Executive Summary
| Summary | |
|---|---|
| Title | Thunderbird vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-1952-1 | First vendor Publication | 2013-09-18 |
| Vendor | Ubuntu | Last vendor Modification | 2013-09-18 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1718) Atte Kettunen discovered a flaw in the HTML5 Tree Builder when interacting with template elements. If a user had scripting enabled, in some circumstances an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1720) Alex Chapman discovered an integer overflow vulnerability in the ANGLE library. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1721) Abhishek Arya discovered a use-after-free in the Animation Manager. If a user had scripting enabled, an attacked could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1722) Scott Bell discovered a use-after-free when using a select element. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1724) It was discovered that the scope of new Javascript objects could be accessed before their compartment is initialized. If a user had scripting enabled, an attacker could potentially exploit this to execute code with the privileges of the user invoking Thunderbird. (CVE-2013-1725) Dan Gohman discovered that some variables and data were used in IonMonkey, without being initialized, which could lead to information leakage. (CVE-2013-1728) Sachin Shinde discovered a crash when moving some XBL-backed nodes in to a document created by document.open(). If a user had scripting enabled, an attacker could potentially exploit this to cause a denial of service. (CVE-2013-1730) Aki Helin discovered a buffer overflow when combining lists, floats and multiple columns. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1732) Two memory corruption bugs when scrolling were discovered. If a user had scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1735, CVE-2013-1736) Boris Zbarsky discovered that user-defined getters on DOM proxies would use the expando object as "this". If a user had scripting enabled, an attacker could potentially exploit this by tricking add-on code in to making incorrect security sensitive decisions based on malicious values. (CVE-2013-1737) A use-after-free bug was discovered in Thunderbird. If a user had scripting enabled, an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2013-1738) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.04: Ubuntu 12.10: Ubuntu 12.04 LTS: After a standard system update you need to restart Thunderbird to make all the necessary changes. References: Package Information: |
Original Source
| Url : http://www.ubuntu.com/usn/USN-1952-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 62 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 23 % | CWE-399 | Resource Management Errors |
| 8 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 8 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:18443 | |||
| Oval ID: | oval:org.mitre.oval:def:18443 | ||
| Title: | Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling. | ||
| Description: | Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1735 | Version: | 22 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18520 | |||
| Oval ID: | oval:org.mitre.oval:def:18520 | ||
| Title: | Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout. | ||
| Description: | Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1732 | Version: | 22 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18617 | |||
| Oval ID: | oval:org.mitre.oval:def:18617 | ||
| Title: | The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state. | ||
| Description: | The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1720 | Version: | 22 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18766 | |||
| Oval ID: | oval:org.mitre.oval:def:18766 | ||
| Title: | Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration. | ||
| Description: | Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1738 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18789 | |||
| Oval ID: | oval:org.mitre.oval:def:18789 | ||
| Title: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the thisobject during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
| Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1737 | Version: | 22 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18856 | |||
| Oval ID: | oval:org.mitre.oval:def:18856 | ||
| Title: | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes. | ||
| Description: | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1736 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18902 | |||
| Oval ID: | oval:org.mitre.oval:def:18902 | ||
| Title: | The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. | ||
| Description: | The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1728 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18939 | |||
| Oval ID: | oval:org.mitre.oval:def:18939 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1718 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18982 | |||
| Oval ID: | oval:org.mitre.oval:def:18982 | ||
| Title: | Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element. | ||
| Description: | Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1724 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18993 | |||
| Oval ID: | oval:org.mitre.oval:def:18993 | ||
| Title: | Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site. | ||
| Description: | Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1721 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19022 | |||
| Oval ID: | oval:org.mitre.oval:def:19022 | ||
| Title: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. | ||
| Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1730 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19025 | |||
| Oval ID: | oval:org.mitre.oval:def:19025 | ||
| Title: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. | ||
| Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1725 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19031 | |||
| Oval ID: | oval:org.mitre.oval:def:19031 | ||
| Title: | Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning. | ||
| Description: | Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1722 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19331 | |||
| Oval ID: | oval:org.mitre.oval:def:19331 | ||
| Title: | USN-1952-1 -- thunderbird vulnerabilities | ||
| Description: | Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1952-1 CVE-2013-1718 CVE-2013-1720 CVE-2013-1721 CVE-2013-1722 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 | Version: | 5 |
| Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19389 | |||
| Oval ID: | oval:org.mitre.oval:def:19389 | ||
| Title: | USN-1951-1 -- firefox vulnerabilities | ||
| Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1951-1 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1721 CVE-2013-1722 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 | Version: | 5 |
| Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19877 | |||
| Oval ID: | oval:org.mitre.oval:def:19877 | ||
| Title: | DSA-2762-1 icedove - several | ||
| Description: | Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2762-1 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19905 | |||
| Oval ID: | oval:org.mitre.oval:def:19905 | ||
| Title: | DSA-2759-1 iceweasel - several | ||
| Description: | Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows may lead to the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2759-1 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20767 | |||
| Oval ID: | oval:org.mitre.oval:def:20767 | ||
| Title: | RHSA-2013:1268: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:1268-00 CESA-2013:1268 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 115 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20907 | |||
| Oval ID: | oval:org.mitre.oval:def:20907 | ||
| Title: | RHSA-2013:1269: thunderbird security update (Important) | ||
| Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2013:1269-00 CESA-2013:1269 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 115 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23194 | |||
| Oval ID: | oval:org.mitre.oval:def:23194 | ||
| Title: | DEPRECATED: ELSA-2013:1269: thunderbird security update (Important) | ||
| Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1269-00 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 38 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23564 | |||
| Oval ID: | oval:org.mitre.oval:def:23564 | ||
| Title: | DEPRECATED: ELSA-2013:1268: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1268-00 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 38 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23767 | |||
| Oval ID: | oval:org.mitre.oval:def:23767 | ||
| Title: | ELSA-2013:1269: thunderbird security update (Important) | ||
| Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1269-00 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 37 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:24179 | |||
| Oval ID: | oval:org.mitre.oval:def:24179 | ||
| Title: | ELSA-2013:1268: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013:1268-00 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 37 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27396 | |||
| Oval ID: | oval:org.mitre.oval:def:27396 | ||
| Title: | DEPRECATED: ELSA-2013-1269 -- thunderbird security update (important) | ||
| Description: | [17.0.9-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.9-1] - Update to 17.0.9 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1269 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27401 | |||
| Oval ID: | oval:org.mitre.oval:def:27401 | ||
| Title: | DEPRECATED: ELSA-2013-1268 -- firefox security update (critical) | ||
| Description: | firefox [17.0.9-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.9-1] - Update to 17.0.9 ESR [17.0.8-4] - Added fix for mozbz#601442 - Support the extensions.getAddons.showPane pref again in the Add-ons Manager UI, a part of rhbz#818636 fix. [17.0.8-3] - Fixed rhbz#818636 - Firefox allows install of addons, disregarding xpinstall.enabled flag set as false. [17.0.8-2] - Updated manual page xulrunner [17.0.9-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.9-1] - Update to 17.0.9 ESR [17.0.8-5] - Fixed mozbz#633001 - Cannot open ipv6 address with self-signed certificate [17.0.8-4] - Fixed rhbz#818636 - Firefox allows install of addons, disregarding xpinstall.enabled flag set as false. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2013-1268 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-819.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-720.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-719.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-718.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-717.nasl - Type : ACT_GATHER_INFO |
| 2013-10-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7dfed67b20aa11e3b8d80025905a4771.nasl - Type : ACT_GATHER_INFO |
| 2013-09-30 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-17047.nasl - Type : ACT_GATHER_INFO |
| 2013-09-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-23.nasl - Type : ACT_GATHER_INFO |
| 2013-09-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-130919.nasl - Type : ACT_GATHER_INFO |
| 2013-09-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2762.nasl - Type : ACT_GATHER_INFO |
| 2013-09-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-17074.nasl - Type : ACT_GATHER_INFO |
| 2013-09-21 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-16992.nasl - Type : ACT_GATHER_INFO |
| 2013-09-19 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24.nasl - Type : ACT_GATHER_INFO |
| 2013-09-19 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1952-1.nasl - Type : ACT_GATHER_INFO |
| 2013-09-19 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_221.nasl - Type : ACT_GATHER_INFO |
| 2013-09-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2759.nasl - Type : ACT_GATHER_INFO |
| 2013-09-19 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_9_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-09-19 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24.nasl - Type : ACT_GATHER_INFO |
| 2013-09-19 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_9_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-09-19 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24.nasl - Type : ACT_GATHER_INFO |
| 2013-09-19 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_0.nasl - Type : ACT_GATHER_INFO |
| 2013-09-19 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1709_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-09-19 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1709_esr.nasl - Type : ACT_GATHER_INFO |
| 2013-09-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130917_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-09-18 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-1269.nasl - Type : ACT_GATHER_INFO |
| 2013-09-18 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1951-1.nasl - Type : ACT_GATHER_INFO |
| 2013-09-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130917_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-09-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1269.nasl - Type : ACT_GATHER_INFO |
| 2013-09-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1268.nasl - Type : ACT_GATHER_INFO |
| 2013-09-18 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-1269.nasl - Type : ACT_GATHER_INFO |
| 2013-09-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1268.nasl - Type : ACT_GATHER_INFO |
| 2013-09-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1268.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:02:28 |
|
| 2013-09-18 21:25:04 |
|
| 2013-09-18 21:20:39 |
|
