Executive Summary
Summary | |
---|---|
Title | Firefox and Xulrunner vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1251-1 | First vendor Publication | 2011-11-10 |
Vendor | Ubuntu | Last vendor Modification | 2011-11-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Multiple vulnerabilities have been fixed in Firefox and Xulrunner. Software Description: - firefox: Mozilla Open Source web browser - xulrunner-1.9.2: Mozilla Gecko runtime environment Details: It was discovered that CVE-2011-3004, which addressed possible privilege escalation in addons, also affected Firefox 3.6. An attacker could potentially exploit Firefox when an add-on was installed that used loadSubscript in vulnerable ways. (CVE-2011-3647) Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. A malicious website could possibly use this flaw this to steal data or inject malicious scripts into web content. (CVE-2011-3648) Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs which would potentially allow an attacker to remotely crash the browser. (CVE-2011-3650) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: Ubuntu 10.04 LTS: After a standard system upgrade you need to restart Firefox and any applications that use Xulrunner to effect the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1251-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-20 | Improper Input Validation |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
25 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13550 | |||
Oval ID: | oval:org.mitre.oval:def:13550 | ||
Title: | The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004. | ||
Description: | The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3647 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13870 | |||
Oval ID: | oval:org.mitre.oval:def:13870 | ||
Title: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
Description: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3650 | Version: | 19 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14121 | |||
Oval ID: | oval:org.mitre.oval:def:14121 | ||
Title: | The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. | ||
Description: | The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3004 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14212 | |||
Oval ID: | oval:org.mitre.oval:def:14212 | ||
Title: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. | ||
Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3648 | Version: | 19 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14796 | |||
Oval ID: | oval:org.mitre.oval:def:14796 | ||
Title: | USN-1254-1 -- Thunderbird vulnerabilities | ||
Description: | thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities have been fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1254-1 CVE-2011-3004 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15154 | |||
Oval ID: | oval:org.mitre.oval:def:15154 | ||
Title: | DSA-2345-1 icedove -- several | ||
Description: | Several vulnerabilities have been discovered in Icedove, a mail client based on Thunderbird. CVE-2011-3647 The JSSubScriptLoader does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. CVE-2011-3648 A cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. CVE-2011-3650 Iceweasel does not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2345-1 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15332 | |||
Oval ID: | oval:org.mitre.oval:def:15332 | ||
Title: | DSA-2342-1 iceape -- several | ||
Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3647 "moz_bug_r_a4" discovered a privilege escalation vulnerability in addon handling. CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting. CVE-2011-3650 Marc Schoenefeld discovered that profiling the Javascript code could lead to memory corruption. The oldstable distribution is not affected. The iceape package only provides the XPCOM code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2342-1 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15362 | |||
Oval ID: | oval:org.mitre.oval:def:15362 | ||
Title: | DSA-2341-1 iceweasel -- several | ||
Description: | Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-3647 "moz_bug_r_a4" discovered a privilege escalation vulnerability in addon handling. CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting. CVE-2011-3650 Marc Schoenefeld discovered that profiling the Javascript code could lead to memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2341-1 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15371 | |||
Oval ID: | oval:org.mitre.oval:def:15371 | ||
Title: | USN-1251-1 -- Firefox and Xulrunner vulnerabilities | ||
Description: | firefox: Mozilla Open Source web browser - xulrunner-1.9.2: Mozilla Gecko runtime environment Multiple vulnerabilities have been fixed in Firefox and Xulrunner. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1251-1 CVE-2011-3004 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21221 | |||
Oval ID: | oval:org.mitre.oval:def:21221 | ||
Title: | USN-1222-1 -- Firefox vulnerabilities | ||
Description: | Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1222-1 CVE-2011-2995 CVE-2011-2997 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3005 CVE-2011-3232 CVE-2011-3004 | Version: | 5 |
Platform(s): | Ubuntu 11.04 | Product(s): | firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21620 | |||
Oval ID: | oval:org.mitre.oval:def:21620 | ||
Title: | RHSA-2011:1439: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1439-01 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 42 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21765 | |||
Oval ID: | oval:org.mitre.oval:def:21765 | ||
Title: | RHSA-2011:1437: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1437-01 CESA-2011:1437 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 42 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22013 | |||
Oval ID: | oval:org.mitre.oval:def:22013 | ||
Title: | RHSA-2011:1438: thunderbird security update (Moderate) | ||
Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1438-01 CESA-2011:1438 CVE-2011-3648 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22694 | |||
Oval ID: | oval:org.mitre.oval:def:22694 | ||
Title: | DEPRECATED: ELSA-2011:1437: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1437-01 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 18 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23226 | |||
Oval ID: | oval:org.mitre.oval:def:23226 | ||
Title: | ELSA-2011:1438: thunderbird security update (Moderate) | ||
Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1438-01 CVE-2011-3648 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23410 | |||
Oval ID: | oval:org.mitre.oval:def:23410 | ||
Title: | ELSA-2011:1439: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1439-01 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 17 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23717 | |||
Oval ID: | oval:org.mitre.oval:def:23717 | ||
Title: | ELSA-2011:1437: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1437-01 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 17 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28130 | |||
Oval ID: | oval:org.mitre.oval:def:28130 | ||
Title: | DEPRECATED: ELSA-2011-1439 -- thunderbird security update (critical) | ||
Description: | [3.1.16-2.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.16-2] - Update to 3.1.16 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1439 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for seamonkey CESA-2011:1440 centos4 x86_64 File : nvt/gb_CESA-2011_1440_seamonkey_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2011:1437 centos4 x86_64 File : nvt/gb_CESA-2011_1437_firefox_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64 File : nvt/gb_CESA-2011_1438_thunderbird_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2011:1437 centos5 x86_64 File : nvt/gb_CESA-2011_1437_firefox_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1438 centos4 x86_64 File : nvt/gb_CESA-2011_1438_thunderbird_centos4_x86_64.nasl |
2012-07-09 | Name : RedHat Update for thunderbird RHSA-2011:1439-01 File : nvt/gb_RHSA-2011_1439-01_thunderbird.nasl |
2012-03-16 | Name : Ubuntu Update for thunderbird USN-1282-1 File : nvt/gb_ubuntu_USN_1282_1.nasl |
2012-02-13 | Name : Debian Security Advisory DSA 2341-1 (iceweasel) File : nvt/deb_2341_1.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2342-1 (iceape) File : nvt/deb_2342_1.nasl |
2011-12-23 | Name : Ubuntu Update for thunderbird USN-1254-1 File : nvt/gb_ubuntu_USN_1254_1.nasl |
2011-11-25 | Name : Ubuntu Update for firefox USN-1277-1 File : nvt/gb_ubuntu_USN_1277_1.nasl |
2011-11-25 | Name : Ubuntu Update for mozvoikko USN-1277-2 File : nvt/gb_ubuntu_USN_1277_2.nasl |
2011-11-14 | Name : Mozilla Products XSS and Memory Corruption Vulnerabilities (Windows) File : nvt/gb_mozilla_prdts_xss_n_mem_crptn_vuln_win.nasl |
2011-11-14 | Name : Mozilla Products XSS and Memory Corruption Vulnerabilities (MAC OS X) File : nvt/gb_mozilla_prdts_xss_n_mem_crptn_vuln_macosx.nasl |
2011-11-14 | Name : Mozilla Products Privilege Escalation Vulnerabily (MAC OS X) File : nvt/gb_mozilla_prdts_priv_esc_vuln_macosx.nasl |
2011-11-11 | Name : Mandriva Update for mozilla MDVSA-2011:169 (mozilla) File : nvt/gb_mandriva_MDVSA_2011_169.nasl |
2011-11-11 | Name : Ubuntu Update for firefox USN-1251-1 File : nvt/gb_ubuntu_USN_1251_1.nasl |
2011-11-11 | Name : Mozilla Products Privilege Escalation Vulnerabily (Windows) File : nvt/gb_mozilla_prdts_priv_esc_vuln_win.nasl |
2011-11-11 | Name : RedHat Update for seamonkey RHSA-2011:1440-01 File : nvt/gb_RHSA-2011_1440-01_seamonkey.nasl |
2011-11-11 | Name : CentOS Update for thunderbird CESA-2011:1438 centos4 i386 File : nvt/gb_CESA-2011_1438_thunderbird_centos4_i386.nasl |
2011-11-11 | Name : RedHat Update for thunderbird RHSA-2011:1438-01 File : nvt/gb_RHSA-2011_1438-01_thunderbird.nasl |
2011-11-11 | Name : RedHat Update for firefox RHSA-2011:1437-01 File : nvt/gb_RHSA-2011_1437-01_firefox.nasl |
2011-11-11 | Name : CentOS Update for firefox CESA-2011:1437 centos4 i386 File : nvt/gb_CESA-2011_1437_firefox_centos4_i386.nasl |
2011-11-11 | Name : CentOS Update for seamonkey CESA-2011:1440 centos4 i386 File : nvt/gb_CESA-2011_1440_seamonkey_centos4_i386.nasl |
2011-11-11 | Name : CentOS Update for firefox CESA-2011:1437 centos5 i386 File : nvt/gb_CESA-2011_1437_firefox_centos5_i386.nasl |
2011-11-11 | Name : CentOS Update for thunderbird CESA-2011:1438 centos5 i386 File : nvt/gb_CESA-2011_1438_thunderbird_centos5_i386.nasl |
2011-10-16 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox59.nasl |
2011-10-14 | Name : Mozilla Firefox and SeaMonkey 'loadSubScript()' Security Bypass Vulnerability... File : nvt/gb_mozilla_prdts_load_subscript_sec_bypass_vuln_macosx.nasl |
2011-10-04 | Name : Mozilla Firefox and SeaMonkey 'loadSubScript()' Security Bypass Vulnerability File : nvt/gb_mozilla_prdts_load_subscript_sec_bypass_vuln_win.nasl |
2011-09-30 | Name : Ubuntu Update for firefox USN-1222-1 File : nvt/gb_ubuntu_USN_1222_1.nasl |
0000-00-00 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox61.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76952 | Mozilla Multiple Product Firebug JavaScript File Profiling Remote Memory Corr... |
76948 | Mozilla Multiple Product Shift-JIS XSS |
76947 | Mozilla Multiple Product JSSubScriptLoader loadSubScript Method XPCNativeWrap... |
75845 | Mozilla Multiple Product loadSubScript Method XPCNativeWrappers Unwrapping Re... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_thunderbird_20120404.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_firefox_20121210.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-111109.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-34.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-9.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-111130.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-111110.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-111130.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1440.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1439.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1438.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1437.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-141.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111108_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111108_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111108_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111108_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-12-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1254-1.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-111114.nasl - Type : ACT_GATHER_INFO |
2011-11-29 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1282-1.nasl - Type : ACT_GATHER_INFO |
2011-11-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1277-1.nasl - Type : ACT_GATHER_INFO |
2011-11-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1277-2.nasl - Type : ACT_GATHER_INFO |
2011-11-14 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-1438.nasl - Type : ACT_GATHER_INFO |
2011-11-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1437.nasl - Type : ACT_GATHER_INFO |
2011-11-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1440.nasl - Type : ACT_GATHER_INFO |
2011-11-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2345.nasl - Type : ACT_GATHER_INFO |
2011-11-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1251-1.nasl - Type : ACT_GATHER_INFO |
2011-11-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-169.nasl - Type : ACT_GATHER_INFO |
2011-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2341.nasl - Type : ACT_GATHER_INFO |
2011-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2342.nasl - Type : ACT_GATHER_INFO |
2011-11-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6c8ad3e80a3011e195804061862b8c22.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_80.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1440.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-1438.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1437.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_80.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_3116.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_3_6_24.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_8_0.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_3_1_16.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_8_0.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1439.nasl - Type : ACT_GATHER_INFO |
2011-11-09 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_3624.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_7_0.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1222-1.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1fade8a3e9e811e095804061862b8c22.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_70.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_24.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:59:12 |
|