Executive Summary
Summary | |
---|---|
Title | Firefox vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-592-1 | First vendor Publication | 2008-03-26 |
Vendor | Ubuntu | Last vendor Modification | 2008-03-26 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: Ubuntu 7.04: Ubuntu 7.10: After a standard system upgrade you need to restart firefox to effect the necessary changes. Details follow: Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws in Firefox's character encoding handling. If a user were tricked into opening a malicious web page, an attacker could perform cross-site scripting attacks. (CVE-2008-0416) Various flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious web page, an attacker could escalate privileges within the browser, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. (CVE-2008-1233, CVE-2008-1234, CVE-2008-1235) Several problems were discovered in Firefox which could lead to crashes and memory corruption. If a user were tricked into opening a malicious web page, an attacker may be able to execute arbitrary code with the user's privileges. (CVE-2008-1236, CVE-2008-1237) Gregory Fleischer discovered Firefox did not properly process HTTP Referrer headers when they were sent with with requests to URLs containing Basic Authentication credentials with empty usernames. An attacker could exploit this vulnerability to perform cross-site request forgery attacks. (CVE-2008-1238) Peter Brodersen and Alexander Klink reported that default the setting in Firefox for SSL Client Authentication allowed for users to be tracked via their client certificate. The default has been changed to prompt the user each time a website requests a client certificate. (CVE-2007-4879) Gregory Fleischer discovered that web content fetched via the jar protocol could use Java LiveConnect to connect to arbitrary ports on the user's machine due to improper parsing in the Java plugin. If a user were tricked into opening malicious web content, an attacker may be able to access services running on the user's machine. (CVE-2008-1195, CVE-2008-1240) Chris Thomas discovered that Firefox would allow an XUL popup from an unselected tab to display in front of the selected tab. An attacker could exploit this behavior to spoof a login prompt and steal the user's credentials. (CVE-2008-1241) |
Original Source
Url : http://www.ubuntu.com/usn/USN-592-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
12 % | CWE-287 | Improper Authentication |
12 % | CWE-254 | Security Features |
12 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
12 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10980 | |||
Oval ID: | oval:org.mitre.oval:def:10980 | ||
Title: | Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals." | ||
Description: | Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1235 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11788 | |||
Oval ID: | oval:org.mitre.oval:def:11788 | ||
Title: | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. | ||
Description: | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1236 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17490 | |||
Oval ID: | oval:org.mitre.oval:def:17490 | ||
Title: | USN-605-1 -- mozilla-thunderbird, thunderbird vulnerabilities | ||
Description: | Various flaws were discovered in the JavaScript engine. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-605-1 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | mozilla-thunderbird thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17694 | |||
Oval ID: | oval:org.mitre.oval:def:17694 | ||
Title: | USN-592-1 -- firefox vulnerabilities | ||
Description: | Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws in Firefox's character encoding handling. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-592-1 CVE-2008-0416 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2007-4879 CVE-2008-1195 CVE-2008-1240 CVE-2008-1241 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22699 | |||
Oval ID: | oval:org.mitre.oval:def:22699 | ||
Title: | ELSA-2008:0209: thunderbird security update (Moderate) | ||
Description: | GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0209-01 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1241 | Version: | 33 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22714 | |||
Oval ID: | oval:org.mitre.oval:def:22714 | ||
Title: | ELSA-2008:0207: firefox security update (Critical) | ||
Description: | GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0207-01 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1241 | Version: | 33 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9651 | |||
Oval ID: | oval:org.mitre.oval:def:9651 | ||
Title: | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. | ||
Description: | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1237 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9889 | |||
Oval ID: | oval:org.mitre.oval:def:9889 | ||
Title: | Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. | ||
Description: | Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1238 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-28 | Name : Java for Mac OS X 10.5 Update 2 File : nvt/macosx_java_for_10_5_upd_2.nasl |
2009-10-13 | Name : SLES10: Security update for IBM Java 1.4.2 File : nvt/sles10_java-1_4_2-ibm3.nasl |
2009-10-13 | Name : SLES10: Security update for Sun Java File : nvt/sles10_java-1_4_2-sun1.nasl |
2009-10-13 | Name : SLES10: Security update for IBM Java 1.5.0 File : nvt/sles10_java-1_5_0-ibm4.nasl |
2009-10-13 | Name : SLES10: Security update for epiphany File : nvt/sles10_mozilla-xulrunn.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java 2 JRE and SDK File : nvt/sles9p5023603.nasl |
2009-10-10 | Name : SLES9: Security update for Java2 File : nvt/sles9p5023078.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java 5 and JRE File : nvt/sles9p5023460.nasl |
2009-10-10 | Name : SLES9: Security update for Mozilla File : nvt/sles9p5022953.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:080 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_080.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:155 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2008_155.nasl |
2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:155-1 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2008_155_1.nasl |
2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-605-1 File : nvt/gb_ubuntu_USN_605_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-592-1 File : nvt/gb_ubuntu_USN_592_1.nasl |
2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-576-1 File : nvt/gb_ubuntu_USN_576_1.nasl |
2009-03-06 | Name : RedHat Update for thunderbird RHSA-2008:0209-01 File : nvt/gb_RHSA-2008_0209-01_thunderbird.nasl |
2009-03-06 | Name : RedHat Update for seamonkey RHSA-2008:0208-01 File : nvt/gb_RHSA-2008_0208-01_seamonkey.nasl |
2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0207-01 File : nvt/gb_RHSA-2008_0207-01_firefox.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0208 centos4 i386 File : nvt/gb_CESA-2008_0208_seamonkey_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0207 centos3 i386 File : nvt/gb_CESA-2008_0207_firefox_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0207 centos3 x86_64 File : nvt/gb_CESA-2008_0207_firefox_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0207 centos4 i386 File : nvt/gb_CESA-2008_0207_firefox_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for firefox CESA-2008:0207 centos4 x86_64 File : nvt/gb_CESA-2008_0207_firefox_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0208 centos3 x86_64 File : nvt/gb_CESA-2008_0208_seamonkey_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0208-01 centos2 i386 File : nvt/gb_CESA-2008_0208-01_seamonkey_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0208 centos3 i386 File : nvt/gb_CESA-2008_0208_seamonkey_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64 File : nvt/gb_CESA-2008_0209_thunderbird_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0209 centos4 i386 File : nvt/gb_CESA-2008_0209_thunderbird_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0208 centos4 x86_64 File : nvt/gb_CESA-2008_0208_seamonkey_centos4_x86_64.nasl |
2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-3557 File : nvt/gb_fedora_2008_3557_thunderbird_fc8.nasl |
2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-3519 File : nvt/gb_fedora_2008_3519_thunderbird_fc7.nasl |
2009-02-16 | Name : Fedora Update for epiphany FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_epiphany_fc8.nasl |
2009-02-16 | Name : Fedora Update for firefox FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_firefox_fc8.nasl |
2009-02-16 | Name : Fedora Update for galeon FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_galeon_fc8.nasl |
2009-02-16 | Name : Fedora Update for epiphany-extensions FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_epiphany-extensions_fc8.nasl |
2009-02-16 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_gnome-python2-extras_fc8.nasl |
2009-02-16 | Name : Fedora Update for gnome-web-photo FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_gnome-web-photo_fc8.nasl |
2009-02-16 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_gtkmozembedmm_fc8.nasl |
2009-02-16 | Name : Fedora Update for kazehakase FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_kazehakase_fc8.nasl |
2009-02-16 | Name : Fedora Update for liferea FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_liferea_fc8.nasl |
2009-02-16 | Name : Fedora Update for openvrml FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_openvrml_fc8.nasl |
2009-02-16 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_ruby-gnome2_fc8.nasl |
2009-02-16 | Name : Fedora Update for yelp FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_yelp_fc8.nasl |
2009-02-16 | Name : Fedora Update for yelp FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_yelp_fc7.nasl |
2009-02-16 | Name : Fedora Update for chmsee FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_chmsee_fc8.nasl |
2009-02-16 | Name : Fedora Update for Miro FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_Miro_fc7.nasl |
2009-02-16 | Name : Fedora Update for chmsee FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_chmsee_fc7.nasl |
2009-02-16 | Name : Fedora Update for devhelp FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_devhelp_fc7.nasl |
2009-02-16 | Name : Fedora Update for epiphany-extensions FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_epiphany-extensions_fc7.nasl |
2009-02-16 | Name : Fedora Update for epiphany FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_epiphany_fc7.nasl |
2009-02-16 | Name : Fedora Update for firefox FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_firefox_fc7.nasl |
2009-02-16 | Name : Fedora Update for galeon FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_galeon_fc7.nasl |
2009-02-16 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_gnome-python2-extras_fc7.nasl |
2009-02-16 | Name : Fedora Update for kazehakase FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_kazehakase_fc7.nasl |
2009-02-16 | Name : Fedora Update for liferea FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_liferea_fc7.nasl |
2009-02-16 | Name : Fedora Update for openvrml FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_openvrml_fc7.nasl |
2009-02-16 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_ruby-gnome2_fc7.nasl |
2009-02-16 | Name : Fedora Update for Miro FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_Miro_fc8.nasl |
2009-02-16 | Name : Fedora Update for blam FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_blam_fc8.nasl |
2009-02-16 | Name : Fedora Update for devhelp FEDORA-2008-2682 File : nvt/gb_fedora_2008_2682_devhelp_fc8.nasl |
2009-02-16 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-2662 File : nvt/gb_fedora_2008_2662_gtkmozembedmm_fc7.nasl |
2009-01-23 | Name : SuSE Update for MozillaFirefox SUSE-SA:2008:019 File : nvt/gb_suse_2008_019.nasl |
2009-01-23 | Name : SuSE Update for IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm SUSE-SA:2008... File : nvt/gb_suse_2008_025.nasl |
2009-01-23 | Name : SuSE Update for Sun Java SUSE-SA:2008:018 File : nvt/gb_suse_2008_018.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-20 (sun-jdk, sun-jre-bin, emul-linux-x86... File : nvt/glsa_200804_20.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-28 (jrockit-jdk-bin) File : nvt/glsa_200804_28.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-18 (mozilla ...) File : nvt/glsa_200805_18.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200806-11 (ibm-jdk-bin ibm-jre-bin) File : nvt/glsa_200806_11.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox33.nasl |
2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox32.nasl |
2008-06-17 | Name : Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Lin) File : nvt/mozilla_CB-A08-0017.nasl |
2008-06-17 | Name : Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Win) File : nvt/smbcl_mozilla.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1574-1 (icedove) File : nvt/deb_1574_1.nasl |
2008-04-30 | Name : Debian Security Advisory DSA 1534-2 (iceape) File : nvt/deb_1534_2.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1535-1 (iceweasel) File : nvt/deb_1535_1.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1534-1 (iceape) File : nvt/deb_1534_1.nasl |
2008-04-07 | Name : Debian Security Advisory DSA 1532-1 (xulrunner) File : nvt/deb_1532_1.nasl |
2008-03-19 | Name : Debian Security Advisory DSA 1485-2 (icedove) File : nvt/deb_1485_2.nasl |
2008-02-15 | Name : Debian Security Advisory DSA 1489-1 (iceweasel) File : nvt/deb_1489_1.nasl |
2008-02-15 | Name : Debian Security Advisory DSA 1485-1 (icedove) File : nvt/deb_1485_1.nasl |
2008-02-15 | Name : Debian Security Advisory DSA 1484-1 (xulrunner) File : nvt/deb_1484_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-128-02 mozilla-thunderbird File : nvt/esoft_slk_ssa_2008_128_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43878 | Mozilla Multiple Products pref_DoCallback nsPref:changed Notification Observ... |
43877 | Mozilla Multiple Products on Mac OS X Quartz Drawing Code Malformed Image Di... |
43876 | Mozilla Multiple Products ARGB32_image_ARGB32() GIF Handling DoS |
43875 | Mozilla Multiple Products Window Zooming Unspecified DoS |
43874 | Mozilla Multiple Products DocumentViewerImpl::Destroy Popup DoS |
43873 | Mozilla Multiple Products GetNearestCapturingView iframe Style Editing DoS |
43872 | Mozilla Multiple Products JS_ValueToId Null String Handling DoS |
43871 | Mozilla Multiple Products js_FilterXMLList Block Object Handling DoS |
43870 | Mozilla Multiple Products JSOP_NEG js_NewNumberValue SAVE_SP_AND_PC Unspecif... |
43869 | Mozilla Multiple Products jsobj.c fp Assertion Failure Unspecified DoS |
43868 | Mozilla Multiple Products jsinterp.c Multiple Macros SAVE_SP_AND_PC Privileg... |
43867 | Mozilla Multiple Products JS_CompileUCFunctionForPrincipals js_NewFunction P... |
43866 | Mozilla Multiple Products JSOP_YIELD / JSOP_ARRAYPUSH SAVE_SP_AND_PC Privile... |
43865 | Mozilla Multiple Products XPCNativeWrapper Chrome XBL Method Bypass |
43864 | Mozilla Multiple Products XPCNativeWrapper tabbrowser.xml Multiple Function ... |
43863 | Mozilla Multiple Products XPCNativeWrapper Function Constructor Arbitrary Co... |
43862 | Mozilla Multiple Products XPCNativeWrapper setTimeout() Arbitrary Code Execu... |
43861 | Mozilla Multiple Products XMLHttpRequest Event Handler XSS |
43860 | Mozilla Multiple Products XMLDocument.load() Event Handler XSS |
43859 | Mozilla Multiple Products Indirect Eval Cross Principal Code Execution |
43858 | Mozilla Multiple Products js_ValueToFunctionObject Cloned Function Privilege... |
43857 | Mozilla Multiple Products Mixed Principal Overlay Privilege Escalation |
43849 | Mozilla Multiple Browsers Basic Authentication Referrer Header Spoofing |
43848 | Mozilla Multiple Browsers SSL Client Authentication Certificate Information D... |
43847 | Mozilla Multiple Browsers LiveConnect jar: Protocol Handling Arbitrary Local ... |
43846 | Mozilla Multiple Browsers Cross-tab XUL Pop-up Spoofing |
42601 | Sun Java JRE JavaScript Arbitrary Java API Access Java JRE/JDK contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a Java applet is able to access arbitrary network services via unspecified vectors in the Java API. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
42056 | Mozilla Multiple Browsers Character Encoding Multiple Unspecified XSS |
38036 | Mozilla Firefox TLS Client Certificate Cross Domain Tracking |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla Firefox IFRAME style change handling code execution RuleID : 17570 - Revision : 5 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox IFRAME style change handling code execution RuleID : 13838 - Revision : 12 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0209.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0208.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0207.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0104.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0103.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0267.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080714_java__jdk_1_5_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20080403_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080327_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080326_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12142.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0210.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0186.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0132.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0010.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-155.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-080.nasl - Type : ACT_GATHER_INFO |
2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_rel7.nasl - Type : ACT_GATHER_INFO |
2008-09-25 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_10_5_update2.nasl - Type : ACT_GATHER_INFO |
2008-06-09 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5329.nasl - Type : ACT_GATHER_INFO |
2008-05-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-128-02.nasl - Type : ACT_GATHER_INFO |
2008-05-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-18.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1574.nasl - Type : ACT_GATHER_INFO |
2008-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3519.nasl - Type : ACT_GATHER_INFO |
2008-05-11 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3557.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-605-1.nasl - Type : ACT_GATHER_INFO |
2008-05-06 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20014.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5219.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5218.nasl - Type : ACT_GATHER_INFO |
2008-04-28 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_67bd39ba12b511ddbab70016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-5183.nasl - Type : ACT_GATHER_INFO |
2008-04-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-5182.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5167.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner-5163.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner181-5158.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-20.nasl - Type : ACT_GATHER_INFO |
2008-04-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner-5164.nasl - Type : ACT_GATHER_INFO |
2008-04-17 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0209.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1535.nasl - Type : ACT_GATHER_INFO |
2008-04-11 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5153.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_6_0-sun-5132.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-5133.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0209.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-sun-5131.nasl - Type : ACT_GATHER_INFO |
2008-04-04 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_4_2-sun-5130.nasl - Type : ACT_GATHER_INFO |
2008-04-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5134.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1534.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_12b336c6fe3611dcb09c001c2514716c.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5135.nasl - Type : ACT_GATHER_INFO |
2008-03-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1532.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-2662.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0207.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-2682.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0208.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-592-1.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0208.nasl - Type : ACT_GATHER_INFO |
2008-03-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0207.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20013.nasl - Type : ACT_GATHER_INFO |
2008-03-26 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_119.nasl - Type : ACT_GATHER_INFO |
2008-02-27 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20012.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0104.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-576-1.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0103.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1489.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1485.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1484.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0104.nasl - Type : ACT_GATHER_INFO |
2008-02-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0103.nasl - Type : ACT_GATHER_INFO |
2008-02-08 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_118.nasl - Type : ACT_GATHER_INFO |
2008-02-08 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20012.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:05:00 |
|