Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title xulrunner-1.9.1 vulnerabilities
Informations
Name USN-1123-1 First vendor Publication 2011-04-30
Vendor Ubuntu Last vendor Modification 2011-04-30
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 9.10

Summary:

Multiple xulrunner-1.9.1 vulnerabilities

Software Description: - xulrunner-1.9.1: XUL + XPCOM application runner

Details:

A large number of security issues were discovered in the Gecko rendering engine. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10:
xulrunner-1.9.1 1.9.1.19+build2+nobinonly-0ubuntu0.9.10.1

After a standard system update you need to restart any applications which use Xulrunner to make all the necessary changes.

References:
CVE-2010-3776 CVE-2010-3778 CVE-2011-0053 CVE-2011-0062 CVE-2011-0051 CVE-2011-0055 CVE-2011-0054 CVE-2011-0056 CVE-2011-0057 CVE-2011-0058 CVE-2010-1585 CVE-2011-0059 CVE-2011-0069 CVE-2011-0070 CVE-2011-0080 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0072 CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 CVE-2011-0067 CVE-2011-0071 CVE-2011-1202

Package Information:
https://launchpad.net/ubuntu/+source/xulrunner-1.9.1/1.9.1.19+build2+nobinonly-0ubuntu0.9.10.1

Original Source

Url : http://www.ubuntu.com/usn/USN-1123-1

CWE : Common Weakness Enumeration

% Id Name
31 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25 % CWE-399 Resource Management Errors
25 % CWE-20 Improper Input Validation
6 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
6 % CWE-200 Information Exposure
6 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12389
 
Oval ID: oval:org.mitre.oval:def:12389
Title: Multiple unspecified vulnerabilities using unknown vectors in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7 and Mozilla SeaMonkey before 2.0.11
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3776
Version: 21
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12532
 
Oval ID: oval:org.mitre.oval:def:12532
Title: Remote code execution vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 through ParanoidFragmentSink protection mechanism
Description: The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.
Family: windows Class: vulnerability
Reference(s): CVE-2010-1585
Version: 21
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12622
 
Oval ID: oval:org.mitre.oval:def:12622
Title: Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Mozilla Thunderbird before 3.0.11 and SeaMonkey before 2.0.11
Description: Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3778
Version: 21
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Mozilla Firefox
Mozilla SeaMonkey
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12843
 
Oval ID: oval:org.mitre.oval:def:12843
Title: DSA-2180-1 iceape -- several
Description: Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSink was incomplete. CVE-2011-0051 Zach Hoffmann discovered that incorrect parsing of recursive eval calls could lead to attackers forcing acceptance of a confirmation dialogue. CVE-2011-0053 Crashes in the layout engine may lead to the execution of arbitrary code. CVE-2011-0054 Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. CVE-2010-0056 Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. CVE-2011-0055 "regenrecht" and Igor Bukanov discovered a use-after-free error in the JSON-Implementation, which could lead to the execution of arbitrary code. CVE-2011-0057 Daniel Kozlowski discovered that incorrect memory handling the web workers implementation could lead to the execution of arbitrary code. CVE-2011-0059 Peleus Uhley discovered a cross-site request forgery risk in the plugin code. The oldstable distribution is not affected. The iceape package only provides the XPCOM code.
Family: unix Class: patch
Reference(s): DSA-2180-1
CVE-2010-1585
CVE-2011-0051
CVE-2011-0053
CVE-2011-0054
CVE-2011-0055
CVE-2011-0056
CVE-2011-0057
CVE-2011-0059
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): iceape
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13327
 
Oval ID: oval:org.mitre.oval:def:13327
Title: USN-1123-1 -- xulrunner-1.9.1 vulnerabilities
Description: xulrunner-1.9.1: XUL + XPCOM application runner Multiple xulrunner-1.9.1 vulnerabilities
Family: unix Class: patch
Reference(s): USN-1123-1
CVE-2010-1585
CVE-2010-3776
CVE-2010-3778
CVE-2011-0051
CVE-2011-0053
CVE-2011-0054
CVE-2011-0055
CVE-2011-0056
CVE-2011-0057
CVE-2011-0058
CVE-2011-0059
CVE-2011-0062
CVE-2011-0065
CVE-2011-0066
CVE-2011-0067
CVE-2011-0069
CVE-2011-0070
CVE-2011-0071
CVE-2011-0072
CVE-2011-0073
CVE-2011-0074
CVE-2011-0075
CVE-2011-0077
CVE-2011-0078
CVE-2011-0080
CVE-2011-1202
Version: 5
Platform(s): Ubuntu 9.10
Product(s): xulrunner-1.9.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13434
 
Oval ID: oval:org.mitre.oval:def:13434
Title: USN-1121-1 -- firefox vulnerabilities
Description: firefox: Safe and easy web browser from Mozilla Multiple firefox vulnerabilities
Family: unix Class: patch
Reference(s): USN-1121-1
CVE-2011-0079
CVE-2011-0081
CVE-2011-0069
CVE-2011-0070
CVE-2011-1202
Version: 5
Platform(s): Ubuntu 11.04
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13679
 
Oval ID: oval:org.mitre.oval:def:13679
Title: USN-1049-2 -- firefox, firefox-{3.0,3.5}, xulrunner-1.9.2 vulnerabilities
Description: USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Zach Hoffman discovered that a recursive call to eval wrapped in a try/catch statement places the browser into a inconsistent state. An attacker could exploit this to force a user to accept any dialog. It was discovered that memory was used after being freed in a method used by JSON.stringify. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Daniel Kozlowski discovered that a JavaScript Worker kept a reference to memory after it was freed. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alex Miller discovered a buffer overflow in the browser rendering engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privlieges. Jordi Chancel discovered a buffer overlow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Peleus Uhley discovered a CSRF vulnerability in the plugin code related to 307 redirects. This could allow custom headers to be forwarded across origins
Family: unix Class: patch
Reference(s): USN-1049-2
CVE-2011-0053
CVE-2011-0062
CVE-2011-0051
CVE-2011-0055
CVE-2011-0054
CVE-2011-0056
CVE-2011-0057
CVE-2011-0058
CVE-2010-1585
CVE-2011-0061
CVE-2011-0059
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): firefox
firefox-3.0
firefox-3.5
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13720
 
Oval ID: oval:org.mitre.oval:def:13720
Title: USN-1049-1 -- firefox, firefox-{3.0,3.5}, xulrunner-1.9.2 vulnerabilities
Description: Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Zach Hoffman discovered that a recursive call to eval wrapped in a try/catch statement places the browser into a inconsistent state. An attacker could exploit this to force a user to accept any dialog. It was discovered that memory was used after being freed in a method used by JSON.stringify. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Christian Holler discovered multiple buffer overflows in the JavaScript engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Daniel Kozlowski discovered that a JavaScript Worker kept a reference to memory after it was freed. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Alex Miller discovered a buffer overflow in the browser rendering engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privlieges. Jordi Chancel discovered a buffer overlow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. Peleus Uhley discovered a CSRF vulnerability in the plugin code related to 307 redirects. This could allow custom headers to be forwarded across origins
Family: unix Class: patch
Reference(s): USN-1049-1
CVE-2011-0053
CVE-2011-0062
CVE-2011-0051
CVE-2011-0055
CVE-2011-0054
CVE-2011-0056
CVE-2011-0057
CVE-2011-0058
CVE-2010-1585
CVE-2011-0061
CVE-2011-0059
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): firefox
firefox-3.0
firefox-3.5
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13866
 
Oval ID: oval:org.mitre.oval:def:13866
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0080
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13970
 
Oval ID: oval:org.mitre.oval:def:13970
Title: Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.
Description: Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0066
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13991
 
Oval ID: oval:org.mitre.oval:def:13991
Title: USN-1122-1 -- thunderbird vulnerabilities
Description: thunderbird: mail/news client with RSS and integrated spam filter support Thunderbird could be made to run programs as your login if it opened specially crafted mail.
Family: unix Class: patch
Reference(s): USN-1122-1
CVE-2011-0081
CVE-2011-0069
CVE-2011-0070
CVE-2011-0080
CVE-2011-0074
CVE-2011-0075
CVE-2011-0077
CVE-2011-0078
CVE-2011-0072
CVE-2011-0065
CVE-2011-0066
CVE-2011-0073
CVE-2011-0067
CVE-2011-0071
CVE-2011-1202
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13996
 
Oval ID: oval:org.mitre.oval:def:13996
Title: USN-1112-1 -- firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities
Description: firefox: safe and easy web browser from Mozilla - xulrunner-1.9.2: XUL + XPCOM application runner - firefox-3.5: safe and easy web browser from Mozilla - firefox-3.0: safe and easy web browser from Mozilla Multiple vulnerabilities in Firefox and Xulrunner
Family: unix Class: patch
Reference(s): USN-1112-1
CVE-2011-0081
CVE-2011-0069
CVE-2011-0070
CVE-2011-0080
CVE-2011-0074
CVE-2011-0075
CVE-2011-0077
CVE-2011-0078
CVE-2011-0072
CVE-2011-0065
CVE-2011-0066
CVE-2011-0073
CVE-2011-0067
CVE-2011-0071
CVE-2011-1202
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.10
Ubuntu 9.10
Ubuntu 10.04
Product(s): firefox
firefox-3.0
firefox-3.5
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14013
 
Oval ID: oval:org.mitre.oval:def:14013
Title: Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue.
Description: Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0056
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14018
 
Oval ID: oval:org.mitre.oval:def:14018
Title: Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue.
Description: Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0054
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14020
 
Oval ID: oval:org.mitre.oval:def:14020
Title: Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
Description: Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
Family: windows Class: vulnerability
Reference(s): CVE-2011-0073
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14038
 
Oval ID: oval:org.mitre.oval:def:14038
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0072
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14058
 
Oval ID: oval:org.mitre.oval:def:14058
Title: Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.
Description: Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0071
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14065
 
Oval ID: oval:org.mitre.oval:def:14065
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0069
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14084
 
Oval ID: oval:org.mitre.oval:def:14084
Title: USN-1122-3 -- thunderbird regression
Description: thunderbird: mail/news client with RSS and integrated spam filter support Details: USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A regression was introduced which caused Thunderbird to display an empty menu bar. This update fixes the problem. We apologize for the inconvenience. Original advisory An empty menu bar sometimes appeared after upgrade in USN-1122-2
Family: unix Class: patch
Reference(s): USN-1122-3
CVE-2011-0081
CVE-2011-0069
CVE-2011-0070
CVE-2011-0080
CVE-2011-0074
CVE-2011-0075
CVE-2011-0077
CVE-2011-0078
CVE-2011-0072
CVE-2011-0065
CVE-2011-0066
CVE-2011-0073
CVE-2011-0067
CVE-2011-0071
CVE-2011-1202
Version: 5
Platform(s): Ubuntu 11.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14086
 
Oval ID: oval:org.mitre.oval:def:14086
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0075
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14127
 
Oval ID: oval:org.mitre.oval:def:14127
Title: USN-1122-2 -- thunderbird vulnerabilities
Description: thunderbird: mail/news client with RSS and integrated spam filter support Details: USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. This update provides the corresponding fixes for Natty. Original advisory Thunderbird could be made to run programs as your login if it opened specially crafted mail.
Family: unix Class: patch
Reference(s): USN-1122-2
CVE-2011-0081
CVE-2011-0069
CVE-2011-0070
CVE-2011-0080
CVE-2011-0074
CVE-2011-0075
CVE-2011-0077
CVE-2011-0078
CVE-2011-0072
CVE-2011-0065
CVE-2011-0066
CVE-2011-0073
CVE-2011-0067
CVE-2011-0071
CVE-2011-1202
Version: 5
Platform(s): Ubuntu 11.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14142
 
Oval ID: oval:org.mitre.oval:def:14142
Title: Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
Description: Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0065
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14193
 
Oval ID: oval:org.mitre.oval:def:14193
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0077
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14200
 
Oval ID: oval:org.mitre.oval:def:14200
Title: Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.
Description: Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0057
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14211
 
Oval ID: oval:org.mitre.oval:def:14211
Title: Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.
Description: Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0051
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14244
 
Oval ID: oval:org.mitre.oval:def:14244
Title: The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
Description: The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
Family: windows Class: vulnerability
Reference(s): CVE-2011-1202
Version: 15
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Google Chrome
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14246
 
Oval ID: oval:org.mitre.oval:def:14246
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0078
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14254
 
Oval ID: oval:org.mitre.oval:def:14254
Title: Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.
Description: Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0058
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14286
 
Oval ID: oval:org.mitre.oval:def:14286
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0070
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14317
 
Oval ID: oval:org.mitre.oval:def:14317
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0074
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14379
 
Oval ID: oval:org.mitre.oval:def:14379
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0053
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14409
 
Oval ID: oval:org.mitre.oval:def:14409
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0062
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14473
 
Oval ID: oval:org.mitre.oval:def:14473
Title: Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.
Description: Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0059
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14476
 
Oval ID: oval:org.mitre.oval:def:14476
Title: Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection.
Description: Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0055
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14523
 
Oval ID: oval:org.mitre.oval:def:14523
Title: Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls.
Description: Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0067
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20764
 
Oval ID: oval:org.mitre.oval:def:20764
Title: VMware vSphere security updates for the authentication service and third party libraries
Description: The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
Family: unix Class: vulnerability
Reference(s): CVE-2011-1202
Version: 4
Platform(s): VMWare ESX Server 4.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21123
 
Oval ID: oval:org.mitre.oval:def:21123
Title: RHSA-2011:0474: thunderbird security update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2011:0474-01
CESA-2011:0474
CVE-2011-0073
CVE-2011-0074
CVE-2011-0075
CVE-2011-0077
CVE-2011-0078
CVE-2011-0080
Version: 81
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21214
 
Oval ID: oval:org.mitre.oval:def:21214
Title: RHSA-2011:0310: firefox security and bug fix update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2011:0310-01
CVE-2010-1585
CVE-2011-0051
CVE-2011-0053
CVE-2011-0054
CVE-2011-0055
CVE-2011-0056
CVE-2011-0057
CVE-2011-0058
CVE-2011-0059
CVE-2011-0061
CVE-2011-0062
Version: 148
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21522
 
Oval ID: oval:org.mitre.oval:def:21522
Title: RHSA-2011:0311: thunderbird security update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2011:0311-01
CVE-2010-1585
CVE-2011-0053
CVE-2011-0061
CVE-2011-0062
Version: 55
Platform(s): Red Hat Enterprise Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21741
 
Oval ID: oval:org.mitre.oval:def:21741
Title: RHSA-2010:0968: thunderbird security update (Moderate)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2010:0968-01
CVE-2010-3767
CVE-2010-3772
CVE-2010-3776
Version: 42
Platform(s): Red Hat Enterprise Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21758
 
Oval ID: oval:org.mitre.oval:def:21758
Title: RHSA-2011:0471: firefox security update (Critical)
Description: The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
Family: unix Class: patch
Reference(s): RHSA-2011:0471-01
CVE-2011-0065
CVE-2011-0066
CVE-2011-0067
CVE-2011-0069
CVE-2011-0070
CVE-2011-0071
CVE-2011-0072
CVE-2011-0073
CVE-2011-0074
CVE-2011-0075
CVE-2011-0077
CVE-2011-0078
CVE-2011-0080
CVE-2011-0081
CVE-2011-1202
CESA-2011:0471-CentOS 5
Version: 200
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21816
 
Oval ID: oval:org.mitre.oval:def:21816
Title: RHSA-2011:0312: thunderbird security update (Moderate)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2011:0312-01
CVE-2011-0051
CVE-2011-0053
Version: 29
Platform(s): Red Hat Enterprise Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23031
 
Oval ID: oval:org.mitre.oval:def:23031
Title: ELSA-2011:0474: thunderbird security update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2011:0474-01
CVE-2011-0073
CVE-2011-0074
CVE-2011-0075
CVE-2011-0077
CVE-2011-0078
CVE-2011-0080
Version: 29
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23224
 
Oval ID: oval:org.mitre.oval:def:23224
Title: ELSA-2010:0968: thunderbird security update (Moderate)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2010:0968-01
CVE-2010-3767
CVE-2010-3772
CVE-2010-3776
Version: 17
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23238
 
Oval ID: oval:org.mitre.oval:def:23238
Title: ELSA-2011:0312: thunderbird security update (Moderate)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2011:0312-01
CVE-2011-0051
CVE-2011-0053
Version: 13
Platform(s): Oracle Linux 5
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23573
 
Oval ID: oval:org.mitre.oval:def:23573
Title: ELSA-2011:0310: firefox security and bug fix update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2011:0310-01
CVE-2010-1585
CVE-2011-0051
CVE-2011-0053
CVE-2011-0054
CVE-2011-0055
CVE-2011-0056
CVE-2011-0057
CVE-2011-0058
CVE-2011-0059
CVE-2011-0061
CVE-2011-0062
Version: 49
Platform(s): Oracle Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23640
 
Oval ID: oval:org.mitre.oval:def:23640
Title: ELSA-2011:0311: thunderbird security update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2011:0311-01
CVE-2010-1585
CVE-2011-0053
CVE-2011-0061
CVE-2011-0062
Version: 21
Platform(s): Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23702
 
Oval ID: oval:org.mitre.oval:def:23702
Title: ELSA-2011:0471: firefox security update (Critical)
Description: The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
Family: unix Class: patch
Reference(s): ELSA-2011:0471-01
CVE-2011-0065
CVE-2011-0066
CVE-2011-0067
CVE-2011-0069
CVE-2011-0070
CVE-2011-0071
CVE-2011-0072
CVE-2011-0073
CVE-2011-0074
CVE-2011-0075
CVE-2011-0077
CVE-2011-0078
CVE-2011-0080
CVE-2011-0081
CVE-2011-1202
Version: 65
Platform(s): Oracle Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27868
 
Oval ID: oval:org.mitre.oval:def:27868
Title: DEPRECATED: ELSA-2011-0311 -- thunderbird security update (critical)
Description: [3.1.8-4.0.2.el6_0] - Replace clean.gif in tarball [3.1.8-4.0.1.el6_0] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [3.1.8-4] - Update to build3 [3.1.8-3] - Update to build2 [3.1.8-2] - Update to 3.1.8
Family: unix Class: patch
Reference(s): ELSA-2011-0311
CVE-2010-1585
CVE-2011-0053
CVE-2011-0061
CVE-2011-0062
Version: 4
Platform(s): Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28282
 
Oval ID: oval:org.mitre.oval:def:28282
Title: DSA-2186-2 -- iceweasel -- several vulnerabilities
Description: Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
Family: unix Class: patch
Reference(s): DSA-2186-2
CVE-2010-1585
CVE-2011-0051
CVE-2011-0053
CVE-2011-0054
CVE-2011-0055
CVE-2011-0056
CVE-2011-0057
CVE-2011-0059
Version: 3
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): iceweasel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1199
Application 250
Application 68
Application 125
Application 78

SAINT Exploits

Description Link
Mozilla Firefox nsTreeRange Use After Free More info here
Mozilla Firefox OBJECT mChannel Use-After-Free More info here

OpenVAS Exploits

Date Description
2012-10-12 Name : Mandriva Update for libxslt MDVSA-2012:164 (libxslt)
File : nvt/gb_mandriva_MDVSA_2012_164.nasl
2012-10-05 Name : Ubuntu Update for libxslt USN-1595-1
File : nvt/gb_ubuntu_USN_1595_1.nasl
2012-10-03 Name : Fedora Update for libxslt FEDORA-2012-14048
File : nvt/gb_fedora_2012_14048_libxslt_fc16.nasl
2012-09-27 Name : Fedora Update for libxslt FEDORA-2012-14083
File : nvt/gb_fedora_2012_14083_libxslt_fc17.nasl
2012-09-17 Name : RedHat Update for libxslt RHSA-2012:1265-01
File : nvt/gb_RHSA-2012_1265-01_libxslt.nasl
2012-09-17 Name : CentOS Update for libxslt CESA-2012:1265 centos5
File : nvt/gb_CESA-2012_1265_libxslt_centos5.nasl
2012-09-17 Name : CentOS Update for libxslt CESA-2012:1265 centos6
File : nvt/gb_CESA-2012_1265_libxslt_centos6.nasl
2012-07-30 Name : CentOS Update for thunderbird CESA-2011:0474 centos5 x86_64
File : nvt/gb_CESA-2011_0474_thunderbird_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for thunderbird CESA-2011:0474 centos4 x86_64
File : nvt/gb_CESA-2011_0474_thunderbird_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for seamonkey CESA-2011:0473 centos4 x86_64
File : nvt/gb_CESA-2011_0473_seamonkey_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for firefox CESA-2011:0471 centos5 x86_64
File : nvt/gb_CESA-2011_0471_firefox_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for firefox CESA-2011:0471 centos4 x86_64
File : nvt/gb_CESA-2011_0471_firefox_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for thunderbird CESA-2010:0968 centos4 x86_64
File : nvt/gb_CESA-2010_0968_thunderbird_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for seamonkey CESA-2010:0967 centos4 x86_64
File : nvt/gb_CESA-2010_0967_seamonkey_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for firefox CESA-2010:0966 centos4 x86_64
File : nvt/gb_CESA-2010_0966_firefox_centos4_x86_64.nasl
2012-07-09 Name : RedHat Update for thunderbird RHSA-2011:0311-01
File : nvt/gb_RHSA-2011_0311-01_thunderbird.nasl
2012-06-06 Name : RedHat Update for thunderbird RHSA-2011:0475-01
File : nvt/gb_RHSA-2011_0475-01_thunderbird.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2011:0471 centos4 i386
File : nvt/gb_CESA-2011_0471_firefox_centos4_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2011:0471 centos5 i386
File : nvt/gb_CESA-2011_0471_firefox_centos5_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2011:0473 centos4 i386
File : nvt/gb_CESA-2011_0473_seamonkey_centos4_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2011:0474 centos4 i386
File : nvt/gb_CESA-2011_0474_thunderbird_centos4_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2011:0474 centos5 i386
File : nvt/gb_CESA-2011_0474_thunderbird_centos5_i386.nasl
2011-08-03 Name : Debian Security Advisory DSA 2235-1 (icedove)
File : nvt/deb_2235_1.nasl
2011-06-10 Name : Ubuntu Update for thunderbird USN-1122-3
File : nvt/gb_ubuntu_USN_1122_3.nasl
2011-05-18 Name : Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 02
File : nvt/gb_mozilla_prdts_mult_vuln_win02_may11.nasl
2011-05-18 Name : Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01
File : nvt/gb_mozilla_prdts_mult_vuln_win01_may11.nasl
2011-05-18 Name : Mozilla Products Multiple Vulnerabilities May-11 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_win_may11.nasl
2011-05-12 Name : Debian Security Advisory DSA 2186-1 (iceweasel)
File : nvt/deb_2186_1.nasl
2011-05-12 Name : Debian Security Advisory DSA 2227-1 (iceape)
File : nvt/deb_2227_1.nasl
2011-05-12 Name : Debian Security Advisory DSA 2228-1 (iceweasel)
File : nvt/deb_2228_1.nasl
2011-05-12 Name : Debian Security Advisory DSA 2187-1 (icedove)
File : nvt/deb_2187_1.nasl
2011-05-12 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox56.nasl
2011-05-10 Name : SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2011:022
File : nvt/gb_suse_2011_022.nasl
2011-05-10 Name : Mandriva Update for tcl-sqlite3 MDVA-2011:019 (tcl-sqlite3)
File : nvt/gb_mandriva_MDVA_2011_019.nasl
2011-05-10 Name : Ubuntu Update for xulrunner-1.9.1 USN-1123-1
File : nvt/gb_ubuntu_USN_1123_1.nasl
2011-05-10 Name : Ubuntu Update for thunderbird USN-1122-2
File : nvt/gb_ubuntu_USN_1122_2.nasl
2011-05-10 Name : Ubuntu Update for thunderbird USN-1122-1
File : nvt/gb_ubuntu_USN_1122_1.nasl
2011-05-10 Name : Ubuntu Update for firefox USN-1121-1
File : nvt/gb_ubuntu_USN_1121_1.nasl
2011-05-10 Name : Ubuntu Update for firefox USN-1112-1
File : nvt/gb_ubuntu_USN_1112_1.nasl
2011-05-05 Name : RedHat Update for firefox RHSA-2011:0471-01
File : nvt/gb_RHSA-2011_0471-01_firefox.nasl
2011-05-05 Name : RedHat Update for seamonkey RHSA-2011:0473-01
File : nvt/gb_RHSA-2011_0473-01_seamonkey.nasl
2011-05-05 Name : RedHat Update for thunderbird RHSA-2011:0474-01
File : nvt/gb_RHSA-2011_0474-01_thunderbird.nasl
2011-05-05 Name : Mandriva Update for mozilla-thunderbird MDVSA-2011:080 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2011_080.nasl
2011-05-05 Name : Mandriva Update for firefox MDVSA-2011:079 (firefox)
File : nvt/gb_mandriva_MDVSA_2011_079.nasl
2011-03-16 Name : Google Chrome Multiple Vulnerabilities - March 11(Linux)
File : nvt/gb_google_chrome_mult_dos_vuln_mar11_lin.nasl
2011-03-16 Name : Google Chrome Multiple Vulnerabilities - March 11(Windows)
File : nvt/gb_google_chrome_mult_dos_vuln_mar11_win.nasl
2011-03-15 Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-2
File : nvt/gb_ubuntu_USN_1049_2.nasl
2011-03-15 Name : Mandriva Update for mozilla-thunderbird MDVSA-2011:042 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2011_042.nasl
2011-03-10 Name : Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities March-11...
File : nvt/gb_mozilla_prdts_be_mult_unspecified_vuln_win_mar11.nasl
2011-03-10 Name : Mozilla Products Multiple Unspecified Vulnerabilities March-11 (Windows)
File : nvt/gb_mozilla_prdts_mult_unspecified_vuln_win_mar11.nasl
2011-03-10 Name : Mozilla Products Multiple Vulnerabilities March-11 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_win_mar11.nasl
2011-03-09 Name : Debian Security Advisory DSA 2180-1 (iceape)
File : nvt/deb_2180_1.nasl
2011-03-09 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox54.nasl
2011-03-08 Name : Mandriva Update for firefox MDVSA-2011:041 (firefox)
File : nvt/gb_mandriva_MDVSA_2011_041.nasl
2011-03-07 Name : RedHat Update for seamonkey RHSA-2011:0313-01
File : nvt/gb_RHSA-2011_0313-01_seamonkey.nasl
2011-03-07 Name : CentOS Update for firefox CESA-2011:0310 centos4 i386
File : nvt/gb_CESA-2011_0310_firefox_centos4_i386.nasl
2011-03-07 Name : Ubuntu Update for thunderbird vulnerabilities USN-1050-1
File : nvt/gb_ubuntu_USN_1050_1.nasl
2011-03-07 Name : CentOS Update for thunderbird CESA-2011:0312 centos4 i386
File : nvt/gb_CESA-2011_0312_thunderbird_centos4_i386.nasl
2011-03-07 Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-1
File : nvt/gb_ubuntu_USN_1049_1.nasl
2011-03-07 Name : CentOS Update for seamonkey CESA-2011:0313 centos4 i386
File : nvt/gb_CESA-2011_0313_seamonkey_centos4_i386.nasl
2011-03-07 Name : RedHat Update for thunderbird RHSA-2011:0312-01
File : nvt/gb_RHSA-2011_0312-01_thunderbird.nasl
2011-03-07 Name : RedHat Update for firefox RHSA-2011:0310-01
File : nvt/gb_RHSA-2011_0310-01_firefox.nasl
2011-01-31 Name : CentOS Update for firefox CESA-2010:0966 centos4 i386
File : nvt/gb_CESA-2010_0966_firefox_centos4_i386.nasl
2011-01-31 Name : CentOS Update for seamonkey CESA-2010:0967 centos4 i386
File : nvt/gb_CESA-2010_0967_seamonkey_centos4_i386.nasl
2011-01-31 Name : CentOS Update for thunderbird CESA-2010:0968 centos4 i386
File : nvt/gb_CESA-2010_0968_thunderbird_centos4_i386.nasl
2011-01-24 Name : Debian Security Advisory DSA 2132-1 (xulrunner)
File : nvt/deb_2132_1.nasl
2011-01-24 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox53.nasl
2011-01-11 Name : SuSE Update for MozillaFirefox,MozillaThunderbird,Seamonkey SUSE-SA:2011:003
File : nvt/gb_suse_2011_003.nasl
2010-12-28 Name : Fedora Update for gnome-python2-extras FEDORA-2010-18775
File : nvt/gb_fedora_2010_18775_gnome-python2-extras_fc13.nasl
2010-12-28 Name : Fedora Update for firefox FEDORA-2010-18773
File : nvt/gb_fedora_2010_18773_firefox_fc14.nasl
2010-12-28 Name : Fedora Update for galeon FEDORA-2010-18773
File : nvt/gb_fedora_2010_18773_galeon_fc14.nasl
2010-12-28 Name : Fedora Update for gnome-web-photo FEDORA-2010-18773
File : nvt/gb_fedora_2010_18773_gnome-web-photo_fc14.nasl
2010-12-28 Name : Fedora Update for gnome-web-photo FEDORA-2010-18775
File : nvt/gb_fedora_2010_18775_gnome-web-photo_fc13.nasl
2010-12-28 Name : Fedora Update for mozvoikko FEDORA-2010-18775
File : nvt/gb_fedora_2010_18775_mozvoikko_fc13.nasl
2010-12-28 Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-18775
File : nvt/gb_fedora_2010_18775_perl-Gtk2-MozEmbed_fc13.nasl
2010-12-28 Name : Fedora Update for xulrunner FEDORA-2010-18775
File : nvt/gb_fedora_2010_18775_xulrunner_fc13.nasl
2010-12-28 Name : Fedora Update for thunderbird FEDORA-2010-18777
File : nvt/gb_fedora_2010_18777_thunderbird_fc14.nasl
2010-12-28 Name : Fedora Update for thunderbird FEDORA-2010-18778
File : nvt/gb_fedora_2010_18778_thunderbird_fc13.nasl
2010-12-28 Name : Fedora Update for galeon FEDORA-2010-18775
File : nvt/gb_fedora_2010_18775_galeon_fc13.nasl
2010-12-28 Name : Fedora Update for firefox FEDORA-2010-18775
File : nvt/gb_fedora_2010_18775_firefox_fc13.nasl
2010-12-28 Name : Fedora Update for xulrunner FEDORA-2010-18773
File : nvt/gb_fedora_2010_18773_xulrunner_fc14.nasl
2010-12-28 Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-18773
File : nvt/gb_fedora_2010_18773_perl-Gtk2-MozEmbed_fc14.nasl
2010-12-28 Name : Fedora Update for mozvoikko FEDORA-2010-18773
File : nvt/gb_fedora_2010_18773_mozvoikko_fc14.nasl
2010-12-28 Name : Mandriva Update for firefox MDVSA-2010:251-1 (firefox)
File : nvt/gb_mandriva_MDVSA_2010_251_1.nasl
2010-12-28 Name : Mandriva Update for firefox MDVSA-2010:251-2 (firefox)
File : nvt/gb_mandriva_MDVSA_2010_251_2.nasl
2010-12-28 Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:258 (mozilla-thunderbird)
File : nvt/gb_mandriva_MDVSA_2010_258.nasl
2010-12-28 Name : Fedora Update for gnome-python2-extras FEDORA-2010-18773
File : nvt/gb_fedora_2010_18773_gnome-python2-extras_fc14.nasl
2010-12-27 Name : Mozilla Products Multiple Vulnerabilities dec-10 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_win_dec10.nasl
2010-12-23 Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1019-1
File : nvt/gb_ubuntu_USN_1019_1.nasl
2010-12-23 Name : Ubuntu Update for Thunderbird vulnerabilities USN-1020-1
File : nvt/gb_ubuntu_USN_1020_1.nasl
2010-12-23 Name : RedHat Update for firefox RHSA-2010:0966-01
File : nvt/gb_RHSA-2010_0966-01_firefox.nasl
2010-12-23 Name : RedHat Update for seamonkey RHSA-2010:0967-01
File : nvt/gb_RHSA-2010_0967-01_seamonkey.nasl
2010-12-23 Name : RedHat Update for thunderbird RHSA-2010:0968-01
File : nvt/gb_RHSA-2010_0968-01_thunderbird.nasl
2010-12-23 Name : Mandriva Update for firefox MDVSA-2010:251 (firefox)
File : nvt/gb_mandriva_MDVSA_2010_251.nasl
2010-05-04 Name : Mozilla Firefox Code Execution Vulnerability (Win) - May10
File : nvt/gb_firefox_code_exe_vuln_win_may10.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
75031 Apple Safari libxslt functions.c xsltGenerateIdFunction Heap Memory Address I...

Apple Safari contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an error occurs in the xsltGenerateIdFunction function in functions.c in libxslt, which will disclose heap memory address information to a context-dependent attacker using an XML document which calls the XSLT generate-id XPath function.
72490 Google Chrome libxslt functions.c xsltGenerateIdFunction Heap Memory Address ...

Google Chrome contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an error occurs in the xsltGenerateIdFunction function in functions.c in libxslt, which will disclose heap memory address information to a context-dependent attacker using an XML document which calls the XSLT generate-id XPath function.
72467 Mozilla Multiple Products Plugin Request 307 Redirect Response CSRF

Mozilla Firefox and SeaMonkey contain a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application sends a 307 redirect response to plugin-initiated requests, and forwards custom headers to the new location without properly sanitizing them. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
72465 Mozilla Multiple Products ParanoidFragmentSink nsIScriptableUnescapeHTML.pars...

Mozilla Firefox, SeaMonkey and Thunderbird contains a flaw related to the nsIScriptableUnescapeHTML.parseFragment method in ParanoidFragmentSink failing to properly sanitize HTML in chrome documents. This may allow a context-dependent attacker to execute arbitrary JavaScript code using a crafted javascript: URI.
72461 Mozilla Multiple Products Layout Objects Long Text Run Overflow

Mozilla Firefox and SeaMonkey are prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted overly long string, a context-dependent attacker can potentially execute arbitrary code.
72460 Mozilla Multiple Products Web Workers Garbage Collection Use-after-free Remot...

Mozilla Firefox and SeaMonkey contain a flaw related to the Web Workers implementation. The issue is triggered when a context-dependent attacker calls a deleted reference which is freed during garbage collection. This may allow an attacker to execute arbitrary code.
72459 Mozilla Multiple Products Baseline JavaScript Internal String Mapping Atom Ma...

Mozilla Firefox and SeaMonkey is prone to an overflow condition. The JavaScript engine fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted string value greater than 64k, a context-dependent attacker can potentially execute arbitrary code.
72458 Mozilla Multiple Products Non-Local JavaScript Internal Memory Mapping Overflow

Mozilla Firefox and SeaMonkey are prone to an overflow condition. The JavaScript engine fails to properly sanitize user-supplied input resulting in a buffer overflow. Through vectors related to the internal memory mapping of non-local JavaScript variables, a context-dependent attacker can potentially execute arbitrary code.
72457 Mozilla Multiple Products js3250.dll JSON.stringify() Method js_HasOwnPropert...

Mozilla Firefox and SeaMonkey contain a flaw related to the js3250.dll library encountering an error when processing the 'JSON.stringify()' method. The issue is triggered when a context-dependent attacker uses an invalid pointer in a call to the 'js_HasOwnProperty()' function to dereference an invalid pointer. This may allow an attacker to execute arbitrary code.
72456 Mozilla Multiple Products try/catch Statement eval() Recursive Call Handling ...

Mozilla Firefox contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error when handling recursive calls to 'eval()' occurs within a 'try/catch' statement, allowing a remote attacker to force a user to accept dialogs and gain elevated privileges.
72454 Mozilla Multiple Products JSObject::dropProperty Memory Corruption

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when an assertion failure relating to JSObject::dropProperty occurs, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause a denial of service or potentially have other unspecified impact.
72449 Mozilla Multiple Products jstracer.cpp TraceRecorder::box_jsval() Function Me...

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The TraceRecorder::box_jsval() function in jstracer.cpp fails to sanitize user-supplied input, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code.
72448 Mozilla Multiple Products nsUTF8ToUnicode Buffer Overrun Memory Corruption

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when nsUTF8ToUnicode::Convert writes beyond the end of a buffer when outputting a surrogate pair, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code.
72447 Mozilla Multiple Products nsEUCJPToUnicodeV2::Convert Buffer Writing Memory C...

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input the destination pointer in nsJapaneseToUnicode.cpp is incremented on line 367 and then written again on line 371, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause a denial of service or possibly have other unspecified impact.
72446 Mozilla Multiple Products AddRef() nsNPAPIPluginInstance::mOwner Deleted Obje...

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when attempting to AddRef() a deleted nsNPAPIPluginInstance::mOwner object, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause a denial of service or potentially have other unspecified impact.
72445 Mozilla Multiple Products js/src/xpconnect/src/xpcwrappednative.cpp Incorrect...

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when an incorrect scope is passed in js/src/xpconnect/src/xpcwrappednative.cpp, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code.
72444 Mozilla Multiple Products nsSHTransaction::GetPrev Memory Corruption DoS

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when nsSHTransaction::GetPrev is called, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause a denial of service or potentially have other unspecified impact.
72443 Mozilla Multiple Products Valgrind Testcase Invalid Read / Write Memory Corru...

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when an invalid read /write error occurs when testcase is run in valgrind, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code.
72442 Mozilla Multiple Products abs.pos. Continuations Style Context Memory Corruption

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when an assertion occurs in the style contexts in the abs.pos. continuations, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code.
72441 Mozilla Multiple Products v_ins->isF64() /jstracer.cpp:9347 Assertion Fail...

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when an assertion failure occurs in 'v_ins->isF64()' at '../jstracer.cpp:9347', resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code.
72440 Mozilla Multiple Products popTemplateRule Call txExecutionState.init Memory C...

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when certain errors are generated, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause a denial of service or potentially have other unspecified impact.
72439 Mozilla Multiple Products GC / OOM Reporting Title Lock Function Allocation M...

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when the GC or allocation or OOM reporting occurs when an object is locked, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code.
72438 Mozilla Multiple Products nsXULTemplateBuilder/nsXULTemplateQueryProcessorXML...

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The nsXULTemplateBuilder::AttributeChanged, nsXULTemplateBuilder::ContentRemoved and nsXULTemplateBuilder::NodeWillBeDestroyed methods fail to sanitize user-supplied input when loading data, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code.
72437 Mozilla Multiple Products jsapi.cpp JS_ResolveStandardClass String.prototype ...

A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. JS_ResolveStandardClass in jsapi.cpp reads the wrong name element, overwriting the global slot where String.prototype is stored, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause a denial of service, or possibly have other unspecified impact.
72094 Mozilla Multiple Products XSLT generate-id() Function Heap Address Informatio...

Mozilla Firefox and SeaMonkey contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the XSLT 'generate-id()' function in functions.c in libxslt returns a string which reveals a specific valid address of an object on the memory heap to an attacker using an XML document with a call to the XSLT generate-id XPath function. This may make it easier for a context-dependent attacker to exploit a memory corruption flaw.
72090 Mozilla Multiple Products resource: Protocol Traversal Arbitrary File Access

Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw that allows a context-dependent attacker to traverse outside of a restricted path. The issue is due to the programs not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the resource: protocol. This directory traversal attack would allow the attacker to access arbitrary files.
72088 Mozilla Multiple Products Java Applet Form Autocomplete Form History Informat...

Mozilla Firefox and SeaMonkey contain a flaw related to a Java applet mimicking form autocomplete controls interaction that may disclose form history entries to a context-dependent attacker. No further details have been provided.
72087 Mozilla Multiple Products nsTreeRange Dangling Pointer Remote Code Execution

Mozilla Firefox and SeaMonkey contain a dangling pointer flaw related to 'nsTreeRange' that may allow a context-dependent attacker to execute arbitrary code.
72086 Mozilla Multiple Products OBJECT's mObserverList Use-after-free Remote Code E...

Mozilla Firefox and SeaMonkey contain a user-after-free flaw related to the OBJECT's mObserverList that may allow a context-dependent attacker to execute arbitrary code. No further details have been provided.
72085 Mozilla Multiple Products OBJECT's mChannel Use-after-free Remote Code Execution

Mozilla Firefox and SeaMonkey contain a user-after-free flaw related to the OBJECT's mChannel that may allow a context-dependent attacker to execute arbitrary code. No further details have been provided.
72084 Mozilla Multiple Products Unspecified Memory Corruption (2011-0072)

A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code.
72083 Mozilla Multiple Products Unspecified Memory Corruption (2011-0078)

A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code.
72082 Mozilla Multiple Products Unspecified Memory Corruption (2011-0077)

A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code.
72081 Mozilla Multiple Products Unspecified Memory Corruption (2011-0075)

A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code.
72080 Mozilla Multiple Products Unspecified Memory Corruption (2011-0074)

A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code.
72078 Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-0080)

Multiple memory corruption flaws exist in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code.
72077 Mozilla Multiple Products Unspecified Remote DoS (2011-0070)

Mozilla Firefox, Thunderbird and SeaMonkey contain an unspecified flaw that may allow a context-dependent attacker to cause a denial of service. No further details have been provided.
72076 Mozilla Multiple Products Unspecified Remote DoS (2011-0069)

Mozilla Firefox, Thunderbird and SeaMonkey contain an unspecified flaw that may allow a context-dependent attacker to cause a denial of service. No further details have been provided.
69780 Mozilla Multiple Products Unspecified Memory Corruption (2010-3778)

Mozilla Firefox, Thunderbird and SeaMonkey contain an unspecified memory corruption vulnerability. This may allow a remote attacker to cause a denial of service and possibly execute arbitrary code via unknown vectors. No further details are available.
69778 Mozilla Multiple Products Browser Engine Unspecified Memory Corruption (2010-...

Mozilla Firefox, Thunderbird and SeaMonkey contain an unspecified memory corruption vulnerability. This may allow a remote attacker to cause a denial of service and possibly execute arbitrary code via unknown vectors. No further details are available.
64150 Mozilla Firefox nsIScriptableUnescapeHTML.parseFragment Method Multiple Eleme...

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-02-07 IAVM : 2013-A-0031 - Multiple Security Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity : Category I - VMSKEY : V0036787

Snort® IPS/IDS

Date Description
2014-03-08 Mozilla Firefox nsTreeRange Use After Free attempt
RuleID : 29617 - Revision : 4 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox onChannelRedirect method attempt
RuleID : 24994 - Revision : 9 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Firefox nsTreeRange Use After Free attempt
RuleID : 20072 - Revision : 8 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_esx_VMSA-2013-0001_remote.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_libxslt_20140114_2.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2012-1325.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-101213.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-110307.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-110429.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-101213.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-110302.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-110429.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_mozilla-xulrunner191-101213.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_mozilla-xulrunner191-110302.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_mozilla-xulrunner191-110429.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_seamonkey-101213.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_seamonkey-110302.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_seamonkey-110429.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_MozillaFirefox-110429.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_MozillaThunderbird-110314.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_MozillaThunderbird-110429.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_mozilla-js192-110307.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_mozilla-js192-110429.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_seamonkey-110307.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_seamonkey-110429.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-123.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0966.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0967.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0968.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0969.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0310.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0311.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0312.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0313.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0374.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0471.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0473.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0474.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0475.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1265.nasl - Type : ACT_GATHER_INFO
2013-02-16 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2013-0001.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-12-10 Name : The remote Fedora host is missing a security update.
File : fedora_2012-15716.nasl - Type : ACT_GATHER_INFO
2012-10-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-164.nasl - Type : ACT_GATHER_INFO
2012-10-05 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1595-1.nasl - Type : ACT_GATHER_INFO
2012-09-27 Name : The remote Fedora host is missing a security update.
File : fedora_2012-14048.nasl - Type : ACT_GATHER_INFO
2012-09-27 Name : The remote Fedora host is missing a security update.
File : fedora_2012-14083.nasl - Type : ACT_GATHER_INFO
2012-09-15 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120913_libxslt_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-09-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1265.nasl - Type : ACT_GATHER_INFO
2012-09-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1265.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101209_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101209_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20101209_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110301_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110301_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20110301_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20110301_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110428_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110428_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20110428_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20110428_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7421.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7490.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner191-7492.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1112-1.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1121-1.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1122-1.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1122-2.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1122-3.nasl - Type : ACT_GATHER_INFO
2011-06-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1123-1.nasl - Type : ACT_GATHER_INFO
2011-05-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2235.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-101212.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-101213.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_mozilla-xulrunner191-101212.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-101213.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-101213.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-110308.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-110429.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-101213.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-110302.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaThunderbird-110429.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_mozilla-xulrunner191-101213.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_mozilla-xulrunner191-110302.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_mozilla-xulrunner191-110429.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-101213.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-110302.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-110429.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-110429.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner191-110429.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7491.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner191-7493.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0471.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0473.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2011-0474.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2227.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2228.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-079.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-080.nasl - Type : ACT_GATHER_INFO
2011-04-29 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3519.nasl - Type : ACT_GATHER_INFO
2011-04-29 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3617.nasl - Type : ACT_GATHER_INFO
2011-04-29 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_401.nasl - Type : ACT_GATHER_INFO
2011-04-29 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_3110.nasl - Type : ACT_GATHER_INFO
2011-04-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0471.nasl - Type : ACT_GATHER_INFO
2011-04-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0473.nasl - Type : ACT_GATHER_INFO
2011-04-29 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-0474.nasl - Type : ACT_GATHER_INFO
2011-04-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0475.nasl - Type : ACT_GATHER_INFO
2011-04-29 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : seamonkey_2014.nasl - Type : ACT_GATHER_INFO
2011-03-24 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2011-0374.nasl - Type : ACT_GATHER_INFO
2011-03-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0374.nasl - Type : ACT_GATHER_INFO
2011-03-14 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-110307.nasl - Type : ACT_GATHER_INFO
2011-03-14 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner191-110303.nasl - Type : ACT_GATHER_INFO
2011-03-14 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner191-7363.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2186.nasl - Type : ACT_GATHER_INFO
2011-03-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2187.nasl - Type : ACT_GATHER_INFO
2011-03-09 Name : The remote host contains a web browser that is affected by multiple vulnerabi...
File : google_chrome_10_0_648_127.nasl - Type : ACT_GATHER_INFO
2011-03-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-042.nasl - Type : ACT_GATHER_INFO
2011-03-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1049-2.nasl - Type : ACT_GATHER_INFO
2011-03-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-041.nasl - Type : ACT_GATHER_INFO
2011-03-04 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2180.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2011-0310.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2011-0312.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0313.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote Windows host contains a web browser affected by multiple vulnerabi...
File : mozilla_firefox_3517.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote Windows host contains a web browser affected by multiple vulnerabi...
File : mozilla_firefox_3614.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_318.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote Windows host contains a web browser affected by multiple vulnerabi...
File : seamonkey_2012.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1049-1.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1050-1.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_45f102cd445611e095804061862b8c22.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0310.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0311.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-0312.nasl - Type : ACT_GATHER_INFO
2011-03-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0313.nasl - Type : ACT_GATHER_INFO
2011-01-28 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0966.nasl - Type : ACT_GATHER_INFO
2011-01-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0967.nasl - Type : ACT_GATHER_INFO
2011-01-28 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0968.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-101213.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner191-101213.nasl - Type : ACT_GATHER_INFO
2011-01-04 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7280.nasl - Type : ACT_GATHER_INFO
2010-12-23 Name : The remote Fedora host is missing a security update.
File : fedora_2010-18890.nasl - Type : ACT_GATHER_INFO
2010-12-23 Name : The remote Fedora host is missing a security update.
File : fedora_2010-18920.nasl - Type : ACT_GATHER_INFO
2010-12-21 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-258.nasl - Type : ACT_GATHER_INFO
2010-12-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2132.nasl - Type : ACT_GATHER_INFO
2010-12-14 Name : The remote Fedora host is missing a security update.
File : fedora_2010-18778.nasl - Type : ACT_GATHER_INFO
2010-12-13 Name : The remote Fedora host is missing a security update.
File : fedora_2010-18777.nasl - Type : ACT_GATHER_INFO
2010-12-12 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-18773.nasl - Type : ACT_GATHER_INFO
2010-12-12 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-18775.nasl - Type : ACT_GATHER_INFO
2010-12-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_1d8ff4a2044511e08e32000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-12-10 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-251.nasl - Type : ACT_GATHER_INFO
2010-12-10 Name : The remote Windows host contains a web browser affected by multiple vulnerabi...
File : mozilla_firefox_3516.nasl - Type : ACT_GATHER_INFO
2010-12-10 Name : The remote Windows host contains a web browser affected by multiple vulnerabi...
File : mozilla_firefox_3613.nasl - Type : ACT_GATHER_INFO
2010-12-10 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_3011.nasl - Type : ACT_GATHER_INFO
2010-12-10 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_317.nasl - Type : ACT_GATHER_INFO
2010-12-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0966.nasl - Type : ACT_GATHER_INFO
2010-12-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0967.nasl - Type : ACT_GATHER_INFO
2010-12-10 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0968.nasl - Type : ACT_GATHER_INFO
2010-12-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0969.nasl - Type : ACT_GATHER_INFO
2010-12-10 Name : The remote Windows host contains a web browser affected by multiple vulnerabi...
File : seamonkey_2011.nasl - Type : ACT_GATHER_INFO
2010-12-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1019-1.nasl - Type : ACT_GATHER_INFO
2010-12-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1020-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:58:34
  • Multiple Updates