nasl
2009-02-13 Name : Fedora Update for ruby-gnome2 FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_ruby-gnome2_fc10.nasl
2009-02-13 Name : Fedora Update for chmsee FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_chmsee_fc8.nasl
2009-02-13 Name : Fedora Update for cairo-dock FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_cairo-dock_fc8.nasl
2009-02-13 Name : Fedora Update for blam FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_blam_fc8.nasl
2009-02-13 Name : Fedora Update for Miro FEDORA-2008-11551
File : nvt/gb_fedora_2008_11551_Miro_fc8.nasl
2009-02-13 Name : Fedora Update for seamonkey FEDORA-2008-11534
File : nvt/gb_fedora_2008_11534_seamonkey_fc8.nasl
2009-02-13 Name : Fedora Update for yelp FEDORA-2008-11511
File : nvt/gb_fedora_2008_11511_yelp_fc10.nasl
2009-01-23 Name : SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2008:058
File : nvt/gb_suse_2008_058.nasl
2009-01-20 Name : Mandrake Security Advisory MDVSA-2009:012 (mozilla-thunderbird)
File : nvt/mdksa_2009_012.nasl
2009-01-20 Name : Debian Security Advisory DSA 1707-1 (iceweasel)
File : nvt/deb_1707_1.nasl
2009-01-20 Name : Debian Security Advisory DSA 1704-1 (xulrunner)
File : nvt/deb_1704_1.nasl
2009-01-20 Name : SuSE Security Advisory SUSE-SA:2009:002 (MozillaFirefox,MozillaThunderbird,mo...
File : nvt/suse_sa_2009_002.nasl
2009-01-20 Name : Ubuntu USN-708-1 (hplip)
File : nvt/ubuntu_708_1.nasl
2009-01-13 Name : Ubuntu USN-701-1 (thunderbird)
File : nvt/ubuntu_701_1.nasl
2009-01-13 Name : Ubuntu USN-701-2 (mozilla-thunderbird)
File : nvt/ubuntu_701_2.nasl
2009-01-13 Name : Debian Security Advisory DSA 1696-1 (icedove)
File : nvt/deb_1696_1.nasl
2009-01-13 Name : Debian Security Advisory DSA 1697-1 (iceape)
File : nvt/deb_1697_1.nasl
2009-01-13 Name : CentOS Security Advisory CESA-2009:0002 (thunderbird)
File : nvt/ovcesa2009_0002.nasl
2009-01-07 Name : RedHat Security Advisory RHSA-2009:0002
File : nvt/RHSA_2009_0002.nasl
2008-12-23 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox36.nasl
2008-12-23 Name : Mozilla Thunderbird Multiple Vulnerabilities December-08 (Win)
File : nvt/gb_thunderbird_mult_vuln_dec08_win.nasl
2008-12-23 Name : Mozilla Thunderbird Multiple Vulnerabilities December-08 (Linux)
File : nvt/gb_thunderbird_mult_vuln_dec08_lin.nasl
2008-12-23 Name : Mozilla Seamonkey Multiple Vulnerabilities December-08 (Win)
File : nvt/gb_seamonkey_mult_vuln_dec08_win.nasl
2008-12-23 Name : Mozilla Seamonkey Multiple Vulnerabilities December-08 (Linux)
File : nvt/gb_seamonkey_mult_vuln_dec08_lin.nasl
2008-12-23 Name : Mozilla Firefox Multiple Vulnerabilities December-08 (Win)
File : nvt/gb_firefox_mult_vuln_dec08_win.nasl
2008-12-23 Name : Mozilla Firefox Multiple Vulnerabilities December-08 (Linux)
File : nvt/gb_firefox_mult_vuln_dec08_lin.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
51296 Mozilla Multiple Products XPCNativeWrappers Pollution JavaScript Privilege Es...

51295 Mozilla Multiple Products XBL Binding Unloaded Document XSS

51294 Mozilla Multiple Products CSS Parser Escaped Null Character Protection Mechan...

51293 Mozilla Multiple Products Whitespace / Control Character URL Handling Phishin...

51292 Mozilla Multiple Products window.onerror DOM API Same-origin Policy Bypass In...

51291 Mozilla Multiple Products XMLHttpRequest 302 Redirect Same-origin Policy Bypa...

51288 Mozilla Multiple Product loadBindingDocument Function XBL Binding Same-domain...

51285 Mozilla Multiple Products Layout Engine nsEscapeHTML2 Overflow

51284 Mozilla Multiple Products Layout Engine PresShell::InitialReflow XUL iframe O...

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2009-0002.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-1037.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-1036.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-717-3.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-701-2.nasl - Type : ACT_GATHER_INFO
2013-03-09 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-690-3.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20090107_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081216_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081216_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2009-0002.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-1036.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-5890.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12326.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_epiphany-5889.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-090108.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner190-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_mozilla-xulrunner181-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-090108.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner181-081219.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner190-081218.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-081218.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-690-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-690-2.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-11511.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2008-11490.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-701-1.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-012.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-245.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-244.nasl - Type : ACT_GATHER_INFO
2009-01-16 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1707.nasl - Type : ACT_GATHER_INFO
2009-01-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1704.nasl - Type : ACT_GATHER_INFO
2009-01-09 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaThunderbird-5900.nasl - Type : ACT_GATHER_INFO
2009-01-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2009-0002.nasl - Type : ACT_GATHER_INFO
2009-01-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1696.nasl - Type : ACT_GATHER_INFO
2009-01-08 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1697.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_MozillaFirefox-5885.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_mozilla-xulrunner181-5881.nasl - Type : ACT_GATHER_INFO
2009-01-02 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_20019.nasl - Type : ACT_GATHER_INFO
2008-12-22 Name : The remote Windows host contains a web browser that is affected by a cross do...
File : mozilla_firefox_20020.nasl - Type : ACT_GATHER_INFO
2008-12-21 Name : The remote Fedora host is missing a security update.
File : fedora_2008-11534.nasl - Type : ACT_GATHER_INFO
2008-12-21 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_29f5bfc5ce0411dda7210030843d3802.nasl - Type : ACT_GATHER_INFO
2008-12-21 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-11598.nasl - Type : ACT_GATHER_INFO
2008-12-21 Name : The remote openSUSE host is missing a security update.
File : suse_seamonkey-5880.nasl - Type : ACT_GATHER_INFO
2008-12-21 Name : The remote Fedora host is missing a security update.
File : fedora_2008-11586.nasl - Type : ACT_GATHER_INFO
2008-12-21 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2008-11551.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-1037.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1114.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_20019.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_305.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1036.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1037.nasl - Type : ACT_GATHER_INFO