Executive Summary

Summary
Title Firefox 3.0 and Xulrunner 1.9 vulnerabilities
Informations
Name USN-873-1 First vendor Publication 2009-12-18
Vendor Ubuntu Last vendor Modification 2009-12-18
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS:
firefox-3.0 3.0.16+nobinonly-0ubuntu0.8.04.1
xulrunner-1.9 1.9.0.16+nobinonly-0ubuntu0.8.04.1

Ubuntu 8.10:
abrowser 3.0.16+nobinonly-0ubuntu0.8.10.1
firefox-3.0 3.0.16+nobinonly-0ubuntu0.8.10.1
xulrunner-1.9 1.9.0.16+nobinonly-0ubuntu0.8.10.1

Ubuntu 9.04:
abrowser 3.0.16+nobinonly-0ubuntu0.9.04.1
firefox-3.0 3.0.16+nobinonly-0ubuntu0.9.04.1
xulrunner-1.9 1.9.0.16+nobinonly-0ubuntu0.9.04.1

After a standard system upgrade you need to restart Firefox and any applications that use xulrunner to effect the necessary changes.

Details follow:

Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986)

Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. (CVE-2009-3983)

Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)

Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-3985)

Original Source

Url : http://www.ubuntu.com/usn/USN-873-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10047
 
Oval ID: oval:org.mitre.oval:def:10047
Title: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
Description: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3983
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10956
 
Oval ID: oval:org.mitre.oval:def:10956
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3979
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11568
 
Oval ID: oval:org.mitre.oval:def:11568
Title: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
Description: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3986
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13002
 
Oval ID: oval:org.mitre.oval:def:13002
Title: USN-873-1 -- firefox-3.0, xulrunner-1.9 vulnerabilities
Description: Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack
Family: unix Class: patch
Reference(s): USN-873-1
CVE-2009-3979
CVE-2009-3981
CVE-2009-3986
CVE-2009-3983
CVE-2009-3984
CVE-2009-3985
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13283
 
Oval ID: oval:org.mitre.oval:def:13283
Title: USN-877-1 -- firefox-3.0, xulrunner-1.9 regression
Description: USN-873-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced a regression when using NTLM authentication. This update fixes the problem and added additional stability fixes. We apologize for the inconvenience. Original advisory details: Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, and David James discovered several flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. If an NTLM authenticated user visited a malicious website, a remote attacker could send requests to other applications, authenticated as the user. Jonathan Morgan discovered that Firefox did not properly display SSL indicators under certain circumstances. This could be used by an attacker to spoof an encrypted page, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly display invalid URLs for a blank page. If a user were tricked into accessing a malicious website, an attacker could exploit this to spoof the location bar, such as in a phishing attack
Family: unix Class: patch
Reference(s): USN-877-1
CVE-2009-3979
CVE-2009-3981
CVE-2009-3986
CVE-2009-3983
CVE-2009-3984
CVE-2009-3985
Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product(s): firefox-3.0
xulrunner-1.9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13666
 
Oval ID: oval:org.mitre.oval:def:13666
Title: DSA-1956-1 xulrunner -- several
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3986: David James discovered that the window.opener property allows Chrome privilege escalation. CVE-2009-3985: Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. CVE-2009-3984: Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. CVE-2009-3983: Takehiro Takahashi discovered that the NTLM implementaion is vulnerable to reflection attacks. CVE-2009-3981: Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3979: Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 1.9.0.16-1. For the unstable distribution, these problems have been fixed in version 1.9.1.6-1. We recommend that you upgrade your xulrunner packages.
Family: unix Class: patch
Reference(s): DSA-1956-1
CVE-2009-3986
CVE-2009-3985
CVE-2009-3984
CVE-2009-3983
CVE-2009-3981
CVE-2009-3979
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22838
 
Oval ID: oval:org.mitre.oval:def:22838
Title: ELSA-2009:1674: firefox security update (Critical)
Description: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
Family: unix Class: patch
Reference(s): ELSA-2009:1674-01
CVE-2009-3979
CVE-2009-3981
CVE-2009-3983
CVE-2009-3984
CVE-2009-3985
CVE-2009-3986
Version: 29
Platform(s): Oracle Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29342
 
Oval ID: oval:org.mitre.oval:def:29342
Title: RHSA-2009:1674 -- firefox security update (Critical)
Description: Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
Family: unix Class: patch
Reference(s): RHSA-2009:1674
CESA-2009:1674-CentOS 5
CVE-2009-3979
CVE-2009-3981
CVE-2009-3983
CVE-2009-3984
CVE-2009-3985
CVE-2009-3986
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4
CentOS Linux 5
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7038
 
Oval ID: oval:org.mitre.oval:def:7038
Title: DSA-1956 xulrunner -- several vulnerabilities
Description: Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: David James discovered that the window.opener property allows Chrome privilege escalation. Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. Takehiro Takahashi discovered that the NTLM implementation is vulnerable to reflection attacks. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-1956
CVE-2009-3986
CVE-2009-3985
CVE-2009-3984
CVE-2009-3983
CVE-2009-3981
CVE-2009-3979
Version: 5
Platform(s): Debian GNU/Linux 5.0
Product(s): xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8240
 
Oval ID: oval:org.mitre.oval:def:8240
Title: Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
Description: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3983
Version: 15
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8379
 
Oval ID: oval:org.mitre.oval:def:8379
Title: Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
Description: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3984
Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8480
 
Oval ID: oval:org.mitre.oval:def:8480
Title: Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
Description: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3985
Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8487
 
Oval ID: oval:org.mitre.oval:def:8487
Title: Mozilla Firefox and SeaMonkey Multiple Remote Memory Corruption Vulnerabilities
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3979
Version: 15
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8489
 
Oval ID: oval:org.mitre.oval:def:8489
Title: Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability
Description: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3986
Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8523
 
Oval ID: oval:org.mitre.oval:def:8523
Title: Mozilla Firefox 3.0 and SeaMonkey Remote Memory Corruption Vulnerability
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3981
Version: 13
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows 7
Product(s): Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8584
 
Oval ID: oval:org.mitre.oval:def:8584
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3981
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9791
 
Oval ID: oval:org.mitre.oval:def:9791
Title: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.
Description: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3984
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9911
 
Oval ID: oval:org.mitre.oval:def:9911
Title: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
Description: Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3985
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 192
Application 55
Application 1

ExploitDB Exploits

id Description
2009-12-18 Mozilla Firefox Location Bar Spoofing Vulnerability

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386
File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:1674 centos5 i386
File : nvt/gb_CESA-2009_1674_firefox_centos5_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2009:1674 centos4 i386
File : nvt/gb_CESA-2009_1674_firefox_centos4_i386.nasl
2011-08-09 Name : CentOS Update for seamonkey CESA-2009:1673 centos4 i386
File : nvt/gb_CESA-2009_1673_seamonkey_centos4_i386.nasl
2010-04-29 Name : Fedora Update for seamonkey FEDORA-2010-7100
File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl
2010-03-30 Name : FreeBSD Ports: seamonkey, linux-seamonkey
File : nvt/freebsd_seamonkey.nasl
2010-03-22 Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1
File : nvt/gb_ubuntu_USN_915_1.nasl
2010-03-22 Name : RedHat Update for thunderbird RHSA-2010:0154-02
File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl
2010-03-22 Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386
File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl
2010-01-15 Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-877-1
File : nvt/gb_ubuntu_USN_877_1.nasl
2010-01-15 Name : Ubuntu Update for firefox-3.5, xulrunner-1.9.1 regression USN-878-1
File : nvt/gb_ubuntu_USN_878_1.nasl
2009-12-30 Name : Mandriva Security Advisory MDVSA-2009:339 (firefox)
File : nvt/mdksa_2009_339.nasl
2009-12-30 Name : CentOS Security Advisory CESA-2009:1673 (seamonkey)
File : nvt/ovcesa2009_1673.nasl
2009-12-30 Name : CentOS Security Advisory CESA-2009:1674 (firefox)
File : nvt/ovcesa2009_1674.nasl
2009-12-30 Name : SuSE Security Advisory SUSE-SA:2009:063 (MozillaFirefox)
File : nvt/suse_sa_2009_063.nasl
2009-12-30 Name : Ubuntu USN-873-1 (xulrunner-1.9)
File : nvt/ubuntu_873_1.nasl
2009-12-30 Name : RedHat Security Advisory RHSA-2009:1673
File : nvt/RHSA_2009_1673.nasl
2009-12-30 Name : Ubuntu USN-874-1 (xulrunner-1.9.1)
File : nvt/ubuntu_874_1.nasl
2009-12-30 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox43.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-13366 (gnome-python2-extras)
File : nvt/fcore_2009_13366.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-13362 (seamonkey)
File : nvt/fcore_2009_13362.nasl
2009-12-30 Name : Fedora Core 11 FEDORA-2009-13333 (firefox)
File : nvt/fcore_2009_13333.nasl
2009-12-30 Name : Debian Security Advisory DSA 1956-1 (xulrunner)
File : nvt/deb_1956_1.nasl
2009-12-30 Name : RedHat Security Advisory RHSA-2009:1674
File : nvt/RHSA_2009_1674.nasl
2009-12-23 Name : Firefox Multiple Vulnerabilities Dec-09 (Linux)
File : nvt/secpod_firefox_mult_vuln_dec09_lin01.nasl
2009-12-23 Name : Firefox Multiple Vulnerabilities Dec-09 (Linux)
File : nvt/secpod_firefox_mult_vuln_dec09_lin02.nasl
2009-12-23 Name : Firefox Multiple Vulnerabilities Dec-09 (Win)
File : nvt/secpod_firefox_mult_vuln_dec09_win01.nasl
2009-12-23 Name : Firefox Multiple Vulnerabilities Dec-09 (Win)
File : nvt/secpod_firefox_mult_vuln_dec09_win02.nasl
2009-12-23 Name : Seamonkey Multiple Vulnerabilities Dec-09 (Linux)
File : nvt/secpod_seamonkey_mult_vuln_dec09_lin.nasl
2009-12-23 Name : Seamonkey Multiple Vulnerabilities Dec-09 (Win)
File : nvt/secpod_seamonkey_mult_vuln_dec09_win.nasl
2009-12-23 Name : Thunderbird Multiple Vulnerabilities Dec-09 (Linux)
File : nvt/secpod_thunderbird_mult_vuln_dec09_lin.nasl
2009-12-23 Name : Thunderbird Multiple Vulnerabilities Dec-09 (Win)
File : nvt/secpod_thunderbird_mult_vuln_dec09_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
61101 Mozilla Multiple Browser NTLM Reflection Authentication Credential Disclosure

61100 Mozilla Multiple Browsers document.location 204 Response SSL Status Spoofing

61099 Mozilla Multiple Browsers document.location Blank Page Content Spoofing

61096 Mozilla Firefox Browser Engine Unspecified Memory Corruption

61095 Mozilla Multiple Browsers Chrome window.opener Property Privilege Escalation

61094 Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1674.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1673.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091216_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091215_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6734.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6735.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-338.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO
2010-05-20 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12616.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-04-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO
2010-03-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO
2010-03-30 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO
2010-03-29 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO
2010-03-22 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : A web browser on the remote host is affected by multiple vulnerabilities.
File : seamonkey_1119.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO
2010-03-11 Name : The remote SuSE system is missing a security patch for MozillaThunderbird
File : suse_11_2_MozillaThunderbird-100305.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1956.nasl - Type : ACT_GATHER_INFO
2010-01-22 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_301.nasl - Type : ACT_GATHER_INFO
2010-01-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-878-1.nasl - Type : ACT_GATHER_INFO
2010-01-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-877-1.nasl - Type : ACT_GATHER_INFO
2010-01-03 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_seamonkey-091223.nasl - Type : ACT_GATHER_INFO
2009-12-23 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mozilla-xulrunner190-6736.nasl - Type : ACT_GATHER_INFO
2009-12-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-339.nasl - Type : ACT_GATHER_INFO
2009-12-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO
2009-12-23 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-091221.nasl - Type : ACT_GATHER_INFO
2009-12-23 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-6733.nasl - Type : ACT_GATHER_INFO
2009-12-22 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_mozilla-xulrunner190-091217.nasl - Type : ACT_GATHER_INFO
2009-12-22 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO
2009-12-22 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO
2009-12-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-873-1.nasl - Type : ACT_GATHER_INFO
2009-12-21 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-874-1.nasl - Type : ACT_GATHER_INFO
2009-12-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1674.nasl - Type : ACT_GATHER_INFO
2009-12-21 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1673.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-13333.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote Fedora host is missing a security update.
File : fedora_2009-13362.nasl - Type : ACT_GATHER_INFO
2009-12-18 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-13366.nasl - Type : ACT_GATHER_INFO
2009-12-17 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_01c57d20ea2611debd3900248c9b4be7.nasl - Type : ACT_GATHER_INFO
2009-12-16 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3016.nasl - Type : ACT_GATHER_INFO
2009-12-16 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_356.nasl - Type : ACT_GATHER_INFO
2009-12-16 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : seamonkey_201.nasl - Type : ACT_GATHER_INFO
2009-12-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1673.nasl - Type : ACT_GATHER_INFO
2009-12-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1674.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:06:27
  • Multiple Updates