USN-1185-1

Executive Summary

Summary
Title	Thunderbird vulnerabilities

Informations
Name	USN-1185-1	First vendor Publication	2011-08-26
Vendor	Ubuntu	Last vendor Modification	2011-08-26
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

Multiple vulnerabilities have been fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client

Details:

Gary Kwong, Igor Bukanov, and Bob Clary discovered multiple memory
vulnerabilities in the Gecko rendering engine. An attacker could use
these to possibly execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2011-2982)

It was discovered that a vulnerability in event management code could
permit JavaScript to be run in the wrong context. This could potentially
allow a malicious website to run code as another website or with escalated
privileges in a chrome-privileged context. (CVE-2011-2981)

It was discovered that an SVG text manipulation routine contained a
dangling pointer vulnerability. An attacker could potentially use this to
crash Thunderbird or execute arbitrary code with the privileges of the user
invoking Thunderbird. (CVE-2011-0084)

It was discovered that web content could receive chrome privileges if it
registered for drop events and a browser tab element was dropped into the
content area. This could potentially allow a malicious website to run code
with escalated privileges within Thunderbird. (CVE-2011-2984)

It was discovered that appendChild contained a dangling pointer
vulnerability. An attacker could potentially use this to crash Thunderbird
or execute arbitrary code with the privileges of the user invoking
Thunderbird. (CVE-2011-2378)

It was discovered that data from other domains could be read when
RegExp.input was set. This could potentially allow a malicious website
access to private data from other domains. (CVE-2011-2983)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
thunderbird 3.1.12+build1+nobinonly-0ubuntu0.11.04.1

Ubuntu 10.10:
thunderbird 3.1.12+build1+nobinonly-0ubuntu0.10.10.1

Ubuntu 10.04 LTS:
thunderbird 3.1.12+build1+nobinonly-0ubuntu0.10.04.1

After a standard system update you need to restart Thunderbird to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1185-1
CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982,
CVE-2011-2983, CVE-2011-2984

Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/3.1.12+build1+nobinonly-0ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/thunderbird/3.1.12+build1+nobinonly-0ubuntu0.10.10.1
https://launchpad.net/ubuntu/+source/thunderbird/3.1.12+build1+nobinonly-0ubuntu0.10.04.1

Original Source

Url : http://www.ubuntu.com/usn/USN-1185-1

CWE : Common Weakness Enumeration

id	Name
CWE-94	Failure to Control Generation of Code ('Code Injection')
CWE-200	Information Exposure
CWE-16	Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14502

Oval ID:	oval:org.mitre.oval:def:14502
Title:	The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
Description:	The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-0084	Version:	7
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000	Product(s):	Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird
Definition Synopsis:
Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 and is greater than or equal to 2.0.1 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0.1 OR Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 and is greater than or equal to 2.0.1 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0.1 OR Determine if the version of Mozilla Firefox is less than or equal to 1.5.8 and is greater than or equal to 1.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 1.5.8 AND Determine if the version of Mozilla Firefox is greater than or equal to 1.0 OR Determine if the version of Mozilla Firefox is less than or equal to 2.0.0.20 and is greater than or equal to 2.0.0.1 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 2.0.0.20 AND Determine if the version of Mozilla Firefox is greater than or equal to 2.0.0.1 OR Determine if the version of Mozilla Firefox is less than or equal to 3.6.19 and is greater than or equal to 3.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 3.6.19 AND Determine if the version of Mozilla Firefox is greater than or equal to 3.0 OR Determine if the version of Mozilla Thunderbird is less than or equal to 3.1.11 and is greater than or equal to 3.0.1 Mozilla Thunderbird is installed AND Determine if the version of Mozilla Thunderbird is less than or equal to 3.1.11 AND Determine if the version of Mozilla Thunderbird is greater than or equal to 3.0.1 OR Determine if the version of Mozilla Firefox is equal to 4.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is equal to 4.0 OR Determine if the version of Mozilla Firefox is equal to 5.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is equal to 5.0

Definition Id: oval:org.mitre.oval:def:14163

Oval ID:	oval:org.mitre.oval:def:14163
Title:	The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer."
Description:	The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-2378	Version:	5
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000	Product(s):	Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird
Definition Synopsis:
Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 and is greater than or equal to 2.0.1 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0.1 OR Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 and is greater than or equal to 2.0.1 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0.1 OR Determine if the version of Mozilla Firefox is less than or equal to 1.5.8 and is greater than or equal to 1.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 1.5.8 AND Determine if the version of Mozilla Firefox is greater than or equal to 1.0 OR Determine if the version of Mozilla Firefox is less than or equal to 2.0.0.20 and is greater than or equal to 2.0.0.1 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 2.0.0.20 AND Determine if the version of Mozilla Firefox is greater than or equal to 2.0.0.1 OR Determine if the version of Mozilla Firefox is less than or equal to 3.6.19 and is greater than or equal to 3.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 3.6.19 AND Determine if the version of Mozilla Firefox is greater than or equal to 3.0 OR Determine if the version of Mozilla Thunderbird is less than or equal to 3.1.11 and is greater than or equal to 3.0.1 Mozilla Thunderbird is installed AND Determine if the version of Mozilla Thunderbird is less than or equal to 3.1.11 AND Determine if the version of Mozilla Thunderbird is greater than or equal to 3.0.1

Definition Id: oval:org.mitre.oval:def:14512

Oval ID:	oval:org.mitre.oval:def:14512
Title:	The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.
Description:	The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-2981	Version:	5
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000	Product(s):	Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird
Definition Synopsis:
Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 and is greater than or equal to 2.0.1 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0.1 OR Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 and is greater than or equal to 2.0.1 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0.1 OR Determine if the version of Mozilla Firefox is less than or equal to 1.5.8 and is greater than or equal to 1.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 1.5.8 AND Determine if the version of Mozilla Firefox is greater than or equal to 1.0 OR Determine if the version of Mozilla Firefox is less than or equal to 2.0.0.20 and is greater than or equal to 2.0.0.1 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 2.0.0.20 AND Determine if the version of Mozilla Firefox is greater than or equal to 2.0.0.1 OR Determine if the version of Mozilla Firefox is less than or equal to 3.6.19 and is greater than or equal to 3.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 3.6.19 AND Determine if the version of Mozilla Firefox is greater than or equal to 3.0 OR Determine if the version of Mozilla Thunderbird is less than or equal to 3.1.11 and is greater than or equal to 3.0.1 Mozilla Thunderbird is installed AND Determine if the version of Mozilla Thunderbird is less than or equal to 3.1.11 AND Determine if the version of Mozilla Thunderbird is greater than or equal to 3.0.1

Definition Id: oval:org.mitre.oval:def:14294

Oval ID:	oval:org.mitre.oval:def:14294
Title:	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description:	Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-2982	Version:	5
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000	Product(s):	Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird
Definition Synopsis:
Determine if the version of Mozilla Firefox is less than or equal to 1.5 and is greater than or equal to 1.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 1.5 AND Determine if the version of Mozilla Firefox is greater than or equal to 1.0 OR Determine if the version of Mozilla Firefox is less than or equal to 3.6.19 and is greater than or equal to 3.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 3.6.19 AND Determine if the version of Mozilla Firefox is greater than or equal to 3.0 OR Determine if the version of Mozilla Seamonkey is less than or equal to 1.5.0.10 and is greater than or equal to 1.0 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 1.5.0.10 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 1.0 OR Determine if the version of Mozilla Seamonkey is less than or equal to 1.5.0.10 and is greater than or equal to 1.0 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 1.5.0.10 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 1.0 OR Determine if the version of Mozilla Thunderbird is less than or equal to 3.1.11 and is greater than or equal to 3.0.1 Mozilla Thunderbird is installed AND Determine if the version of Mozilla Thunderbird is less than or equal to 3.1.11 AND Determine if the version of Mozilla Thunderbird is greater than or equal to 3.0.1 OR Determine if the version of Mozilla Thunderbird is less than or equal to 2.0.0.23 and is greater than or equal to 2.0.0.0 Mozilla Thunderbird is installed AND Determine if the version of Mozilla Thunderbird is less than or equal to 2.0.0.23 AND Determine if the version of Mozilla Thunderbird is greater than or equal to 2.0.0.0 OR Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 and is greater than or equal to 2.0.1 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0.1 OR Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 and is greater than or equal to 2.0.1 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0.1 OR Determine if the version of Mozilla Firefox is less than or equal to 2.0.0.20 and is greater than or equal to 2.0.0.1 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 2.0.0.20 AND Determine if the version of Mozilla Firefox is greater than or equal to 2.0.0.1

Definition Id: oval:org.mitre.oval:def:14272

Oval ID:	oval:org.mitre.oval:def:14272
Title:	Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.
Description:	Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-2983	Version:	5
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000	Product(s):	Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird
Definition Synopsis:
Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 and is greater than or equal to 2.0.1 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0.1 OR Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 and is greater than or equal to 2.0.1 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0.1 OR Determine if the version of Mozilla Firefox is less than or equal to 1.5.8 and is greater than or equal to 1.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 1.5.8 AND Determine if the version of Mozilla Firefox is greater than or equal to 1.0 OR Determine if the version of Mozilla Seamonkey is less than or equal to 1.5.0.10 and is greater than or equal to 1.0 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 1.5.0.10 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 1.0 OR Determine if the version of Mozilla Seamonkey is less than or equal to 1.5.0.10 and is greater than or equal to 1.0 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 1.5.0.10 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 1.0 OR Determine if the version of Mozilla Firefox is less than or equal to 2.0.0.20 and is greater than or equal to 2.0.0.1 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 2.0.0.20 AND Determine if the version of Mozilla Firefox is greater than or equal to 2.0.0.1 OR Determine if the version of Mozilla Firefox is less than or equal to 3.6.19 and is greater than or equal to 3.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 3.6.19 AND Determine if the version of Mozilla Firefox is greater than or equal to 3.0 OR Determine if the version of Mozilla Thunderbird is less than or equal to 2.0.0.23 and is greater than or equal to 2.0.0.0 Mozilla Thunderbird is installed AND Determine if the version of Mozilla Thunderbird is less than or equal to 2.0.0.23 AND Determine if the version of Mozilla Thunderbird is greater than or equal to 2.0.0.0

Definition Id: oval:org.mitre.oval:def:14358

Oval ID:	oval:org.mitre.oval:def:14358
Title:	Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.
Description:	Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-2984	Version:	5
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000	Product(s):	Mozilla Seamonkey Mozilla Firefox
Definition Synopsis:
Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 and is greater than or equal to 2.0.1 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0.1 OR Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 and is greater than or equal to 2.0.1 Mozilla Seamonkey is installed AND Determine if the version of Mozilla Seamonkey is less than or equal to 2.1 AND Determine if the version of Mozilla Seamonkey is greater than or equal to 2.0.1 OR Determine if the version of Mozilla Firefox is less than or equal to 1.5.8 and is greater than or equal to 1.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 1.5.8 AND Determine if the version of Mozilla Firefox is greater than or equal to 1.0 OR Determine if the version of Mozilla Firefox is less than or equal to 2.0.0.20 and is greater than or equal to 2.0.0.1 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 2.0.0.20 AND Determine if the version of Mozilla Firefox is greater than or equal to 2.0.0.1 OR Determine if the version of Mozilla Firefox is less than or equal to 3.6.19 and is greater than or equal to 3.0 Mozilla Firefox is installed AND Determine if the version of Mozilla Firefox is less than or equal to 3.6.19 AND Determine if the version of Mozilla Firefox is greater than or equal to 3.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mozilla Firefox cpe:/a:mozilla:firefox:5.0 cpe:/a:mozilla:firefox:4.0.1 cpe:/a:mozilla:firefox:4.0:beta1 cpe:/a:mozilla:firefox:4.0:beta8 cpe:/a:mozilla:firefox:4.0:beta9 cpe:/a:mozilla:firefox:4.0:beta7 cpe:/a:mozilla:firefox:4.0:beta6 cpe:/a:mozilla:firefox:4.0:beta10 cpe:/a:mozilla:firefox:4.0:beta2 cpe:/a:mozilla:firefox:4.0:beta11 cpe:/a:mozilla:firefox:4.0:beta3 cpe:/a:mozilla:firefox:4.0 cpe:/a:mozilla:firefox:4.0:beta4 cpe:/a:mozilla:firefox:4.0:beta5 cpe:/a:mozilla:firefox:4.0:beta12 cpe:/a:mozilla:firefox:3.6.9 cpe:/a:mozilla:firefox:3.6.8 cpe:/a:mozilla:firefox:3.6.7 cpe:/a:mozilla:firefox:3.6.6 cpe:/a:mozilla:firefox:3.6.4 cpe:/a:mozilla:firefox:3.6.3 cpe:/a:mozilla:firefox:3.6.2 cpe:/a:mozilla:firefox:3.6.19 cpe:/a:mozilla:firefox:3.6.18 cpe:/a:mozilla:firefox:3.6.17 cpe:/a:mozilla:firefox:3.6.16 cpe:/a:mozilla:firefox:3.6.15 cpe:/a:mozilla:firefox:3.6.14 cpe:/a:mozilla:firefox:3.6.13 cpe:/a:mozilla:firefox:3.6.12 cpe:/a:mozilla:firefox:3.6.11 cpe:/a:mozilla:firefox:3.6.10 cpe:/a:mozilla:firefox:3.6 cpe:/a:mozilla:firefox:3.5.9 cpe:/a:mozilla:firefox:3.5.8 cpe:/a:mozilla:firefox:3.5.7 cpe:/a:mozilla:firefox:3.5.6 cpe:/a:mozilla:firefox:3.5.5 cpe:/a:mozilla:firefox:3.5.4 cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.19 cpe:/a:mozilla:firefox:3.5.18 cpe:/a:mozilla:firefox:3.5.17 cpe:/a:mozilla:firefox:3.5.16 cpe:/a:mozilla:firefox:3.5.15 cpe:/a:mozilla:firefox:3.5.14 cpe:/a:mozilla:firefox:3.5.13 cpe:/a:mozilla:firefox:3.5.12 cpe:/a:mozilla:firefox:3.5.11 cpe:/a:mozilla:firefox:3.5.10 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.17 cpe:/a:mozilla:firefox:3.0.16 cpe:/a:mozilla:firefox:3.0.15 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:2.0.0.20 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:2.0.0.19 cpe:/a:mozilla:firefox:2.0.0.18 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.0:preview_release	125
Application	Mozilla Seamonkey cpe:/a:mozilla:seamonkey:2.9:beta1 cpe:/a:mozilla:seamonkey:2.9:beta3 cpe:/a:mozilla:seamonkey:2.9:beta2 cpe:/a:mozilla:seamonkey:2.8:beta3 cpe:/a:mozilla:seamonkey:2.8:beta4 cpe:/a:mozilla:seamonkey:2.8:beta5 cpe:/a:mozilla:seamonkey:2.8:beta2 cpe:/a:mozilla:seamonkey:2.8 cpe:/a:mozilla:seamonkey:2.8:beta1 cpe:/a:mozilla:seamonkey:2.8:beta6 cpe:/a:mozilla:seamonkey:2.7.2 cpe:/a:mozilla:seamonkey:2.7.1 cpe:/a:mozilla:seamonkey:2.7:beta5 cpe:/a:mozilla:seamonkey:2.7:beta4 cpe:/a:mozilla:seamonkey:2.7 cpe:/a:mozilla:seamonkey:2.7:beta3 cpe:/a:mozilla:seamonkey:2.7:beta1 cpe:/a:mozilla:seamonkey:2.7:beta2 cpe:/a:mozilla:seamonkey:2.6.1 cpe:/a:mozilla:seamonkey:2.6:beta2 cpe:/a:mozilla:seamonkey:2.6 cpe:/a:mozilla:seamonkey:2.6:beta3 cpe:/a:mozilla:seamonkey:2.6:beta4 cpe:/a:mozilla:seamonkey:2.6:beta1 cpe:/a:mozilla:seamonkey:2.5 cpe:/a:mozilla:seamonkey:2.5:beta3 cpe:/a:mozilla:seamonkey:2.5:beta2 cpe:/a:mozilla:seamonkey:2.5:beta4 cpe:/a:mozilla:seamonkey:2.5:beta1 cpe:/a:mozilla:seamonkey:2.4.1 cpe:/a:mozilla:seamonkey:2.4:beta1 cpe:/a:mozilla:seamonkey:2.4:beta3 cpe:/a:mozilla:seamonkey:2.4 cpe:/a:mozilla:seamonkey:2.4:beta2 cpe:/a:mozilla:seamonkey:2.3.3 cpe:/a:mozilla:seamonkey:2.3.2 cpe:/a:mozilla:seamonkey:2.3.1 cpe:/a:mozilla:seamonkey:2.3:beta2 cpe:/a:mozilla:seamonkey:2.3:beta3 cpe:/a:mozilla:seamonkey:2.3 cpe:/a:mozilla:seamonkey:2.3:beta1 cpe:/a:mozilla:seamonkey:2.2:beta1 cpe:/a:mozilla:seamonkey:2.2 cpe:/a:mozilla:seamonkey:2.2:beta3 cpe:/a:mozilla:seamonkey:2.2:beta2 cpe:/a:mozilla:seamonkey:2.1:beta3 cpe:/a:mozilla:seamonkey:2.1:alpha2 cpe:/a:mozilla:seamonkey:2.1:alpha3 cpe:/a:mozilla:seamonkey:2.1:alpha1 cpe:/a:mozilla:seamonkey:2.1 cpe:/a:mozilla:seamonkey:2.1:beta1 cpe:/a:mozilla:seamonkey:2.1:rc2 cpe:/a:mozilla:seamonkey:2.1:beta2 cpe:/a:mozilla:seamonkey:2.1:rc1 cpe:/a:mozilla:seamonkey:2.0.9 cpe:/a:mozilla:seamonkey:2.0.8 cpe:/a:mozilla:seamonkey:2.0.7 cpe:/a:mozilla:seamonkey:2.0.6 cpe:/a:mozilla:seamonkey:2.0.5 cpe:/a:mozilla:seamonkey:2.0.4 cpe:/a:mozilla:seamonkey:2.0.3 cpe:/a:mozilla:seamonkey:2.0.2 cpe:/a:mozilla:seamonkey:2.0.14 cpe:/a:mozilla:seamonkey:2.0.13 cpe:/a:mozilla:seamonkey:2.0.12 cpe:/a:mozilla:seamonkey:2.0.11 cpe:/a:mozilla:seamonkey:2.0.10 cpe:/a:mozilla:seamonkey:2.0.1 cpe:/a:mozilla:seamonkey:2.0 cpe:/a:mozilla:seamonkey:2.0:rc2 cpe:/a:mozilla:seamonkey:2.0:alpha_3 cpe:/a:mozilla:seamonkey:2.0:alpha_2 cpe:/a:mozilla:seamonkey:2.0:alpha_1 cpe:/a:mozilla:seamonkey:2.0:rc1 cpe:/a:mozilla:seamonkey:2.0:beta_1 cpe:/a:mozilla:seamonkey:2.0:beta_2 cpe:/a:mozilla:seamonkey:1.5.0.9 cpe:/a:mozilla:seamonkey:1.5.0.8 cpe:/a:mozilla:seamonkey:1.5.0.10 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.4 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:seamonkey:1.1.19 cpe:/a:mozilla:seamonkey:1.1.18 cpe:/a:mozilla:seamonkey:1.1.17 cpe:/a:mozilla:seamonkey:1.1.16 cpe:/a:mozilla:seamonkey:1.1.15 cpe:/a:mozilla:seamonkey:1.1.14 cpe:/a:mozilla:seamonkey:1.1.13 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0:beta	113
Application	Mozilla Thunderbird cpe:/a:mozilla:thunderbird:3.1.9 cpe:/a:mozilla:thunderbird:3.1.8 cpe:/a:mozilla:thunderbird:3.1.7 cpe:/a:mozilla:thunderbird:3.1.6 cpe:/a:mozilla:thunderbird:3.1.5 cpe:/a:mozilla:thunderbird:3.1.4 cpe:/a:mozilla:thunderbird:3.1.3 cpe:/a:mozilla:thunderbird:3.1.2 cpe:/a:mozilla:thunderbird:3.1.11 cpe:/a:mozilla:thunderbird:3.1.10 cpe:/a:mozilla:thunderbird:3.1.1 cpe:/a:mozilla:thunderbird:3.1 cpe:/a:mozilla:thunderbird:3.0.9 cpe:/a:mozilla:thunderbird:3.0.8 cpe:/a:mozilla:thunderbird:3.0.7 cpe:/a:mozilla:thunderbird:3.0.6 cpe:/a:mozilla:thunderbird:3.0.5 cpe:/a:mozilla:thunderbird:3.0.4 cpe:/a:mozilla:thunderbird:3.0.3 cpe:/a:mozilla:thunderbird:3.0.2 cpe:/a:mozilla:thunderbird:3.0.11 cpe:/a:mozilla:thunderbird:3.0.10 cpe:/a:mozilla:thunderbird:3.0.1 cpe:/a:mozilla:thunderbird:3.0 cpe:/a:mozilla:thunderbird:2.0.0.9 cpe:/a:mozilla:thunderbird:2.0.0.8 cpe:/a:mozilla:thunderbird:2.0.0.7 cpe:/a:mozilla:thunderbird:2.0.0.6 cpe:/a:mozilla:thunderbird:2.0.0.5 cpe:/a:mozilla:thunderbird:2.0.0.4 cpe:/a:mozilla:thunderbird:2.0.0.3 cpe:/a:mozilla:thunderbird:2.0.0.23 cpe:/a:mozilla:thunderbird:2.0.0.22 cpe:/a:mozilla:thunderbird:2.0.0.21 cpe:/a:mozilla:thunderbird:2.0.0.20 cpe:/a:mozilla:thunderbird:2.0.0.2 cpe:/a:mozilla:thunderbird:2.0.0.19 cpe:/a:mozilla:thunderbird:2.0.0.18 cpe:/a:mozilla:thunderbird:2.0.0.17 cpe:/a:mozilla:thunderbird:2.0.0.16 cpe:/a:mozilla:thunderbird:2.0.0.15 cpe:/a:mozilla:thunderbird:2.0.0.14 cpe:/a:mozilla:thunderbird:2.0.0.13 cpe:/a:mozilla:thunderbird:2.0.0.12 cpe:/a:mozilla:thunderbird:2.0.0.11 cpe:/a:mozilla:thunderbird:2.0.0.1 cpe:/a:mozilla:thunderbird:2.0.0.0 cpe:/a:mozilla:thunderbird:2.0	48

Open Source Vulnerability Database (OSVDB)

id	Description
74587	Mozilla Multiple Products Tab Element Dropping Weakness Remote Code Execution
74586	Mozilla Multiple Products RegExp.input Property Same Origin Policy Bypass Inf...
74585	Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2982)
74584	Mozilla Multiple Products Event-Management Same Origin Policy Bypass Remote C...
74582	Mozilla Multiple Products .appendChild() Function DOM Object Handling Remote ...
74581	Mozilla Multiple Products SVGTextElement.getCharNumAtPosition() Function SVG ...