Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Firefox vulnerabilities
Informations
Name USN-1729-1 First vendor Publication 2013-02-20
Vendor Ubuntu Last vendor Modification 2013-02-20
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS

Summary:

Firefox could be made to crash or run programs as your login if it opened a malicious website.

Software Description: - firefox: Mozilla Open Source web browser

Details:

Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. (CVE-2013-0783, CVE-2013-0784)

Atte Kettunen discovered that Firefox could perform an out-of-bounds read while rendering GIF format images. An attacker could exploit this to crash Firefox. (CVE-2013-0772)

Boris Zbarsky discovered that Firefox did not properly handle some wrapped WebIDL objects. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0765)

Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0773)

Frederik Braun that Firefox made the location of the active browser profile available to JavaScript workers. (CVE-2013-0774)

A use-after-free vulnerability was discovered in Firefox. An attacker could potentially exploit this to execute code with the privileges of the user invoking Firefox. (CVE-2013-0775)

Michal Zalewski discovered that Firefox would not always show the correct address when cancelling a proxy authentication prompt. A remote attacker could exploit this to conduct URL spoofing and phishing attacks. (CVE-2013-0776)

Abhishek Arya discovered several problems related to memory handling. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 12.10:
firefox 19.0+build1-0ubuntu0.12.10.1

Ubuntu 12.04 LTS:
firefox 19.0+build1-0ubuntu0.12.04.1

Ubuntu 11.10:
firefox 19.0+build1-0ubuntu0.11.10.1

Ubuntu 10.04 LTS:
firefox 19.0+build1-0ubuntu0.10.04.1

After a standard system update you need to restart Firefox to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1729-1
CVE-2013-0765, CVE-2013-0772, CVE-2013-0773, CVE-2013-0774,
CVE-2013-0775, CVE-2013-0776, CVE-2013-0777, CVE-2013-0778,
CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782,
CVE-2013-0783, CVE-2013-0784, https://launchpad.net/bugs/1128883

Package Information:
https://launchpad.net/ubuntu/+source/firefox/19.0+build1-0ubuntu0.12.10.1
https://launchpad.net/ubuntu/+source/firefox/19.0+build1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/firefox/19.0+build1-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/firefox/19.0+build1-0ubuntu0.10.04.1

Original Source

Url : http://www.ubuntu.com/usn/USN-1729-1

CWE : Common Weakness Enumeration

% Id Name
44 % CWE-416 Use After Free
22 % CWE-125 Out-of-bounds Read
11 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
11 % CWE-295 Certificate Issues
11 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:16219
 
Oval ID: oval:org.mitre.oval:def:16219
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0783
Version: 21
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16383
 
Oval ID: oval:org.mitre.oval:def:16383
Title: Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.
Description: Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0780
Version: 22
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16619
 
Oval ID: oval:org.mitre.oval:def:16619
Title: The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
Description: The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0778
Version: 23
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16666
 
Oval ID: oval:org.mitre.oval:def:16666
Title: Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.
Description: Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0776
Version: 22
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16747
 
Oval ID: oval:org.mitre.oval:def:16747
Title: The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
Description: The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0779
Version: 23
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16797
 
Oval ID: oval:org.mitre.oval:def:16797
Title: Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.
Description: Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0774
Version: 22
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16861
 
Oval ID: oval:org.mitre.oval:def:16861
Title: The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.
Description: The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0773
Version: 22
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16906
 
Oval ID: oval:org.mitre.oval:def:16906
Title: Heap-based buffer overflow in the nsSaveAsCharseterbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors.
Description: Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0782
Version: 23
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16934
 
Oval ID: oval:org.mitre.oval:def:16934
Title: Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Description: Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0781
Version: 23
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16950
 
Oval ID: oval:org.mitre.oval:def:16950
Title: Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script.
Description: Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0775
Version: 23
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16977
 
Oval ID: oval:org.mitre.oval:def:16977
Title: Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Description: Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0777
Version: 23
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17097
 
Oval ID: oval:org.mitre.oval:def:17097
Title: Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
Description: Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0765
Version: 22
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17119
 
Oval ID: oval:org.mitre.oval:def:17119
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0784
Version: 22
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17159
 
Oval ID: oval:org.mitre.oval:def:17159
Title: The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.
Description: The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0772
Version: 23
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17832
 
Oval ID: oval:org.mitre.oval:def:17832
Title: USN-1729-2 -- firefox regression
Description: Due to a regression, Firefox might crash or freeze under normal use.
Family: unix Class: patch
Reference(s): USN-1729-2
CVE-2013-0783
CVE-2013-0784
CVE-2013-0772
CVE-2013-0765
CVE-2013-0773
CVE-2013-0774
CVE-2013-0775
CVE-2013-0776
CVE-2013-0777
CVE-2013-0778
CVE-2013-0779
CVE-2013-0780
CVE-2013-0781
CVE-2013-0782
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18301
 
Oval ID: oval:org.mitre.oval:def:18301
Title: USN-1729-1 -- firefox vulnerabilities
Description: Firefox could be made to crash or run programs as your login if it opened a malicious website.
Family: unix Class: patch
Reference(s): USN-1729-1
CVE-2013-0783
CVE-2013-0784
CVE-2013-0772
CVE-2013-0765
CVE-2013-0773
CVE-2013-0774
CVE-2013-0775
CVE-2013-0776
CVE-2013-0777
CVE-2013-0778
CVE-2013-0779
CVE-2013-0780
CVE-2013-0781
CVE-2013-0782
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18309
 
Oval ID: oval:org.mitre.oval:def:18309
Title: USN-1748-1 -- thunderbird vulnerabilities
Description: Several security issues were fixed in Thunderbird.
Family: unix Class: patch
Reference(s): USN-1748-1
CVE-2013-0773
CVE-2013-0774
CVE-2013-0775
CVE-2013-0776
CVE-2013-0777
CVE-2013-0778
CVE-2013-0779
CVE-2013-0780
CVE-2013-0781
CVE-2013-0782
CVE-2013-0783
CVE-2013-0784
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21124
 
Oval ID: oval:org.mitre.oval:def:21124
Title: RHSA-2013:0271: firefox security update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2013:0271-02
CESA-2013:0271
CVE-2013-0775
CVE-2013-0776
CVE-2013-0780
CVE-2013-0782
CVE-2013-0783
Version: 73
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): devhelp
firefox
xulrunner
yelp
libproxy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21148
 
Oval ID: oval:org.mitre.oval:def:21148
Title: RHSA-2013:0272: thunderbird security update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): RHSA-2013:0272-01
CESA-2013:0272
CVE-2013-0775
CVE-2013-0776
CVE-2013-0780
CVE-2013-0782
CVE-2013-0783
Version: 73
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23124
 
Oval ID: oval:org.mitre.oval:def:23124
Title: DEPRECATED: ELSA-2013:0271: firefox security update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:0271-02
CVE-2013-0775
CVE-2013-0776
CVE-2013-0780
CVE-2013-0782
CVE-2013-0783
Version: 26
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): devhelp
firefox
xulrunner
yelp
libproxy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23153
 
Oval ID: oval:org.mitre.oval:def:23153
Title: DEPRECATED: ELSA-2013:0272: thunderbird security update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:0272-01
CVE-2013-0775
CVE-2013-0776
CVE-2013-0780
CVE-2013-0782
CVE-2013-0783
Version: 26
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23462
 
Oval ID: oval:org.mitre.oval:def:23462
Title: ELSA-2013:0271: firefox security update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:0271-02
CVE-2013-0775
CVE-2013-0776
CVE-2013-0780
CVE-2013-0782
CVE-2013-0783
Version: 25
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): devhelp
firefox
xulrunner
yelp
libproxy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24061
 
Oval ID: oval:org.mitre.oval:def:24061
Title: ELSA-2013:0272: thunderbird security update (Critical)
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:0272-01
CVE-2013-0775
CVE-2013-0776
CVE-2013-0780
CVE-2013-0782
CVE-2013-0783
Version: 25
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25306
 
Oval ID: oval:org.mitre.oval:def:25306
Title: SUSE-SU-2013:0410-1 -- Security update for Mozilla Firefox
Description: MozillaFirefox has been updated to the 17.0.3ESR release. Important: due to compatibility issues, the Beagle plug-in for MozillaFirefox is temporarily disabled by this update.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0410-1
CVE-2013-0780
CVE-2013-0782
CVE-2013-0776
CVE-2013-0775
CVE-2013-0774
CVE-2013-0773
CVE-2013-0765
CVE-2013-0772
CVE-2013-0783
Version: 5
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26212
 
Oval ID: oval:org.mitre.oval:def:26212
Title: SUSE-SU-2013:0471-1 -- Security update for Mozilla Firefox
Description: MozillaFirefox has been updated to the 17.0.4ESR release. Besides the major version update from the 10ESR stable release line to the 17ESR stable release line, this update brings critical security and bugfixes.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0471-1
CVE-2013-0787
CVE-2013-0780
CVE-2013-0782
CVE-2013-0776
CVE-2013-0775
CVE-2013-0774
CVE-2013-0773
CVE-2013-0765
CVE-2013-0772
CVE-2013-0783
Version: 5
Platform(s): SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 10
Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27532
 
Oval ID: oval:org.mitre.oval:def:27532
Title: DEPRECATED: ELSA-2013-0271 -- firefox security update (critical)
Description: firefox [17.0.3-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-4] - Added NM preferences [17.0.2-3] - Update to 17.0.2 ESR libproxy [0.3.0-4] - Rebuild against newer gecko xulrunner [17.0.3-1.0.2] - Increase release number and rebuild. [17.0.3-1.0.1] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-5] - Fixed NetworkManager preferences - Added fix for NM regression (mozbz#791626) [17.0.2-2] - Added fix for rhbz#816234 - NFS fix [17.0.2-1] - Update to 17.0.2 ESR [17.0.1-3] - Update to 17.0.1 ESR [17.0-1] - Update to 17.0 ESR [17.0-0.6.b5] - Update to 17 Beta 5 - Updated fix for rhbz#872752 - embeded crash [17.0-0.5.b4] - Added fix for rhbz#872752 - embeded crash [17.0-0.4.b4] - Update to 17 Beta 4 [17.0-0.3.b3] - Update to 17 Beta 3 - Updated ppc(64) patch (mozbz#746112)
Family: unix Class: patch
Reference(s): ELSA-2013-0271
CVE-2013-0780
CVE-2013-0783
CVE-2013-0776
CVE-2013-0782
CVE-2013-0775
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): devhelp
firefox
xulrunner
yelp
libproxy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27562
 
Oval ID: oval:org.mitre.oval:def:27562
Title: DEPRECATED: ELSA-2013-0272 -- thunderbird security update (critical)
Description: [17.0.3-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-2] - Update to 17.0.2 ESR [17.0-2] - Update to 17.0 ESR [17.0b2-0.1] - Update to 17.0b2 [17.0b1-0.1] - Rebase to 17 beta 1
Family: unix Class: patch
Reference(s): ELSA-2013-0272
CVE-2013-0775
CVE-2013-0776
CVE-2013-0780
CVE-2013-0782
CVE-2013-0783
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 328
Application 21
Application 171
Application 222
Application 17
Os 4
Os 1
Os 3
Os 1
Os 2
Os 2
Os 2
Os 2

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-141.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2013-1812.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2013-1823.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1823.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2013-1823.nasl - Type : ACT_GATHER_INFO
2013-12-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2013-1812.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1812.nasl - Type : ACT_GATHER_INFO
2013-09-28 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201309-23.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0271.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2013-0272.nasl - Type : ACT_GATHER_INFO
2013-06-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2699.nasl - Type : ACT_GATHER_INFO
2013-03-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_firefox-201303-8506.nasl - Type : ACT_GATHER_INFO
2013-03-10 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_firefox-201303-130305.nasl - Type : ACT_GATHER_INFO
2013-03-05 Name : The remote Fedora host is missing a security update.
File : fedora_2013-2992.nasl - Type : ACT_GATHER_INFO
2013-03-05 Name : The remote Fedora host is missing a security update.
File : fedora_2013-2988.nasl - Type : ACT_GATHER_INFO
2013-03-01 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1729-2.nasl - Type : ACT_GATHER_INFO
2013-02-26 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1748-1.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2013-0272.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130219_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130219_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0272.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1729-1.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : seamonkey_216.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_19_0.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0271.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_e3f0374a7ad611e284cdd43d7e0c7c02.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_17_0_3_esr.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0271.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote Windows host contains a mail client that is potentially affected b...
File : mozilla_thunderbird_1703_esr.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote Windows host contains a mail client that is potentially affected b...
File : mozilla_thunderbird_1703.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_190.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_1703_esr.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote Mac OS X host contains a mail client that is potentially affected ...
File : macosx_thunderbird_17_0_3_esr.nasl - Type : ACT_GATHER_INFO
2013-02-20 Name : The remote Mac OS X host contains a mail client that is potentially affected ...
File : macosx_thunderbird_17_0_3.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2014-02-17 12:01:30
  • Multiple Updates
2013-03-07 21:19:52
  • Multiple Updates
2013-02-20 17:19:59
  • Multiple Updates
2013-02-20 13:20:20
  • Multiple Updates
2013-02-20 05:21:08
  • First insertion