Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Firefox regression
Informations
Name USN-1157-3 First vendor Publication 2011-06-23
Vendor Ubuntu Last vendor Modification 2011-06-23
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04

Summary:

Under certain circumstances, the updated translations could unintentionally install firefox.

Software Description: - firefox: Safe and easy web browser from Mozilla

Details:

USN-1157-1 fixed vulnerabilities in Firefox. Unfortunately, this update produced the side effect of pulling in Firefox on some systems that did not have it installed during a dist-upgrade due to changes in the Ubuntu language packs. This update fixes the problem. We apologize for the inconvenience.

Original advisory details:

Bob Clary, Kevin Brosnan, Gary Kwong, Jesse Ruderman, Christian Biesinger,
Bas Schouten, Igor Bukanov, Bill McCloskey, Olli Pettay, Daniel Veditz and
Marcia Knous discovered multiple memory vulnerabilities in the browser
rendering engine. An attacker could possibly execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2011-2374, CVE-2011-2375)

Martin Barbella discovered that under certain conditions, viewing a XUL
document while JavaScript was disabled caused deleted memory to be
accessed. An attacker could potentially use this to crash Firefox or
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2011-2373)

Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace
images due to memory corruption. An attacker could potentially use this to
crash Firefox or execute arbitrary code with the privileges of the user
invoking Firefox. (CVE-2011-2377)

Chris Rohlf and Yan Ivnitskiy discovered an integer overflow vulnerability
in JavaScript Arrays. An attacker could potentially use this to execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2011-2371)

It was discovered that Firefox's WebGL textures did not honor same-origin
policy. If a user were tricked into viewing a malicious site, an attacker
could potentially view image data from a different site. (CVE-2011-2366)

Christoph Diehl discovered an out-of-bounds read vulnerability in WebGL
code. An attacker could potentially read data that other processes had
stored in the GPU. (CVE-2011-2367)

Christoph Diehl discovered an invalid write vulnerability in WebGL code. An
attacker could potentially use this to execute arbitrary code with the
privileges of the user invoking Firefox. (CVE-2011-2368)

It was discovered that an unauthorized site could trigger an installation
dialog for addons and themes. If a user were tricked into viewing a
malicious site, an attacker could possibly trick the user into installing a
malicious addon or theme. (CVE-2011-2370)

Mario Heiderich discovered a vulnerability in displaying decoded
HTML-encoded entities inside SVG elements. An attacker could utilize this
to perform cross-site scripting attacks. (CVE-2011-2369)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.04:
firefox-locale-af 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-ar 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-as 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-ast 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-be 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-bg 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-bn 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-br 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-bs 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-ca 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-cs 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-cy 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-da 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-de 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-el 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-en 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-eo 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-es 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-et 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-eu 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-fa 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-fi 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-fr 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-fy 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-ga 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-gd 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-gl 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-gu 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-he 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-hi 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-hr 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-hu 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-hy 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-id 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-is 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-it 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-ja 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-ka 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-kk 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-kn 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-ko 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-ku 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-lg 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-lt 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-lv 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-mai 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-mk 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-ml 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-mr 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-nb 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-nl 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-nn 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-nso 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-oc 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-or 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-pa 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-pl 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-pt 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-ro 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-ru 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-si 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-sk 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-sl 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-sq 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-sr 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-sv 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-ta 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-te 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-th 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-tr 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-uk 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-vi 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-zh-hans 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-zh-hant 5.0+build1+nobinonly-0ubuntu0.11.04.2
firefox-locale-zu 5.0+build1+nobinonly-0ubuntu0.11.04.2

In general, a standard system update will make all the necessary changes.

References:
https://launchpad.net/bugs/800857

Package Information:
https://launchpad.net/ubuntu/+source/firefox/5.0+build1+nobinonly-0ubuntu0.11.04.2

Original Source

Url : http://www.ubuntu.com/usn/USN-1157-3

CWE : Common Weakness Enumeration

% Id Name
38 % CWE-264 Permissions, Privileges, and Access Controls
12 % CWE-399 Resource Management Errors
12 % CWE-189 Numeric Errors (CWE/SANS Top 25)
12 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
12 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13872
 
Oval ID: oval:org.mitre.oval:def:13872
Title: Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.
Description: Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2377
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13912
 
Oval ID: oval:org.mitre.oval:def:13912
Title: The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Description: The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2368
Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13987
 
Oval ID: oval:org.mitre.oval:def:13987
Title: Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
Description: Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2371
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14008
 
Oval ID: oval:org.mitre.oval:def:14008
Title: USN-1157-3 -- firefox regression
Description: firefox: Safe and easy web browser from Mozilla Details: USN-1157-1 fixed vulnerabilities in Firefox. Unfortunately, this update produced the side effect of pulling in Firefox on some systems that did not have it installed during a dist-upgrade due to changes in the Ubuntu language packs. This update fixes the problem. We apologize for the inconvenience. Original advisory under certain circumstances, the updated translations could unintentionally install firefox.
Family: unix Class: patch
Reference(s): USN-1157-3
CVE-2011-2374
CVE-2011-2375
CVE-2011-2373
CVE-2011-2377
CVE-2011-2371
CVE-2011-2366
CVE-2011-2367
CVE-2011-2368
CVE-2011-2370
CVE-2011-2369
Version: 5
Platform(s): Ubuntu 11.04
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14048
 
Oval ID: oval:org.mitre.oval:def:14048
Title: USN-1157-2 -- mozvoikko, ubufox, webfav update
Description: mozvoikko: Finnish spell-checker extension for Firefox - ubufox: Ubuntu Firefox specific configuration defaults and apt support - webfav: Firefox extension for saving web favorites Details: USN-1157-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 5. Original advisory This update provides provides packages compatible with Firefox 5.
Family: unix Class: patch
Reference(s): USN-1157-2
CVE-2011-2374
CVE-2011-2375
CVE-2011-2373
CVE-2011-2377
CVE-2011-2371
CVE-2011-2366
CVE-2011-2367
CVE-2011-2368
CVE-2011-2370
CVE-2011-2369
Version: 5
Platform(s): Ubuntu 11.04
Product(s): mozvoikko
ubufox
webfav
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14068
 
Oval ID: oval:org.mitre.oval:def:14068
Title: USN-1157-1 -- firefox vulnerabilities
Description: firefox: Safe and easy web browser from Mozilla Multiple Firefox vulnerabilities have been fixed
Family: unix Class: patch
Reference(s): USN-1157-1
CVE-2011-2374
CVE-2011-2375
CVE-2011-2373
CVE-2011-2377
CVE-2011-2371
CVE-2011-2366
CVE-2011-2367
CVE-2011-2368
CVE-2011-2370
CVE-2011-2369
Version: 5
Platform(s): Ubuntu 11.04
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14071
 
Oval ID: oval:org.mitre.oval:def:14071
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2375
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14123
 
Oval ID: oval:org.mitre.oval:def:14123
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2374
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14178
 
Oval ID: oval:org.mitre.oval:def:14178
Title: Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
Description: Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2373
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14221
 
Oval ID: oval:org.mitre.oval:def:14221
Title: Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.
Description: Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2366
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14278
 
Oval ID: oval:org.mitre.oval:def:14278
Title: Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.
Description: Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2370
Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14302
 
Oval ID: oval:org.mitre.oval:def:14302
Title: The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors.
Description: The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2367
Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14426
 
Oval ID: oval:org.mitre.oval:def:14426
Title: Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.
Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2369
Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 277
Application 7
Application 59
Application 127

ExploitDB Exploits

id Description
2012-02-27 Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit
2011-10-12 Mozilla Firefox Array.reduceRight() Integer Overflow Exploit

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for firefox CESA-2011:0885 centos4 x86_64
File : nvt/gb_CESA-2011_0885_firefox_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for firefox CESA-2011:0885 centos5 x86_64
File : nvt/gb_CESA-2011_0885_firefox_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for thunderbird CESA-2011:0887 centos4 x86_64
File : nvt/gb_CESA-2011_0887_thunderbird_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for thunderbird CESA-2011:0887 centos5 x86_64
File : nvt/gb_CESA-2011_0887_thunderbird_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for seamonkey CESA-2011:0888 centos4 x86_64
File : nvt/gb_CESA-2011_0888_seamonkey_centos4_x86_64.nasl
2012-06-06 Name : RedHat Update for thunderbird RHSA-2011:0886-01
File : nvt/gb_RHSA-2011_0886-01_thunderbird.nasl
2011-08-18 Name : SuSE Update for MozillaFirefox,MozillaThunderbird SUSE-SA:2011:028
File : nvt/gb_suse_2011_028.nasl
2011-08-18 Name : CentOS Update for firefox CESA-2011:0885 centos4 i386
File : nvt/gb_CESA-2011_0885_firefox_centos4_i386.nasl
2011-08-18 Name : CentOS Update for thunderbird CESA-2011:0887 centos4 i386
File : nvt/gb_CESA-2011_0887_thunderbird_centos4_i386.nasl
2011-08-18 Name : CentOS Update for seamonkey CESA-2011:0888 centos4 i386
File : nvt/gb_CESA-2011_0888_seamonkey_centos4_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2011:0885 centos5 i386
File : nvt/gb_CESA-2011_0885_firefox_centos5_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2011:0887 centos5 i386
File : nvt/gb_CESA-2011_0887_thunderbird_centos5_i386.nasl
2011-08-03 Name : Debian Security Advisory DSA 2269-1 (iceape)
File : nvt/deb_2269_1.nasl
2011-08-03 Name : Debian Security Advisory DSA 2268-1 (iceweasel)
File : nvt/deb_2268_1.nasl
2011-08-03 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox57.nasl
2011-08-03 Name : Debian Security Advisory DSA 2273-1 (icedove)
File : nvt/deb_2273_1.nasl
2011-07-18 Name : Ubuntu Update for thunderbird USN-1150-1
File : nvt/gb_ubuntu_USN_1150_1.nasl
2011-07-08 Name : Ubuntu Update for firefox USN-1149-2
File : nvt/gb_ubuntu_USN_1149_2.nasl
2011-07-07 Name : Mozilla Firefox Multiple Vulnerabilities July-11 (Windows)
File : nvt/gb_mozilla_firefox_mult_vuln_win_jul11.nasl
2011-07-07 Name : Mozilla Firefox Security Bypass Vulnerability July-11 (Windows)
File : nvt/gb_mozilla_firefox_sec_bypass_vuln_win_jul11.nasl
2011-07-07 Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01
File : nvt/gb_mozilla_prdts_mult_vuln_win01_jul11.nasl
2011-07-07 Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02
File : nvt/gb_mozilla_prdts_mult_vuln_win02_jul11.nasl
2011-07-07 Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03
File : nvt/gb_mozilla_prdts_mult_vuln_win03_jul11.nasl
2011-07-07 Name : Mozilla Products WebGL Information Disclosure Vulnerability July-11 (Windows)
File : nvt/gb_mozilla_prdts_webgl_info_disc_vuln_win_jul11.nasl
2011-06-24 Name : Ubuntu Update for mozvoikko USN-1157-2
File : nvt/gb_ubuntu_USN_1157_2.nasl
2011-06-24 Name : Ubuntu Update for firefox USN-1157-1
File : nvt/gb_ubuntu_USN_1157_1.nasl
2011-06-24 Name : Ubuntu Update for firefox USN-1157-3
File : nvt/gb_ubuntu_USN_1157_3.nasl
2011-06-24 Name : Ubuntu Update for firefox USN-1149-1
File : nvt/gb_ubuntu_USN_1149_1.nasl
2011-06-24 Name : Mandriva Update for mozilla MDVSA-2011:111 (mozilla)
File : nvt/gb_mandriva_MDVSA_2011_111.nasl
2011-06-24 Name : RedHat Update for seamonkey RHSA-2011:0888-01
File : nvt/gb_RHSA-2011_0888-01_seamonkey.nasl
2011-06-24 Name : RedHat Update for thunderbird RHSA-2011:0887-01
File : nvt/gb_RHSA-2011_0887-01_thunderbird.nasl
2011-06-24 Name : RedHat Update for firefox RHSA-2011:0885-01
File : nvt/gb_RHSA-2011_0885-01_firefox.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
73193 Mozilla Multiple Products Non-whitelisted Site Install Dialog Triggering Weak...

73192 Mozilla Multiple Products HTML-encoded Entities SVG Elements XSS

73191 Mozilla Multiple Products WebGL Invalid Write Remote Code Execution

73190 Mozilla Multiple Products WebGL Out-of-bounds Read GPU Processes Information ...

73189 Mozilla Multiple Products WebGL Texture Image Rendering Cross-domain Image Da...

73184 Mozilla Multiple Products Array.reduceRight() Method Overflow

73183 Mozilla Multiple Products multipart/x-mixed-replace Image Handling Memory Cor...

73182 Mozilla Multiple Products XUL Document Handling Use-after-free Arbitrary Code...

73178 Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2375)

73177 Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2374)

Snort® IPS/IDS

Date Description
2014-03-08 Mozilla Array.reduceRight integer overflow attempt
RuleID : 29625 - Revision : 2 - Type : BROWSER-FIREFOX
2014-03-08 Mozilla Array.reduceRight integer overflow attempt
RuleID : 29624 - Revision : 2 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Array.reduceRight integer overflow
RuleID : 24188 - Revision : 4 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Array.reduceRight integer overflow
RuleID : 24187 - Revision : 4 - Type : BROWSER-FIREFOX
2014-01-10 Phoenix exploit kit post-compromise behavior
RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC
2014-01-10 Phoenix exploit kit landing page
RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Mozilla Array.reduceRight integer overflow
RuleID : 19714 - Revision : 5 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Array.reduceRight integer overflow
RuleID : 19713 - Revision : 8 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_mozilla-js192-110622.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-110622.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-110627.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_MozillaThunderbird-110628.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0886.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0888.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0887.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0885.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20110621_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20110621_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110621_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110621_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7596.nasl - Type : ACT_GATHER_INFO
2011-08-17 Name : The remote Windows host contains a web browser that may be affected by multip...
File : seamonkey_22.nasl - Type : ACT_GATHER_INFO
2011-08-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0888.nasl - Type : ACT_GATHER_INFO
2011-07-18 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1150-1.nasl - Type : ACT_GATHER_INFO
2011-07-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2273.nasl - Type : ACT_GATHER_INFO
2011-07-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2269.nasl - Type : ACT_GATHER_INFO
2011-07-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2268.nasl - Type : ACT_GATHER_INFO
2011-07-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7597.nasl - Type : ACT_GATHER_INFO
2011-07-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-110628.nasl - Type : ACT_GATHER_INFO
2011-06-30 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1149-2.nasl - Type : ACT_GATHER_INFO
2011-06-24 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_3_6_18.nasl - Type : ACT_GATHER_INFO
2011-06-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1157-3.nasl - Type : ACT_GATHER_INFO
2011-06-24 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_5_0.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1157-1.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1157-2.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2011-0887.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1149-1.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-111.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0885.nasl - Type : ACT_GATHER_INFO
2011-06-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0888.nasl - Type : ACT_GATHER_INFO
2011-06-22 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-0887.nasl - Type : ACT_GATHER_INFO
2011-06-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0886.nasl - Type : ACT_GATHER_INFO
2011-06-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0885.nasl - Type : ACT_GATHER_INFO
2011-06-21 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_3111.nasl - Type : ACT_GATHER_INFO
2011-06-21 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_50.nasl - Type : ACT_GATHER_INFO
2011-06-21 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3618.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:58:44
  • Multiple Updates