Executive Summary
Summary | |
---|---|
Title | Mozvoikko update |
Informations | |||
---|---|---|---|
Name | USN-1355-2 | First vendor Publication | 2012-02-03 |
Vendor | Ubuntu | Last vendor Modification | 2012-02-03 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: This update provides compatible Mozvoikko packages for the latest Firefox. Software Description: - mozvoikko: Finnish spell-checker extension for Firefox Details: USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. Original advisory details: It was discovered that if a user chose to export their Firefox Sync key Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: Ubuntu 11.04: Ubuntu 10.10: Ubuntu 10.04 LTS: After a standard system update you need to restart Firefox to make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1355-2 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-264 | Permissions, Privileges, and Access Controls |
29 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
14 % | CWE-416 | Use After Free |
14 % | CWE-200 | Information Exposure |
14 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14304 | |||
Oval ID: | oval:org.mitre.oval:def:14304 | ||
Title: | Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects. | ||
Description: | Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0446 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14444 | |||
Oval ID: | oval:org.mitre.oval:def:14444 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0443 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14464 | |||
Oval ID: | oval:org.mitre.oval:def:14464 | ||
Title: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. | ||
Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0444 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14525 | |||
Oval ID: | oval:org.mitre.oval:def:14525 | ||
Title: | USN-1355-1 -- Firefox vulnerabilities | ||
Description: | firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1355-1 CVE-2012-0450 CVE-2012-0449 CVE-2012-0444 CVE-2012-0447 CVE-2012-0446 CVE-2011-3659 CVE-2012-0445 CVE-2012-0442 CVE-2012-0443 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14618 | |||
Oval ID: | oval:org.mitre.oval:def:14618 | ||
Title: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0449 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14670 | |||
Oval ID: | oval:org.mitre.oval:def:14670 | ||
Title: | DEPRECATED: Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. | ||
Description: | Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0450 | Version: | 14 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14678 | |||
Oval ID: | oval:org.mitre.oval:def:14678 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0442 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14697 | |||
Oval ID: | oval:org.mitre.oval:def:14697 | ||
Title: | Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. | ||
Description: | Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3659 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14907 | |||
Oval ID: | oval:org.mitre.oval:def:14907 | ||
Title: | Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. | ||
Description: | Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0445 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14912 | |||
Oval ID: | oval:org.mitre.oval:def:14912 | ||
Title: | Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. | ||
Description: | Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0447 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14959 | |||
Oval ID: | oval:org.mitre.oval:def:14959 | ||
Title: | DSA-2406-1 icedove -- several | ||
Description: | Several vulnerabilities have been discovered in Icedove, Debians variant of the Mozilla Thunderbird code base. CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. CVE-2012-0442 Memory corruption bugs could cause Icedove to crash or possibly execute arbitrary code. CVE-2012-0444 Icedove does not properly initialise nsChildView data structures, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Ogg Vorbis file. CVE-2012-0449 Icedove allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2406-1 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14983 | |||
Oval ID: | oval:org.mitre.oval:def:14983 | ||
Title: | DSA-2400-1 iceweasel -- several | ||
Description: | Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0444 "regenrecht" discovered that missing input sanisiting in the Ogg Vorbis parser may lead to the execution of arbitrary code. CVE-2012-0449 Nicolas Gregoire and Aki Helin discovered that missing input sanisiting in XSLT processing may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2400-1 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15190 | |||
Oval ID: | oval:org.mitre.oval:def:15190 | ||
Title: | DSA-2412-1 libvorbis -- buffer overflow | ||
Description: | It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2412-1 CVE-2012-0444 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libvorbis |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15283 | |||
Oval ID: | oval:org.mitre.oval:def:15283 | ||
Title: | DSA-2402-1 iceape -- several | ||
Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0444 "regenrecht" discovered that missing input sanisiting in the Ogg Vorbis parser may lead to the execution of arbitrary code. CVE-2012-0449 Nicolas Gregoire and Aki Helin discovered that missing input sanisiting in XSLT processing may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2402-1 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15389 | |||
Oval ID: | oval:org.mitre.oval:def:15389 | ||
Title: | USN-1355-2 -- Mozvoikko update | ||
Description: | mozvoikko: Finnish spell-checker extension for Firefox Details: USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. Original advisory This update provides compatible Mozvoikko packages for the latest Firefox. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1355-2 CVE-2012-0450 CVE-2012-0449 CVE-2012-0444 CVE-2012-0447 CVE-2012-0446 CVE-2011-3659 CVE-2012-0445 CVE-2012-0442 CVE-2012-0443 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Mozvoikko |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15402 | |||
Oval ID: | oval:org.mitre.oval:def:15402 | ||
Title: | USN-1370-1 -- libvorbis vulnerability | ||
Description: | libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1370-1 CVE-2012-0444 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | libvorbis |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15429 | |||
Oval ID: | oval:org.mitre.oval:def:15429 | ||
Title: | USN-1355-3 -- ubufox and webfav update | ||
Description: | ubufox: Ubuntu Firefox specific configuration defaults and apt support - webfav: Firefox extension for saving web favorites Details: USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. Original advisory This update provides compatible ubufox and webfav packages for the latest Firefox. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1355-3 CVE-2012-0450 CVE-2012-0449 CVE-2012-0444 CVE-2012-0447 CVE-2012-0446 CVE-2011-3659 CVE-2012-0445 CVE-2012-0442 CVE-2012-0443 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | ubufox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20719 | |||
Oval ID: | oval:org.mitre.oval:def:20719 | ||
Title: | RHSA-2012:0079: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0079-01 CESA-2012:0079 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 | Version: | 68 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20845 | |||
Oval ID: | oval:org.mitre.oval:def:20845 | ||
Title: | RHSA-2012:0080: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0080-01 CESA-2012:0080 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0449 | Version: | 55 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21230 | |||
Oval ID: | oval:org.mitre.oval:def:21230 | ||
Title: | RHSA-2012:0085: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0085-01 CESA-2012:0085 CVE-2011-3670 CVE-2012-0442 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21408 | |||
Oval ID: | oval:org.mitre.oval:def:21408 | ||
Title: | RHSA-2012:0136: libvorbis security update (Important) | ||
Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0136-01 CESA-2012:0136 CVE-2012-0444 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | libvorbis |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22843 | |||
Oval ID: | oval:org.mitre.oval:def:22843 | ||
Title: | ELSA-2012:0136: libvorbis security update (Important) | ||
Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0136-01 CVE-2012-0444 | Version: | 6 |
Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | libvorbis |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22851 | |||
Oval ID: | oval:org.mitre.oval:def:22851 | ||
Title: | ELSA-2012:0085: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0085-01 CVE-2011-3670 CVE-2012-0442 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23338 | |||
Oval ID: | oval:org.mitre.oval:def:23338 | ||
Title: | DEPRECATED: ELSA-2012:0079: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0079-01 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23504 | |||
Oval ID: | oval:org.mitre.oval:def:23504 | ||
Title: | ELSA-2012:0079: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0079-01 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 | Version: | 25 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23762 | |||
Oval ID: | oval:org.mitre.oval:def:23762 | ||
Title: | DEPRECATED: ELSA-2012:0136: libvorbis security update (Important) | ||
Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0136-01 CVE-2012-0444 | Version: | 6 |
Platform(s): | Oracle Linux 6 Oracle Linux 5 Oracle Linux 4 | Product(s): | libvorbis |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23792 | |||
Oval ID: | oval:org.mitre.oval:def:23792 | ||
Title: | ELSA-2012:0080: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0080-01 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0449 | Version: | 21 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27597 | |||
Oval ID: | oval:org.mitre.oval:def:27597 | ||
Title: | DEPRECATED: ELSA-2012-0080 -- thunderbird security update (critical) | ||
Description: | [3.1.18-1.0.1.el6_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.18-1] - Update to 3.1.18 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0080 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0449 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Firefox AttributeChildRemoved Use After Free | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2013-09-18 | Name : Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities) File : nvt/deb_2406_1.nasl |
2012-08-03 | Name : Mandriva Update for libvorbis MDVSA-2012:052 (libvorbis) File : nvt/gb_mandriva_MDVSA_2012_052.nasl |
2012-08-03 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:0234-1 (MozillaFirefox) File : nvt/gb_suse_2012_0234_1.nasl |
2012-08-02 | Name : SuSE Update for libvorbis openSUSE-SU-2012:0319-1 (libvorbis) File : nvt/gb_suse_2012_0319_1.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0085 centos5 File : nvt/gb_CESA-2012_0085_thunderbird_centos5.nasl |
2012-07-30 | Name : CentOS Update for libvorbis CESA-2012:0136 centos6 File : nvt/gb_CESA-2012_0136_libvorbis_centos6.nasl |
2012-07-30 | Name : CentOS Update for libvorbis CESA-2012:0136 centos5 File : nvt/gb_CESA-2012_0136_libvorbis_centos5.nasl |
2012-07-30 | Name : CentOS Update for libvorbis CESA-2012:0136 centos4 File : nvt/gb_CESA-2012_0136_libvorbis_centos4.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0085 centos4 File : nvt/gb_CESA-2012_0085_thunderbird_centos4.nasl |
2012-07-30 | Name : CentOS Update for seamonkey CESA-2012:0084 centos4 File : nvt/gb_CESA-2012_0084_seamonkey_centos4.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0080 centos6 File : nvt/gb_CESA-2012_0080_thunderbird_centos6.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2012:0079 centos6 File : nvt/gb_CESA-2012_0079_firefox_centos6.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2012:0079 centos5 File : nvt/gb_CESA-2012_0079_firefox_centos5.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2012:0079 centos4 File : nvt/gb_CESA-2012_0079_firefox_centos4.nasl |
2012-07-09 | Name : RedHat Update for thunderbird RHSA-2012:0080-01 File : nvt/gb_RHSA-2012_0080-01_thunderbird.nasl |
2012-03-19 | Name : Fedora Update for libvorbis FEDORA-2012-1652 File : nvt/gb_fedora_2012_1652_libvorbis_fc16.nasl |
2012-03-16 | Name : Ubuntu Update for thunderbird USN-1369-1 File : nvt/gb_ubuntu_USN_1369_1.nasl |
2012-03-12 | Name : Debian Security Advisory DSA 2412-1 (libvorbis) File : nvt/deb_2412_1.nasl |
2012-02-21 | Name : RedHat Update for libvorbis RHSA-2012:0136-01 File : nvt/gb_RHSA-2012_0136-01_libvorbis.nasl |
2012-02-21 | Name : Ubuntu Update for libvorbis USN-1370-1 File : nvt/gb_ubuntu_USN_1370_1.nasl |
2012-02-13 | Name : Ubuntu Update for xulrunner-1.9.2 USN-1353-1 File : nvt/gb_ubuntu_USN_1353_1.nasl |
2012-02-13 | Name : Ubuntu Update for thunderbird USN-1350-1 File : nvt/gb_ubuntu_USN_1350_1.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2400-1 (iceweasel) File : nvt/deb_2400_1.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2402-1 (iceape) File : nvt/deb_2402_1.nasl |
2012-02-12 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox63.nasl |
2012-02-06 | Name : Mozilla Products 'Firefox Recovery Key.html' Information Disclosure Vulnerabi... File : nvt/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl |
2012-02-06 | Name : Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X) File : nvt/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl |
2012-02-06 | Name : Ubuntu Update for firefox USN-1355-1 File : nvt/gb_ubuntu_USN_1355_1.nasl |
2012-02-06 | Name : Ubuntu Update for mozvoikko USN-1355-2 File : nvt/gb_ubuntu_USN_1355_2.nasl |
2012-02-06 | Name : Ubuntu Update for ubufox USN-1355-3 File : nvt/gb_ubuntu_USN_1355_3.nasl |
2012-02-06 | Name : Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X 01) File : nvt/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl |
2012-02-06 | Name : Mandriva Update for mozilla MDVSA-2012:013 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_013.nasl |
2012-02-03 | Name : Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_feb12.nasl |
2012-02-03 | Name : RedHat Update for thunderbird RHSA-2012:0085-01 File : nvt/gb_RHSA-2012_0085-01_thunderbird.nasl |
2012-02-03 | Name : RedHat Update for seamonkey RHSA-2012:0084-01 File : nvt/gb_RHSA-2012_0084-01_seamonkey.nasl |
2012-02-03 | Name : Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01) File : nvt/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl |
2012-02-01 | Name : RedHat Update for firefox RHSA-2012:0079-01 File : nvt/gb_RHSA-2012_0079-01_firefox.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla products Ogg Vorbis decoding memory corruption attempt RuleID : 25298 - Revision : 6 - Type : FILE-MULTIMEDIA |
2014-01-10 | Mozilla products Ogg Vorbis decoding memory corruption attempt RuleID : 25297 - Revision : 8 - Type : FILE-MULTIMEDIA |
2014-01-10 | Mozilla Firefox use-after free remote code execution attempt RuleID : 23445 - Revision : 7 - Type : BROWSER-FIREFOX |
2014-01-10 | Phoenix exploit kit post-compromise behavior RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC |
2014-01-10 | Phoenix exploit kit landing page RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-08-26 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_40497e81fee34e549d5f175a5c633b73.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_thunderbird_20130313.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libvorbis_20120626.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0422.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-83.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-120201.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-120201.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libvorbis-120221.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-120201.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-254.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-120207.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-141.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-47.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0080.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0084.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0085.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0136.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0079.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120201_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120131_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120131_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120201_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120215_libvorbis_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-04-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-052.nasl - Type : ACT_GATHER_INFO |
2012-03-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libvorbis-7984.nasl - Type : ACT_GATHER_INFO |
2012-03-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libvorbis-120221.nasl - Type : ACT_GATHER_INFO |
2012-02-21 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1370-1.nasl - Type : ACT_GATHER_INFO |
2012-02-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1369-1.nasl - Type : ACT_GATHER_INFO |
2012-02-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2412.nasl - Type : ACT_GATHER_INFO |
2012-02-17 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1652.nasl - Type : ACT_GATHER_INFO |
2012-02-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0136.nasl - Type : ACT_GATHER_INFO |
2012-02-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0136.nasl - Type : ACT_GATHER_INFO |
2012-02-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2406.nasl - Type : ACT_GATHER_INFO |
2012-02-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner192-120206.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1350-1.nasl - Type : ACT_GATHER_INFO |
2012-02-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1353-1.nasl - Type : ACT_GATHER_INFO |
2012-02-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7949.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1355-1.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1355-2.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-10-120202.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1355-3.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-013.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2400.nasl - Type : ACT_GATHER_INFO |
2012-02-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2402.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-0085.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0084.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0079.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0080.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0084.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0085.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0a9e2b724cb711e1914614dae9ebcf89.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_3626.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_100.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_3_1_18.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_10_0.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_3_6_26.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_10_0.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_100.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_3118.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0079.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0080.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Windows host contains a web browser that is affected by several vu... File : seamonkey_27.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:59:39 |
|