Executive Summary
Summary | |
---|---|
Title | Firefox vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1729-1 | First vendor Publication | 2013-02-20 |
Vendor | Ubuntu | Last vendor Modification | 2013-02-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS Summary: Firefox could be made to crash or run programs as your login if it opened a malicious website. Software Description: - firefox: Mozilla Open Source web browser Details: Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. (CVE-2013-0783, CVE-2013-0784) Atte Kettunen discovered that Firefox could perform an out-of-bounds read while rendering GIF format images. An attacker could exploit this to crash Firefox. (CVE-2013-0772) Boris Zbarsky discovered that Firefox did not properly handle some wrapped WebIDL objects. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0765) Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0773) Frederik Braun that Firefox made the location of the active browser profile available to JavaScript workers. (CVE-2013-0774) A use-after-free vulnerability was discovered in Firefox. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0775) Michal Zalewski discovered that Firefox would not always show the correct address when cancelling a proxy authentication prompt. A remote attacker could exploit this to conduct URL spoofing and phishing attacks. (CVE-2013-0776) Abhishek Arya discovered several problems related to memory handling. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: Ubuntu 12.04 LTS: Ubuntu 11.10: Ubuntu 10.04 LTS: After a standard system update you need to restart Firefox to make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1729-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
44 % | CWE-416 | Use After Free |
22 % | CWE-125 | Out-of-bounds Read |
11 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
11 % | CWE-295 | Certificate Issues |
11 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16219 | |||
Oval ID: | oval:org.mitre.oval:def:16219 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0783 | Version: | 21 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16383 | |||
Oval ID: | oval:org.mitre.oval:def:16383 | ||
Title: | Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties. | ||
Description: | Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0780 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16619 | |||
Oval ID: | oval:org.mitre.oval:def:16619 | ||
Title: | The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Description: | The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0778 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16666 | |||
Oval ID: | oval:org.mitre.oval:def:16666 | ||
Title: | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. | ||
Description: | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0776 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16747 | |||
Oval ID: | oval:org.mitre.oval:def:16747 | ||
Title: | The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Description: | The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0779 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16797 | |||
Oval ID: | oval:org.mitre.oval:def:16797 | ||
Title: | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors. | ||
Description: | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0774 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16861 | |||
Oval ID: | oval:org.mitre.oval:def:16861 | ||
Title: | The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Description: | The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0773 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16906 | |||
Oval ID: | oval:org.mitre.oval:def:16906 | ||
Title: | Heap-based buffer overflow in the nsSaveAsCharseterbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Description: | Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0782 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16934 | |||
Oval ID: | oval:org.mitre.oval:def:16934 | ||
Title: | Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0781 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16950 | |||
Oval ID: | oval:org.mitre.oval:def:16950 | ||
Title: | Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. | ||
Description: | Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0775 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16977 | |||
Oval ID: | oval:org.mitre.oval:def:16977 | ||
Title: | Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0777 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17097 | |||
Oval ID: | oval:org.mitre.oval:def:17097 | ||
Title: | Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||
Description: | Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0765 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17119 | |||
Oval ID: | oval:org.mitre.oval:def:17119 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0784 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17159 | |||
Oval ID: | oval:org.mitre.oval:def:17159 | ||
Title: | The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image. | ||
Description: | The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0772 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17832 | |||
Oval ID: | oval:org.mitre.oval:def:17832 | ||
Title: | USN-1729-2 -- firefox regression | ||
Description: | Due to a regression, Firefox might crash or freeze under normal use. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1729-2 CVE-2013-0783 CVE-2013-0784 CVE-2013-0772 CVE-2013-0765 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18301 | |||
Oval ID: | oval:org.mitre.oval:def:18301 | ||
Title: | USN-1729-1 -- firefox vulnerabilities | ||
Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1729-1 CVE-2013-0783 CVE-2013-0784 CVE-2013-0772 CVE-2013-0765 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18309 | |||
Oval ID: | oval:org.mitre.oval:def:18309 | ||
Title: | USN-1748-1 -- thunderbird vulnerabilities | ||
Description: | Several security issues were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1748-1 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 CVE-2013-0783 CVE-2013-0784 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21124 | |||
Oval ID: | oval:org.mitre.oval:def:21124 | ||
Title: | RHSA-2013:0271: firefox security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0271-02 CESA-2013:0271 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 73 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | devhelp firefox xulrunner yelp libproxy |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21148 | |||
Oval ID: | oval:org.mitre.oval:def:21148 | ||
Title: | RHSA-2013:0272: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0272-01 CESA-2013:0272 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 73 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23124 | |||
Oval ID: | oval:org.mitre.oval:def:23124 | ||
Title: | DEPRECATED: ELSA-2013:0271: firefox security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0271-02 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | devhelp firefox xulrunner yelp libproxy |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23153 | |||
Oval ID: | oval:org.mitre.oval:def:23153 | ||
Title: | DEPRECATED: ELSA-2013:0272: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0272-01 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24061 | |||
Oval ID: | oval:org.mitre.oval:def:24061 | ||
Title: | ELSA-2013:0272: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0272-01 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 25 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26212 | |||
Oval ID: | oval:org.mitre.oval:def:26212 | ||
Title: | SUSE-SU-2013:0471-1 -- Security update for Mozilla Firefox | ||
Description: | MozillaFirefox has been updated to the 17.0.4ESR release. Besides the major version update from the 10ESR stable release line to the 17ESR stable release line, this update brings critical security and bugfixes. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0471-1 CVE-2013-0787 CVE-2013-0780 CVE-2013-0782 CVE-2013-0776 CVE-2013-0775 CVE-2013-0774 CVE-2013-0773 CVE-2013-0765 CVE-2013-0772 CVE-2013-0783 | Version: | 5 |
Platform(s): | SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 10 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27532 | |||
Oval ID: | oval:org.mitre.oval:def:27532 | ||
Title: | DEPRECATED: ELSA-2013-0271 -- firefox security update (critical) | ||
Description: | firefox [17.0.3-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-4] - Added NM preferences [17.0.2-3] - Update to 17.0.2 ESR libproxy [0.3.0-4] - Rebuild against newer gecko xulrunner [17.0.3-1.0.2] - Increase release number and rebuild. [17.0.3-1.0.1] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-5] - Fixed NetworkManager preferences - Added fix for NM regression (mozbz#791626) [17.0.2-2] - Added fix for rhbz#816234 - NFS fix [17.0.2-1] - Update to 17.0.2 ESR [17.0.1-3] - Update to 17.0.1 ESR [17.0-1] - Update to 17.0 ESR [17.0-0.6.b5] - Update to 17 Beta 5 - Updated fix for rhbz#872752 - embeded crash [17.0-0.5.b4] - Added fix for rhbz#872752 - embeded crash [17.0-0.4.b4] - Update to 17 Beta 4 [17.0-0.3.b3] - Update to 17 Beta 3 - Updated ppc(64) patch (mozbz#746112) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0271 CVE-2013-0780 CVE-2013-0783 CVE-2013-0776 CVE-2013-0782 CVE-2013-0775 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | devhelp firefox xulrunner yelp libproxy |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27562 | |||
Oval ID: | oval:org.mitre.oval:def:27562 | ||
Title: | DEPRECATED: ELSA-2013-0272 -- thunderbird security update (critical) | ||
Description: | [17.0.3-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-2] - Update to 17.0.2 ESR [17.0-2] - Update to 17.0 ESR [17.0b2-0.1] - Update to 17.0b2 [17.0b1-0.1] - Rebase to 17 beta 1 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0272 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-141.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-1812.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-1823.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1823.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-1823.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-1812.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1812.nasl - Type : ACT_GATHER_INFO |
2013-09-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-23.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0271.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0272.nasl - Type : ACT_GATHER_INFO |
2013-06-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2699.nasl - Type : ACT_GATHER_INFO |
2013-03-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-201303-8506.nasl - Type : ACT_GATHER_INFO |
2013-03-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201303-130305.nasl - Type : ACT_GATHER_INFO |
2013-03-05 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2992.nasl - Type : ACT_GATHER_INFO |
2013-03-05 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2988.nasl - Type : ACT_GATHER_INFO |
2013-03-01 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1729-2.nasl - Type : ACT_GATHER_INFO |
2013-02-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1748-1.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0272.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130219_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130219_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0272.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1729-1.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_216.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_19_0.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0271.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e3f0374a7ad611e284cdd43d7e0c7c02.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_17_0_3_esr.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0271.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1703_esr.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1703.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_190.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1703_esr.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_3_esr.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_3.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:01:30 |
|
2013-03-07 21:19:52 |
|
2013-02-20 17:19:59 |
|
2013-02-20 13:20:20 |
|
2013-02-20 05:21:08 |
|