10 - SUN-266148

Executive Summary

Summary
Title	Sun Alert 266148 Multiple Security Vulnerabilities in Firefox Versions Prior to 3.5.2 May Allow Execution of Arbitrary Code or Application Crash

Informations
Name	SUN-266148	First vendor Publication	2009-08-21
Vendor	Sun	Last vendor Modification	2009-08-21
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: OpenSolaris

Multiple security vulnerabilities with varying impacts affect Firefox (see firefox(1)) versions prior to 3.5.2 as shipped with OpenSolaris. These vulnerabilities may allow an unprivileged remote user to execute arbitrary code on the system where Firefox is being run or to crash the Firefox application which is a type of Denial of Service (DoS).

The following URL provides additional details about the vulnerabilities addressed in Firefox versions 3.5.1 and 3.5.2:

http://www.mozilla.org/security/known-vulnerabilities/firefox35.html

The following Mozilla advisories describe the vulnerabilities:

MFSA 2009-35 at http://www.mozilla.org/security/announce/2009/mfsa2009-35.html
MFSA 2009-38 at http://www.mozilla.org/security/announce/2009/mfsa2009-38.html
MFSA 2009-41 at http://www.mozilla.org/security/announce/2009/mfsa2009-41.html
MFSA 2009-44 at http://www.mozilla.org/security/announce/2009/mfsa2009-44.html
MFSA 2009-45 at http://www.mozilla.org/security/announce/2009/mfsa2009-45.html
MFSA 2009-46 at http://www.mozilla.org/security/announce/2009/mfsa2009-46.html

The following are the CVE identifiers that pertain to this security issue:

CVE-2009-2467 at http://www.security-database.com/detail.php?cve=CVE-2009-2467
CVE-2009-2470 at http://www.security-database.com/detail.php?cve=CVE-2009-2470
CVE-2009-2477 at http://www.security-database.com/detail.php?cve=CVE-2009-2477
CVE-2009-2654 at http://www.security-database.com/detail.php?cve=CVE-2009-2654

State: Resolved

First released: 21-Aug-2009

Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_266148_multiple_security

CWE : Common Weakness Enumeration

%	Id	Name
29 %	CWE-399	Resource Management Errors
29 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
29 %	CWE-20	Improper Input Validation
14 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10197

Oval ID:	oval:org.mitre.oval:def:10197
Title:	Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply.
Description:	Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2470	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.9-0.40.el3 AND seamonkey-js-debugger is earlier than 0:1.0.9-0.40.el3 AND seamonkey-nss-devel is earlier than 0:1.0.9-0.40.el3 AND seamonkey is earlier than 0:1.0.9-0.40.el3 AND seamonkey-nspr-devel is earlier than 0:1.0.9-0.40.el3 AND seamonkey-mail is earlier than 0:1.0.9-0.40.el3 AND seamonkey-chat is earlier than 0:1.0.9-0.40.el3 AND seamonkey-devel is earlier than 0:1.0.9-0.40.el3 AND seamonkey-dom-inspector is earlier than 0:1.0.9-0.40.el3 AND seamonkey-nss is earlier than 0:1.0.9-0.40.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section seamonkey-js-debugger is earlier than 0:1.0.9-45.el4_8 AND thunderbird is earlier than 0:1.5.0.12-25.el4 AND seamonkey is earlier than 0:1.0.9-45.el4_8 AND firefox is earlier than 0:3.0.12-1.el4 AND seamonkey-mail is earlier than 0:1.0.9-45.el4_8 AND seamonkey-chat is earlier than 0:1.0.9-45.el4_8 AND seamonkey-devel is earlier than 0:1.0.9-45.el4_8 AND seamonkey-dom-inspector is earlier than 0:1.0.9-45.el4_8 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.12-1.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.12-1.el5_3 AND firefox is earlier than 0:3.0.12-1.el5_3 AND thunderbird is earlier than 0:2.0.0.24-2.el5_4 AND xulrunner is earlier than 0:1.9.0.12-1.el5_3

Definition Id: oval:org.mitre.oval:def:10473

Oval ID:	oval:org.mitre.oval:def:10473
Title:	Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object.
Description:	Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2467	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND firefox is earlier than 0:3.0.12-1.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.12-1.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.12-1.el5_3 AND firefox is earlier than 0:3.0.12-1.el5_3 AND xulrunner is earlier than 0:1.9.0.12-1.el5_3

Definition Id: oval:org.mitre.oval:def:13678

Oval ID:	oval:org.mitre.oval:def:13678
Title:	DSA-1873-1 xulrunner -- programming error
Description:	Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid URLs could be used for spoofing the location bar and the SSL certificate status of a web page. Xulrunner is no longer supported for the old stable distribution. For the stable distribution, this problem has been fixed in version 1.9.0.13-0lenny1. For the unstable distribution, this problem has been fixed in version 1.9.0.13-1. We recommend that you upgrade your xulrunner packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1873-1 CVE-2009-2654	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	xulrunner
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Architecture section Architecture independent section Installed architecture is all AND libmozillainterfaces-java DPKG is earlier than 1.9.0.13-0lenny1 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmozjs-dev DPKG is earlier than 1.9.0.13-0lenny1 AND spidermonkey-bin DPKG is earlier than 1.9.0.13-0lenny1 AND xulrunner-1.9-gnome-support DPKG is earlier than 1.9.0.13-0lenny1 AND xulrunner-1.9 DPKG is earlier than 1.9.0.13-0lenny1 AND libmozjs1d-dbg DPKG is earlier than 1.9.0.13-0lenny1 AND libmozjs1d DPKG is earlier than 1.9.0.13-0lenny1 AND python-xpcom DPKG is earlier than 1.9.0.13-0lenny1 AND xulrunner-1.9-dbg DPKG is earlier than 1.9.0.13-0lenny1 AND xulrunner-dev DPKG is earlier than 1.9.0.13-0lenny1

Definition Id: oval:org.mitre.oval:def:13717

Oval ID:	oval:org.mitre.oval:def:13717
Title:	USN-811-1 -- firefox-3.0, xulrunner-1.9 vulnerability
Description:	Juan Pablo Lopez Yacubian discovered that Firefox did not properly display invalid URLs. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. Furthermore, if the malicious website had a valid SSL certificate, Firefox would display the spoofed page as trusted.
Family:	unix	Class:	patch
Reference(s):	USN-811-1 CVE-2009-2654	Version:	5
Platform(s):	Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04	Product(s):	firefox-3.0 xulrunner-1.9
Definition Synopsis:
Release section Ubuntu 8.10 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section abrowser DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-granparadiso-dev DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-granparadiso-dom-inspector DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-gnome-support DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-dev DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-granparadiso DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-trunk-gnome-support DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-trunk-dom-inspector DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND xulrunner-1.9-venkman DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-granparadiso-gnome-support DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-trunk-venkman DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-3.0-dom-inspector DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND xulrunner-1.9-dom-inspector DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-trunk DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-3.0-venkman DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-libthai DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-trunk-dev DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-dom-inspector DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section firefox-3.0 DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND xulrunner-1.9-dev DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-3.0-branding DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND xulrunner-1.9-gnome-support DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.8.10.1 AND xulrunner-1.9 DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-3.0-gnome-support DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND abrowser-3.0-branding DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND firefox-3.0-dev DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.10.1 AND xulrunner-dev DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.8.10.1 OR Release section Ubuntu 8.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section firefox-trunk DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-granparadiso-dev DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-granparadiso-dom-inspector DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-gnome-support DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-dev DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-granparadiso DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-trunk-gnome-support DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-trunk-dom-inspector DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND xulrunner-1.9-venkman DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-granparadiso-gnome-support DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-trunk-venkman DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-3.0-dom-inspector DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND xulrunner-1.9-dom-inspector DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-3.0-venkman DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-libthai DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-trunk-dev DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-dom-inspector DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 OR Architecture depended section Supported architectures section Installed architecture is powerpc AND Installed architecture is amd64 AND Installed architecture is lpia AND Installed architecture is i386 AND Packages section firefox-3.0 DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND xulrunner-1.9-dev DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.8.04.1 AND xulrunner-1.9-gnome-support DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.8.04.1 AND xulrunner-1.9 DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-3.0-gnome-support DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 AND firefox-3.0-dev DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.8.04.1 OR Release section Ubuntu 9.04 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section abrowser DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-granparadiso-dev DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-granparadiso-dom-inspector DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-gnome-support DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-dev DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-granparadiso DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-trunk-gnome-support DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-trunk-dom-inspector DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND xulrunner-1.9-venkman DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-granparadiso-gnome-support DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-trunk-venkman DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-3.0-dom-inspector DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND xulrunner-1.9-dom-inspector DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-trunk DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-3.0-venkman DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-libthai DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-trunk-dev DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-dom-inspector DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 OR Architecture depended section Supported architectures section Installed architecture is amd64 AND Installed architecture is i386 AND Installed architecture is powerpc AND Installed architecture is sparc AND Installed architecture is lpia AND Packages section firefox-3.0 DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND xulrunner-1.9-dev DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-3.0-branding DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND xulrunner-1.9-gnome-support DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.9.04.1 AND xulrunner-1.9 DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-3.0-gnome-support DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND abrowser-3.0-branding DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND firefox-3.0-dev DPKG is earlier than 3.0.13+nobinonly-0ubuntu0.9.04.1 AND xulrunner-dev DPKG is earlier than 1.9.0.13+nobinonly-0ubuntu0.9.04.1

Definition Id: oval:org.mitre.oval:def:22634

Oval ID:	oval:org.mitre.oval:def:22634
Title:	ELSA-2009:1219: libvorbis security update (Important)
Description:	libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1219-01 CVE-2009-2663	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	libvorbis
Definition Synopsis:
Oracle Linux 5.x rpm test libvorbis-devel is earlier than 1:1.1.2-3.el5_3.3 AND libvorbis is earlier than 1:1.1.2-3.el5_3.3

Definition Id: oval:org.mitre.oval:def:22806

Oval ID:	oval:org.mitre.oval:def:22806
Title:	ELSA-2009:1162: firefox security update (Critical)
Description:	The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1162-01 CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2470 CVE-2009-2471 CVE-2009-2472 CVE-2009-2664	Version:	49
Platform(s):	Oracle Linux 5	Product(s):	firefox xulrunner
Definition Synopsis:
Oracle Linux 5.x rpm test xulrunner-devel-unstable is earlier than 0:1.9.0.12-1.el5_3 AND xulrunner is earlier than 0:1.9.0.12-1.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.12-1.el5_3 AND firefox is earlier than 0:3.0.12-1.el5_3

Definition Id: oval:org.mitre.oval:def:29188

Oval ID:	oval:org.mitre.oval:def:29188
Title:	RHSA-2009:1162 -- firefox security update (Critical)
Description:	Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:1162 CESA-2009:1162-CentOS 5 CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2470 CVE-2009-2471 CVE-2009-2472 CVE-2009-2664	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5	Product(s):	firefox xulrunner
Definition Synopsis:
Red Hat Enterprise Linux 5 release section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages match section xulrunner-devel is earlier than 0:1.9.0.12-1.el5_3 AND xulrunner-devel-unstable is earlier than 0:1.9.0.12-1.el5_3 AND firefox is earlier than 0:3.0.12-1.el5_3 AND xulrunner is earlier than 0:1.9.0.12-1.el5_3 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 AND firefox is earlier than 0:3.0.12-1.el4 AND CentOS Linux 5 release section The operating system installed on the system is CentOS Linux 5.x Packages match section firefox is earlier than 0:3.0.12-1.el5.centos AND xulrunner is earlier than 0:1.9.0.12-1.el5 AND xulrunner-devel is earlier than 0:1.9.0.12-1.el5 AND xulrunner-devel-unstable is earlier than 0:1.9.0.12-1.el5

Definition Id: oval:org.mitre.oval:def:29217

Oval ID:	oval:org.mitre.oval:def:29217
Title:	RHSA-2009:1219 -- libvorbis security update (Important)
Description:	Updated libvorbis packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format.
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:1219 CESA-2009:1219-CentOS 5 CESA-2009:1219-CentOS 3 CVE-2009-2663	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 5 CentOS Linux 3	Product(s):	libvorbis
Definition Synopsis:
Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section libvorbis-devel is earlier than 1:1.1.2-3.el5_3.3 AND libvorbis is earlier than 1:1.1.2-3.el5_3.3 AND Red Hat Enterprise Linux 3 release section The operating system installed on the system is Red Hat Enterprise Linux 3 Packages match section libvorbis is earlier than 1:1.0-11.el3 AND libvorbis-devel is earlier than 1:1.0-11.el3 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section libvorbis is earlier than 1:1.1.0-3.el4_8.2 AND libvorbis-devel is earlier than 1:1.1.0-3.el4_8.2

Definition Id: oval:org.mitre.oval:def:8148

Oval ID:	oval:org.mitre.oval:def:8148
Title:	DSA-1873 xulrunner -- programming error
Description:	Juan Pablo Lopez Yacubian discovered that incorrect handling of invalid URLs could be used for spoofing the location bar and the SSL certificate status of a web page. Xulrunner is no longer supported for the old stable distribution (etch).
Family:	unix	Class:	patch
Reference(s):	DSA-1873 CVE-2009-2654	Version:	3
Platform(s):	Debian GNU/Linux 5.0	Product(s):	xulrunner
Definition Synopsis:
Debian GNU/Linux 5.0 is installed Architecture section Architecture independent section Installed architecture is all AND libmozillainterfaces-java is earlier than 1.9.0.13-0lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libmozjs-dev is earlier than 1.9.0.13-0lenny1 AND spidermonkey-bin is earlier than 1.9.0.13-0lenny1 AND xulrunner-1.9-gnome-support is earlier than 1.9.0.13-0lenny1 AND xulrunner-1.9 is earlier than 1.9.0.13-0lenny1 AND libmozjs1d-dbg is earlier than 1.9.0.13-0lenny1 AND libmozjs1d is earlier than 1.9.0.13-0lenny1 AND python-xpcom is earlier than 1.9.0.13-0lenny1 AND xulrunner-1.9-dbg is earlier than 1.9.0.13-0lenny1 AND xulrunner-dev is earlier than 1.9.0.13-0lenny1

Definition Id: oval:org.mitre.oval:def:9506

Oval ID:	oval:org.mitre.oval:def:9506
Title:	libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.
Description:	libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2663	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section libvorbis-devel is earlier than 1:1.0-11.el3 AND libvorbis is earlier than 1:1.0-11.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section libvorbis-devel is earlier than 1:1.1.0-3.el4_8.2 AND libvorbis is earlier than 1:1.1.0-3.el4_8.2 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section libvorbis-devel is earlier than 1:1.1.2-3.el5_3.3 AND libvorbis is earlier than 1:1.1.2-3.el5_3.3

Definition Id: oval:org.mitre.oval:def:9686

Oval ID:	oval:org.mitre.oval:def:9686
Title:	Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
Description:	Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2654	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section seamonkey-nspr is earlier than 0:1.0.9-0.45.el3 AND seamonkey-js-debugger is earlier than 0:1.0.9-0.45.el3 AND seamonkey-nss-devel is earlier than 0:1.0.9-0.45.el3 AND seamonkey is earlier than 0:1.0.9-0.45.el3 AND seamonkey-nspr-devel is earlier than 0:1.0.9-0.45.el3 AND seamonkey-mail is earlier than 0:1.0.9-0.45.el3 AND seamonkey-chat is earlier than 0:1.0.9-0.45.el3 AND seamonkey-devel is earlier than 0:1.0.9-0.45.el3 AND seamonkey-dom-inspector is earlier than 0:1.0.9-0.45.el3 AND seamonkey-nss is earlier than 0:1.0.9-0.45.el3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section nspr is earlier than 0:4.7.5-1.el4_8 AND seamonkey-js-debugger is earlier than 0:1.0.9-48.el4_8 AND nspr-devel is earlier than 0:4.7.5-1.el4_8 AND seamonkey is earlier than 0:1.0.9-48.el4_8 AND firefox is earlier than 0:3.0.14-1.el4 AND seamonkey-mail is earlier than 0:1.0.9-48.el4_8 AND seamonkey-chat is earlier than 0:1.0.9-48.el4_8 AND seamonkey-devel is earlier than 0:1.0.9-48.el4_8 AND seamonkey-dom-inspector is earlier than 0:1.0.9-48.el4_8 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.14-1.el5_4 AND xulrunner-devel is earlier than 0:1.9.0.14-1.el5_4 AND nspr is earlier than 0:4.7.5-1.el5_4 AND firefox is earlier than 0:3.0.14-1.el5_4 AND nspr-devel is earlier than 0:4.7.5-1.el5_4 AND xulrunner is earlier than 0:1.9.0.14-1.el5_4

Definition Id: oval:org.mitre.oval:def:9806

Oval ID:	oval:org.mitre.oval:def:9806
Title:	The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13.
Description:	The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-2664	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND firefox is earlier than 0:3.0.12-1.el4 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section xulrunner-devel-unstable is earlier than 0:1.9.0.12-1.el5_3 AND xulrunner-devel is earlier than 0:1.9.0.12-1.el5_3 AND firefox is earlier than 0:3.0.12-1.el5_3 AND xulrunner is earlier than 0:1.9.0.12-1.el5_3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mozilla Firefox cpe:2.3:a:mozilla:firefox:3.5.2:::::::* cpe:2.3:a:mozilla:firefox:3.5.1:::::::* cpe:2.3:a:mozilla:firefox:3.5.1:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.5.1:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.5:::::::* cpe:2.3:a:mozilla:firefox:3.5:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.5:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.2:beta2:::::: cpe:2.3:a:mozilla:firefox:3.2:beta3:::::: cpe:2.3:a:mozilla:firefox:3.2:beta1:::::: cpe:2.3:a:mozilla:firefox:3.1:beta1:::::: cpe:2.3:a:mozilla:firefox:3.0beta5:::::::* cpe:2.3:a:mozilla:firefox:3.0.9:::::::* cpe:2.3:a:mozilla:firefox:3.0.9:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0.9:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.0.8:::::::* cpe:2.3:a:mozilla:firefox:3.0.8:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0.8:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.0.7:::::::* cpe:2.3:a:mozilla:firefox:3.0.7:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0.7:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.0.6:::::::* cpe:2.3:a:mozilla:firefox:3.0.6:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0.6:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.0.5:::::::* cpe:2.3:a:mozilla:firefox:3.0.5:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0.5:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.0.4:::::::* cpe:2.3:a:mozilla:firefox:3.0.4:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0.4:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.0.3:::::::* cpe:2.3:a:mozilla:firefox:3.0.3:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0.3:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.0.2:::::::* cpe:2.3:a:mozilla:firefox:3.0.2:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0.2:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.0.19:::::::* cpe:2.3:a:mozilla:firefox:3.0.18:::::::* cpe:2.3:a:mozilla:firefox:3.0.17:::::::* cpe:2.3:a:mozilla:firefox:3.0.16:::::::* cpe:2.3:a:mozilla:firefox:3.0.15:::::::* cpe:2.3:a:mozilla:firefox:3.0.14:::::::* cpe:2.3:a:mozilla:firefox:3.0.13:::::::* cpe:2.3:a:mozilla:firefox:3.0.13:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0.13:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.0.12:::::::* cpe:2.3:a:mozilla:firefox:3.0.12:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0.12:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.0.11:::::::* cpe:2.3:a:mozilla:firefox:3.0.11:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0.11:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.0.10:::::::* cpe:2.3:a:mozilla:firefox:3.0.10:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0.10:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.0.1:::::::* cpe:2.3:a:mozilla:firefox:3.0.1:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0.1:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:3.0:-:::::: cpe:2.3:a:mozilla:firefox:3.0:alpha:::::: cpe:2.3:a:mozilla:firefox:3.0:beta5:::::: cpe:2.3:a:mozilla:firefox:3.0:beta2:::::: cpe:2.3:a:mozilla:firefox:3.0:-:linux:::::* cpe:2.3:a:mozilla:firefox:3.0:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.9:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.9:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.9:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.8:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.8:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.8:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.7:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.7:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.7:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.6:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.6:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.5:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.5:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.4:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.4:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.3:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.3:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.21:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.20:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.20:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.20:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.2:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.2:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.19:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.19:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.19:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.18:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.18:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.18:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.17:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.17:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.17:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.16:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.16:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.16:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.15:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.15:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.15:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.14:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.14:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.14:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.13:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.13:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.13:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.12:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.12:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.12:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.11:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.11:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.11:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.10:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.10:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.10:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.1:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.1:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0_8:::::::* cpe:2.3:a:mozilla:firefox:2.0_.9:::::::* cpe:2.3:a:mozilla:firefox:2.0_.7:::::::* cpe:2.3:a:mozilla:firefox:2.0_.6:::::::* cpe:2.3:a:mozilla:firefox:2.0_.5:::::::* cpe:2.3:a:mozilla:firefox:2.0_.4:::::::* cpe:2.3:a:mozilla:firefox:2.0_.10:::::::* cpe:2.3:a:mozilla:firefox:2.0_.1:::::::* cpe:2.3:a:mozilla:firefox:2.0:::::::* cpe:2.3:a:mozilla:firefox:2.0:beta1:::::: cpe:2.3:a:mozilla:firefox:2.0:beta_1:::::: cpe:2.3:a:mozilla:firefox:2.0:rc3:::::: cpe:2.3:a:mozilla:firefox:2.0:rc2:::::: cpe:2.3:a:mozilla:firefox:2.0:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:1.8:::::::* cpe:2.3:a:mozilla:firefox:1.5.8:::::::* cpe:2.3:a:mozilla:firefox:1.5.7:::::::* cpe:2.3:a:mozilla:firefox:1.5.6:::::::* cpe:2.3:a:mozilla:firefox:1.5.5:::::::* cpe:2.3:a:mozilla:firefox:1.5.4:::::::* cpe:2.3:a:mozilla:firefox:1.5.3:::::::* cpe:2.3:a:mozilla:firefox:1.5.2:::::::* cpe:2.3:a:mozilla:firefox:1.5.1:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::* cpe:2.3:a:mozilla:firefox:1.5:-:::::: cpe:2.3:a:mozilla:firefox:1.5:beta2:::::: cpe:2.3:a:mozilla:firefox:1.5:beta1:::::: cpe:2.3:a:mozilla:firefox:1.4.1:::::::* cpe:2.3:a:mozilla:firefox:1.0.8:::::::* cpe:2.3:a:mozilla:firefox:1.0.7:::::::* cpe:2.3:a:mozilla:firefox:1.0.6:::::::* cpe:2.3:a:mozilla:firefox:1.0.6::linux::::: cpe:2.3:a:mozilla:firefox:1.0.5:::::::* cpe:2.3:a:mozilla:firefox:1.0.4:::::::* cpe:2.3:a:mozilla:firefox:1.0.3:::::::* cpe:2.3:a:mozilla:firefox:1.0.2:::::::* cpe:2.3:a:mozilla:firefox:1.0.1:::::::* cpe:2.3:a:mozilla:firefox:1.0:preview_release:::::: cpe:2.3:a:mozilla:firefox:1.0:-:::::: cpe:2.3:a:mozilla:firefox:0.9.3:::::::* cpe:2.3:a:mozilla:firefox:0.9.2:::::::* cpe:2.3:a:mozilla:firefox:0.9.1:::::::* cpe:2.3:a:mozilla:firefox:0.9_rc:::::::* cpe:2.3:a:mozilla:firefox:0.9:rc:::::: cpe:2.3:a:mozilla:firefox:0.9:::::::* cpe:2.3:a:mozilla:firefox:0.8:::::::* cpe:2.3:a:mozilla:firefox:0.7.1:::::::* cpe:2.3:a:mozilla:firefox:0.7:::::::* cpe:2.3:a:mozilla:firefox:0.6.1:::::::* cpe:2.3:a:mozilla:firefox:0.6:::::::* cpe:2.3:a:mozilla:firefox:0.5:::::::* cpe:2.3:a:mozilla:firefox:0.4:::::::* cpe:2.3:a:mozilla:firefox:0.3:::::::* cpe:2.3:a:mozilla:firefox:0.2:::::::* cpe:2.3:a:mozilla:firefox:0.10.1:::::::* cpe:2.3:a:mozilla:firefox:0.10:::::::* cpe:2.3:a:mozilla:firefox:0.1:::::::* cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:firefox:::::::x86:* cpe:2.3:a:mozilla:firefox::::::x86::* cpe:2.3:a:mozilla:firefox::::::iphone_os::* cpe:2.3:a:mozilla:firefox::::::-::* cpe:2.3:a:mozilla:firefox::::::android::* cpe:2.3:a:mozilla:firefox:::::android:::* cpe:2.3:a:mozilla:firefox:-:::::::* cpe:2.3:a:mozilla:firefox:-:::::iphone_os::	202

SAINT Exploits

Description	Link
Mozilla Firefox JIT Escape Function Memory Corruption	More info here

OpenVAS Exploits

Date	Description
2011-08-09	Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386 File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl
2011-08-09	Name : CentOS Update for seamonkey CESA-2009:1432 centos3 i386 File : nvt/gb_CESA-2009_1432_seamonkey_centos3_i386.nasl
2011-08-09	Name : CentOS Update for seamonkey CESA-2009:1431 centos4 i386 File : nvt/gb_CESA-2009_1431_seamonkey_centos4_i386.nasl
2011-08-09	Name : CentOS Update for firefox CESA-2009:1430 centos5 i386 File : nvt/gb_CESA-2009_1430_firefox_centos5_i386.nasl
2011-08-09	Name : CentOS Update for firefox CESA-2009:1430 centos4 i386 File : nvt/gb_CESA-2009_1430_firefox_centos4_i386.nasl
2011-08-09	Name : CentOS Update for libvorbis CESA-2009:1219 centos5 i386 File : nvt/gb_CESA-2009_1219_libvorbis_centos5_i386.nasl
2011-08-09	Name : CentOS Update for libvorbis CESA-2009:1219 centos3 i386 File : nvt/gb_CESA-2009_1219_libvorbis_centos3_i386.nasl
2011-08-09	Name : CentOS Update for firefox CESA-2009:1162 centos5 i386 File : nvt/gb_CESA-2009_1162_firefox_centos5_i386.nasl
2010-03-22	Name : RedHat Update for thunderbird RHSA-2010:0154-02 File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl
2010-03-22	Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386 File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl
2009-12-30	Name : Mandriva Security Advisory MDVSA-2009:339 (firefox) File : nvt/mdksa_2009_339.nasl
2009-12-03	Name : FreeBSD Ports: libvorbis File : nvt/freebsd_libvorbis1.nasl
2009-12-03	Name : Debian Security Advisory DSA 1939-1 (libvorbis) File : nvt/deb_1939_1.nasl
2009-11-17	Name : Fedora Core 11 FEDORA-2009-11243 (libvorbis) File : nvt/fcore_2009_11243.nasl
2009-11-17	Name : Fedora Core 10 FEDORA-2009-11169 (libvorbis) File : nvt/fcore_2009_11169.nasl
2009-10-27	Name : SuSE Security Advisory SUSE-SA:2009:048 (MozillaFirefox) File : nvt/suse_sa_2009_048.nasl
2009-10-13	Name : SLES10: Security update for Mozilla Firefox File : nvt/sles10_MozillaFirefox2.nasl
2009-10-11	Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox4.nasl
2009-10-11	Name : SLES11: Security update for Mozilla Firefox File : nvt/sles11_MozillaFirefox5.nasl
2009-09-15	Name : CentOS Security Advisory CESA-2009:1432 (seamonkey) File : nvt/ovcesa2009_1432.nasl
2009-09-15	Name : CentOS Security Advisory CESA-2009:1431 (seamonkey) File : nvt/ovcesa2009_1431.nasl
2009-09-15	Name : CentOS Security Advisory CESA-2009:1430 (seamonkey) File : nvt/ovcesa2009_1430.nasl
2009-09-15	Name : RedHat Security Advisory RHSA-2009:1432 File : nvt/RHSA_2009_1432.nasl
2009-09-15	Name : RedHat Security Advisory RHSA-2009:1431 File : nvt/RHSA_2009_1431.nasl
2009-09-15	Name : RedHat Security Advisory RHSA-2009:1430 File : nvt/RHSA_2009_1430.nasl
2009-09-09	Name : Gentoo Security Advisory GLSA 200909-02 (libvorbis) File : nvt/glsa_200909_02.nasl
2009-09-02	Name : CentOS Security Advisory CESA-2009:1219 (libvorbis) File : nvt/ovcesa2009_1219.nasl
2009-09-02	Name : Ubuntu USN-825-1 (libvorbis) File : nvt/ubuntu_825_1.nasl
2009-09-02	Name : RedHat Security Advisory RHSA-2009:1219 File : nvt/RHSA_2009_1219.nasl
2009-09-02	Name : Debian Security Advisory DSA 1873-1 (xulrunner) File : nvt/deb_1873_1.nasl
2009-08-17	Name : Mandrake Security Advisory MDVSA-2009:198 (firefox) File : nvt/mdksa_2009_198.nasl
2009-08-17	Name : Fedora Core 11 FEDORA-2009-8279 (xulrunner) File : nvt/fcore_2009_8279.nasl
2009-08-17	Name : Fedora Core 10 FEDORA-2009-8288 (perl-Gtk2-MozEmbed) File : nvt/fcore_2009_8288.nasl
2009-08-17	Name : Fedora Core 10 FEDORA-2009-8445 (libvorbis) File : nvt/fcore_2009_8445.nasl
2009-08-17	Name : FreeBSD Ports: firefox, linux-firefox-devel File : nvt/freebsd_firefox40.nasl
2009-08-17	Name : Mandrake Security Advisory MDVSA-2009:185 (firefox) File : nvt/mdksa_2009_185.nasl
2009-08-17	Name : Mandrake Security Advisory MDVSA-2009:182 (firefox) File : nvt/mdksa_2009_182.nasl
2009-08-17	Name : Ubuntu USN-811-1 (xulrunner-1.9) File : nvt/ubuntu_811_1.nasl
2009-08-07	Name : Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 (Linux) File : nvt/gb_firefox_chrome_priv_esc_vuln_aug09_lin.nasl
2009-08-07	Name : Mozilla Firefox SOCKS5 Proxy Server DoS Vulnerability Aug-09 (Win) File : nvt/gb_firefox_socks5_proxy_dos_vuln_aug09_win.nasl
2009-08-07	Name : Mozilla Firefox SOCKS5 Proxy Server DoS Vulnerability Aug-09 (Linux) File : nvt/gb_firefox_socks5_proxy_dos_vuln_aug09_lin.nasl
2009-08-07	Name : Mozilla Firefox Multiple Memory Corruption Vulnerabilities Aug-09 (Win) File : nvt/gb_firefox_mult_mem_crptn_vuln_aug09_win.nasl
2009-08-07	Name : Mozilla Firefox Multiple Memory Corruption Vulnerabilities Aug-09 (Linux) File : nvt/gb_firefox_mult_mem_crptn_vuln_aug09_lin.nasl
2009-08-07	Name : Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 (Win) File : nvt/gb_firefox_chrome_priv_esc_vuln_aug09_win.nasl
2009-07-29	Name : RedHat Security Advisory RHSA-2009:1162 File : nvt/RHSA_2009_1162.nasl
2009-07-29	Name : Ubuntu USN-805-1 (ruby1.9) File : nvt/ubuntu_805_1.nasl
2009-07-29	Name : Ubuntu USN-798-1 (xulrunner-1.9) File : nvt/ubuntu_798_1.nasl
2009-07-29	Name : Debian Security Advisory DSA 1840-1 (xulrunner) File : nvt/deb_1840_1.nasl
2009-07-29	Name : SuSE Security Advisory SUSE-SA:2009:039 (MozillaFirefox) File : nvt/suse_sa_2009_039.nasl
2009-07-29	Name : Fedora Core 11 FEDORA-2009-7898 (firefox) File : nvt/fcore_2009_7898.nasl
2009-07-29	Name : Fedora Core 10 FEDORA-2009-7961 (blam) File : nvt/fcore_2009_7961.nasl
2009-07-29	Name : FreeBSD Ports: firefox35 File : nvt/freebsd_firefox350.nasl
2009-07-29	Name : CentOS Security Advisory CESA-2009:1162 (firefox) File : nvt/ovcesa2009_1162.nasl
2009-07-23	Name : Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Win) File : nvt/secpod_firefox_code_exec_vuln_jul09_win.nasl
2009-07-23	Name : Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Linux) File : nvt/secpod_firefox_code_exec_vuln_jul09_lin.nasl
2009-07-17	Name : Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Win) File : nvt/gb_firefox_js_compiler_code_exec_vuln_win.nasl
2009-07-17	Name : Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Linux) File : nvt/gb_firefox_js_compiler_code_exec_vuln_lin.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
56722	libvorbis vorbis_codebook.c vorbis_book_decodevv_add Function Memory Corruption
56721	Mozilla Firefox Browser Engine /js/src/jstracer.cpp TraceRecorder::snapshot F...
56719	Mozilla Firefox JavaScript Engine /js/src/jsinterp.c JSFUN_HEAVYWEIGHT Memory...
56718	Mozilla Firefox content/base/src/nsDocument.cpp Add-on Handling Cached Securi...
56717	Mozilla Firefox window.open() Invalid URL Document Content / SSL Status Spoofing
56716	Mozilla Firefox SOCKS5 Proxy DNS Response Handling Data Corruption Issue
56227	Mozilla Firefox Slow Script Dialog Navigation Flash Unloading Arbitrary Code ...
55846	Mozilla Firefox Just-in-time (JIT) JavaScript Compiler js/src/jstracer.cpp fo... A memory corruption flaw exists in Firefox. The Just-in-Time (JIT) compiler can enter a corrupt state following native function calls resulting in memory corruption. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date	Description
2014-01-10	Possible generic javascript heap spray attempt RuleID : 20137 - Revision : 12 - Type : INDICATOR-OBFUSCATION
2014-01-10	Possible generic javascript heap spray attempt RuleID : 18168 - Revision : 14 - Type : INDICATOR-SHELLCODE
2014-01-10	Possible generic javascript heap spray attempt RuleID : 18167 - Revision : 14 - Type : INDICATOR-SHELLCODE
2014-01-10	Mozilla Firefox oversized SOCKS5 DNS reply memory corruption attempt RuleID : 16612 - Revision : 5 - Type : BROWSER-FIREFOX
2014-01-10	Mozilla Firefox JIT escape function memory corruption attempt RuleID : 15997 - Revision : 11 - Type : BROWSER-FIREFOX
2014-01-10	Mozilla Firefox location spoofing attempt via invalid window.open characters RuleID : 15873 - Revision : 12 - Type : BROWSER-FIREFOX
2014-01-10	Possible generic javascript heap spray attempt RuleID : 15698 - Revision : 15 - Type : INDICATOR-SHELLCODE
2014-01-10	Mozilla Firefox 3.5 TraceMonkey JavaScript engine uninitialized memory corrup... RuleID : 15696 - Revision : 4 - Type : SPECIFIC-THREATS

Nessus® Vulnerability Scanner

Date	Description
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1162.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1163.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1219.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1431.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1432.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2013-01-08	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-11-05	Name : The remote Scientific Linux host is missing a security update. File : sl_20090722_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090818_libvorbis_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20090723_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20090723_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090909_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090909_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing a security update. File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-12-02	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libvorbis-100528.nasl - Type : ACT_GATHER_INFO
2010-10-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libvorbis-7057.nasl - Type : ACT_GATHER_INFO
2010-07-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-338.nasl - Type : ACT_GATHER_INFO
2010-07-05	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libvorbis-100528.nasl - Type : ACT_GATHER_INFO
2010-07-05	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libvorbis-100528.nasl - Type : ACT_GATHER_INFO
2010-07-05	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12620.nasl - Type : ACT_GATHER_INFO
2010-07-05	Name : The remote openSUSE host is missing a security update. File : suse_11_2_libvorbis-100528.nasl - Type : ACT_GATHER_INFO
2010-05-11	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-04-14	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO
2010-03-29	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2010-03-19	Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1939.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1840.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1873.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1162.nasl - Type : ACT_GATHER_INFO
2009-12-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-339.nasl - Type : ACT_GATHER_INFO
2009-10-06	Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-6495.nasl - Type : ACT_GATHER_INFO
2009-10-06	Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-6379.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6433.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090812.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090724.nasl - Type : ACT_GATHER_INFO
2009-09-11	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO
2009-09-11	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO
2009-09-11	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2009-09-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO
2009-09-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO
2009-09-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO
2009-09-08	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200909-02.nasl - Type : ACT_GATHER_INFO
2009-08-25	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-825-1.nasl - Type : ACT_GATHER_INFO
2009-08-20	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1219.nasl - Type : ACT_GATHER_INFO
2009-08-20	Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090812.nasl - Type : ACT_GATHER_INFO
2009-08-20	Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090812.nasl - Type : ACT_GATHER_INFO
2009-08-20	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1219.nasl - Type : ACT_GATHER_INFO
2009-08-11	Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-8445.nasl - Type : ACT_GATHER_INFO
2009-08-10	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-198.nasl - Type : ACT_GATHER_INFO
2009-08-05	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_49e8f2ee814711dea9940030843d3802.nasl - Type : ACT_GATHER_INFO
2009-08-05	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-811-1.nasl - Type : ACT_GATHER_INFO
2009-08-05	Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-8288.nasl - Type : ACT_GATHER_INFO
2009-08-05	Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-8279.nasl - Type : ACT_GATHER_INFO
2009-08-04	Name : The remote Windows host contains a web browser that is affected by multiple f... File : mozilla_firefox_3013.nasl - Type : ACT_GATHER_INFO
2009-08-04	Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_352.nasl - Type : ACT_GATHER_INFO
2009-07-31	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-182.nasl - Type : ACT_GATHER_INFO
2009-07-28	Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090724.nasl - Type : ACT_GATHER_INFO
2009-07-28	Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090724.nasl - Type : ACT_GATHER_INFO
2009-07-24	Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-7961.nasl - Type : ACT_GATHER_INFO
2009-07-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-798-1.nasl - Type : ACT_GATHER_INFO
2009-07-23	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1163.nasl - Type : ACT_GATHER_INFO
2009-07-23	Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-7898.nasl - Type : ACT_GATHER_INFO
2009-07-22	Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3012.nasl - Type : ACT_GATHER_INFO
2009-07-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1162.nasl - Type : ACT_GATHER_INFO
2009-07-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1163.nasl - Type : ACT_GATHER_INFO
2009-07-20	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_c1ef9b3372a611de82ea0030843d3802.nasl - Type : ACT_GATHER_INFO
2009-07-17	Name : The remote Windows host contains a web browser that is affected by multiple f... File : mozilla_firefox_351.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	7
Oval ID(s)	12
CPE ID(s)	202
Saint Exploit(s)	1
osvdb(s)	8
Openvas Exploit(s)	57
Snort® Rule(s)	8
Nessus® Exploit(s)	69

	Related
10	CVE-2009-2665
10	CVE-2009-2662
10	CVE-2009-2467
9.3	CVE-2009-2663
9.3	CVE-2009-2477
5.8	CVE-2009-2654
5	CVE-2009-2664
5	CVE-2009-2470
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 8 more Alert(s)