Executive Summary
Summary | |
---|---|
Title | Firefox 3.5 and Xulrunner 1.9.1 regression |
Informations | |||
---|---|---|---|
Name | USN-878-1 | First vendor Publication | 2010-01-08 |
Vendor | Ubuntu | Last vendor Modification | 2010-01-08 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: After a standard system upgrade you need to restart Firefox and any applications that use xulrunner to effect the necessary changes. Details follow: USN-874-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced a regression when using NTLM authentication. This update fixes the problem and added additional stability fixes. We apologize for the inconvenience. Original advisory details: Takehiro Takahashi discovered flaws in the NTLM implementation in Firefox. Jonathan Morgan discovered that Firefox did not properly display SSL Jordi Chancel discovered that Firefox did not properly display invalid URLs David Keeler, Bob Clary, and Dan Kaminsky discovered several flaws in third |
Original Source
Url : http://www.ubuntu.com/usn/USN-878-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
25 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10047 | |||
Oval ID: | oval:org.mitre.oval:def:10047 | ||
Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3983 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10956 | |||
Oval ID: | oval:org.mitre.oval:def:10956 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3979 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11568 | |||
Oval ID: | oval:org.mitre.oval:def:11568 | ||
Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3986 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13525 | |||
Oval ID: | oval:org.mitre.oval:def:13525 | ||
Title: | DSA-2045-1 libtheora -- integer overflow | ||
Description: | Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a video library part of the Ogg project, several flaws allow allow context-dependent attackers via a large and specially crafted media file, to cause a denial of service, and possibly arbitrary code execution. For the stable distribution, this problem has been fixed in version 1.0~beta3-1+lenny1. For the testing distribution, this problem has been fixed in version 1.1.0-1. For the testing distribution, this problem has been fixed in version 1.1.0-1. We recommend that you upgrade your libtheora packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2045-1 CVE-2009-3389 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | libtheora |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13666 | |||
Oval ID: | oval:org.mitre.oval:def:13666 | ||
Title: | DSA-1956-1 xulrunner -- several | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3986: David James discovered that the window.opener property allows Chrome privilege escalation. CVE-2009-3985: Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. CVE-2009-3984: Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. CVE-2009-3983: Takehiro Takahashi discovered that the NTLM implementaion is vulnerable to reflection attacks. CVE-2009-3981: Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3979: Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 1.9.0.16-1. For the unstable distribution, these problems have been fixed in version 1.9.1.6-1. We recommend that you upgrade your xulrunner packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1956-1 CVE-2009-3986 CVE-2009-3985 CVE-2009-3984 CVE-2009-3983 CVE-2009-3981 CVE-2009-3979 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22838 | |||
Oval ID: | oval:org.mitre.oval:def:22838 | ||
Title: | ELSA-2009:1674: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1674-01 CVE-2009-3979 CVE-2009-3981 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29342 | |||
Oval ID: | oval:org.mitre.oval:def:29342 | ||
Title: | RHSA-2009:1674 -- firefox security update (Critical) | ||
Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1674 CESA-2009:1674-CentOS 5 CVE-2009-3979 CVE-2009-3981 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6658 | |||
Oval ID: | oval:org.mitre.oval:def:6658 | ||
Title: | DSA-2045 libtheora -- integer overflow | ||
Description: | Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a video library part of the Ogg project, several flaws allow context-dependent attackers via a large and specially crafted media file, to cause a denial of service, and possibly arbitrary code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2045 CVE-2009-3389 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | libtheora |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7038 | |||
Oval ID: | oval:org.mitre.oval:def:7038 | ||
Title: | DSA-1956 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: David James discovered that the window.opener property allows Chrome privilege escalation. Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. Takehiro Takahashi discovered that the NTLM implementation is vulnerable to reflection attacks. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1956 CVE-2009-3986 CVE-2009-3985 CVE-2009-3984 CVE-2009-3983 CVE-2009-3981 CVE-2009-3979 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7967 | |||
Oval ID: | oval:org.mitre.oval:def:7967 | ||
Title: | Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability | ||
Description: | Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3389 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8009 | |||
Oval ID: | oval:org.mitre.oval:def:8009 | ||
Title: | Mozilla Firefox and SeaMonkey 'liboggplay' Media Library Remote Memory Corruption Vulnerabilities | ||
Description: | liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3388 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8240 | |||
Oval ID: | oval:org.mitre.oval:def:8240 | ||
Title: | Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3983 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8379 | |||
Oval ID: | oval:org.mitre.oval:def:8379 | ||
Title: | Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3984 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8434 | |||
Oval ID: | oval:org.mitre.oval:def:8434 | ||
Title: | Mozilla Firefox 3.5 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities | ||
Description: | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3982 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8480 | |||
Oval ID: | oval:org.mitre.oval:def:8480 | ||
Title: | Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3985 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8487 | |||
Oval ID: | oval:org.mitre.oval:def:8487 | ||
Title: | Mozilla Firefox and SeaMonkey Multiple Remote Memory Corruption Vulnerabilities | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3979 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8489 | |||
Oval ID: | oval:org.mitre.oval:def:8489 | ||
Title: | Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3986 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8503 | |||
Oval ID: | oval:org.mitre.oval:def:8503 | ||
Title: | Mozilla Firefox 3.5 and SeaMonkey Multiple Remote Memory Corruption Vulnerabilities | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3980 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9791 | |||
Oval ID: | oval:org.mitre.oval:def:9791 | ||
Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3984 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9911 | |||
Oval ID: | oval:org.mitre.oval:def:9911 | ||
Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||
Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3985 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-12-18 | Mozilla Firefox Location Bar Spoofing Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386 File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1674 centos5 i386 File : nvt/gb_CESA-2009_1674_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for firefox CESA-2009:1674 centos4 i386 File : nvt/gb_CESA-2009_1674_firefox_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1673 centos4 i386 File : nvt/gb_CESA-2009_1673_seamonkey_centos4_i386.nasl |
2010-06-03 | Name : Debian Security Advisory DSA 2045-1 (libtheora) File : nvt/deb_2045_1.nasl |
2010-04-29 | Name : Fedora Update for seamonkey FEDORA-2010-7100 File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl |
2010-03-30 | Name : FreeBSD Ports: seamonkey, linux-seamonkey File : nvt/freebsd_seamonkey.nasl |
2010-03-22 | Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1 File : nvt/gb_ubuntu_USN_915_1.nasl |
2010-03-22 | Name : RedHat Update for thunderbird RHSA-2010:0154-02 File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl |
2010-03-22 | Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386 File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl |
2010-02-22 | Name : Mandriva Update for libtheora MDVSA-2010:043 (libtheora) File : nvt/gb_mandriva_MDVSA_2010_043.nasl |
2010-01-29 | Name : Mandriva Update for pciutils MDVA-2010:043 (pciutils) File : nvt/gb_mandriva_MDVA_2010_043.nasl |
2010-01-15 | Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-877-1 File : nvt/gb_ubuntu_USN_877_1.nasl |
2010-01-15 | Name : Ubuntu Update for firefox-3.5, xulrunner-1.9.1 regression USN-878-1 File : nvt/gb_ubuntu_USN_878_1.nasl |
2009-12-30 | Name : Mandriva Security Advisory MDVSA-2009:339 (firefox) File : nvt/mdksa_2009_339.nasl |
2009-12-30 | Name : CentOS Security Advisory CESA-2009:1673 (seamonkey) File : nvt/ovcesa2009_1673.nasl |
2009-12-30 | Name : CentOS Security Advisory CESA-2009:1674 (firefox) File : nvt/ovcesa2009_1674.nasl |
2009-12-30 | Name : SuSE Security Advisory SUSE-SA:2009:063 (MozillaFirefox) File : nvt/suse_sa_2009_063.nasl |
2009-12-30 | Name : Ubuntu USN-873-1 (xulrunner-1.9) File : nvt/ubuntu_873_1.nasl |
2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1673 File : nvt/RHSA_2009_1673.nasl |
2009-12-30 | Name : Ubuntu USN-874-1 (xulrunner-1.9.1) File : nvt/ubuntu_874_1.nasl |
2009-12-30 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox43.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13366 (gnome-python2-extras) File : nvt/fcore_2009_13366.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13362 (seamonkey) File : nvt/fcore_2009_13362.nasl |
2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13333 (firefox) File : nvt/fcore_2009_13333.nasl |
2009-12-30 | Name : Debian Security Advisory DSA 1956-1 (xulrunner) File : nvt/deb_1956_1.nasl |
2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1674 File : nvt/RHSA_2009_1674.nasl |
2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_firefox_mult_vuln_dec09_lin01.nasl |
2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_firefox_mult_vuln_dec09_lin02.nasl |
2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_firefox_mult_vuln_dec09_win01.nasl |
2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_firefox_mult_vuln_dec09_win02.nasl |
2009-12-23 | Name : Seamonkey Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_seamonkey_mult_vuln_dec09_lin.nasl |
2009-12-23 | Name : Seamonkey Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_seamonkey_mult_vuln_dec09_win.nasl |
2009-12-23 | Name : Thunderbird Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_thunderbird_mult_vuln_dec09_lin.nasl |
2009-12-23 | Name : Thunderbird Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_thunderbird_mult_vuln_dec09_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61103 | Mozilla Multiple Browsers libtheora Video Library Unspecified DoS |
61102 | Mozilla Multiple Browsers libtheora Video Library Dimension Handling Overflow |
61101 | Mozilla Multiple Browser NTLM Reflection Authentication Credential Disclosure |
61100 | Mozilla Multiple Browsers document.location 204 Response SSL Status Spoofing |
61099 | Mozilla Multiple Browsers document.location Blank Page Content Spoofing |
61098 | Mozilla Multiple Browsers liboggplay Multiple Unspecified Code Execution A memory corruption flaw exists in Mozilla. The service fails to sanitize user-supplied input resulting in memory corruption. With a specially crafted file, a remote attacker can execute arbitrary code. |
61097 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption |
61095 | Mozilla Multiple Browsers Chrome window.opener Property Privilege Escalation |
61094 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption |
61093 | Mozilla Multiple Products JavaScript Engine Multiple Unspecified Memory Corru... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-04.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1674.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1673.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091216_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091215_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libtheora-100224.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6735.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6734.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-338.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
2010-05-20 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12616.nasl - Type : ACT_GATHER_INFO |
2010-05-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2045.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libtheora-100225.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libtheora-100224.nasl - Type : ACT_GATHER_INFO |
2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libtheora-100224.nasl - Type : ACT_GATHER_INFO |
2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2010-03-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1119.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote SuSE system is missing a security patch for MozillaThunderbird File : suse_11_2_MozillaThunderbird-100305.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1956.nasl - Type : ACT_GATHER_INFO |
2010-02-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-043.nasl - Type : ACT_GATHER_INFO |
2010-01-22 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_301.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-878-1.nasl - Type : ACT_GATHER_INFO |
2010-01-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-877-1.nasl - Type : ACT_GATHER_INFO |
2010-01-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-091223.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6733.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-091221.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6736.nasl - Type : ACT_GATHER_INFO |
2009-12-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-339.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-091217.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1674.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-874-1.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-873-1.nasl - Type : ACT_GATHER_INFO |
2009-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1673.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-13366.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13362.nasl - Type : ACT_GATHER_INFO |
2009-12-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-13333.nasl - Type : ACT_GATHER_INFO |
2009-12-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_01c57d20ea2611debd3900248c9b4be7.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_201.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1674.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1673.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_356.nasl - Type : ACT_GATHER_INFO |
2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3016.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:28 |
|