Executive Summary
Summary | |
---|---|
Title | Firefox and Xulrunner regression |
Informations | |||
---|---|---|---|
Name | USN-975-2 | First vendor Publication | 2010-09-16 |
Vendor | Ubuntu | Last vendor Modification | 2010-09-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: Ubuntu 9.04: Ubuntu 9.10: Ubuntu 10.04 LTS: After a standard system update you need to restart Firefox and any applications that use Xulrunner to make all the necessary changes. Details follow: USN-975-1 fixed vulnerabilities in Firefox and Xulrunner. Some users reported stability problems under certain circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several dangling pointer vulnerabilities were discovered in Firefox. An |
Original Source
Url : http://www.ubuntu.com/usn/USN-975-2 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
17 % | CWE-264 | Permissions, Privileges, and Access Controls |
17 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
8 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
8 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11492 | |||
Oval ID: | oval:org.mitre.oval:def:11492 | ||
Title: | Mozilla Multiple Products SafeJSObjectWrapper XPCSafeJSObjectWrapper Class Chrome Privileged Object Arbitrary JavaScript Code Execution | ||
Description: | The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2762 | Version: | 18 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11519 | |||
Oval ID: | oval:org.mitre.oval:def:11519 | ||
Title: | Mozilla Multiple Products FRAMESET Element cols Attribute Handling Overflow | ||
Description: | Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2765 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11684 | |||
Oval ID: | oval:org.mitre.oval:def:11684 | ||
Title: | Mozilla Multiple Products XMLHttpRequest Object statusText Property Cross-origin Request Intranet Server Enumeration | ||
Description: | Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2764 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11735 | |||
Oval ID: | oval:org.mitre.oval:def:11735 | ||
Title: | Mozilla Multiple Products Document Charset OBJECT Element UTF-7 XSS Protection Mechanism Bypass | ||
Description: | Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2768 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11778 | |||
Oval ID: | oval:org.mitre.oval:def:11778 | ||
Title: | Mozilla Multiple Products normalizeDocument Function DOM Node Removal Deleted Object Arbitrary Code Execution | ||
Description: | The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2766 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11799 | |||
Oval ID: | oval:org.mitre.oval:def:11799 | ||
Title: | Mozilla Multiple Products nsTreeSelection Selection Range Calculation Overflow | ||
Description: | Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2760 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11969 | |||
Oval ID: | oval:org.mitre.oval:def:11969 | ||
Title: | Mozilla Multiple Products navigator.plugins DOM Plugin Array Destruction Navigator Object Dangling Pointer Arbitrary Code Execution | ||
Description: | The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2767 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12001 | |||
Oval ID: | oval:org.mitre.oval:def:12001 | ||
Title: | Mozilla Multiple Products XUL Tree Removal Property Change Role Restriction Weakness DoS | ||
Description: | Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3168 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12136 | |||
Oval ID: | oval:org.mitre.oval:def:12136 | ||
Title: | Mozilla Multiple Products nsTreeContentView Function XUL Tree Node Removal Deleted Memory Dangling Pointer Arbitrary Code Execution | ||
Description: | The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3167 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12145 | |||
Oval ID: | oval:org.mitre.oval:def:12145 | ||
Title: | Mozilla Multiple Products Browser Engine Unspecified Memory Corruption | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3169 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12186 | |||
Oval ID: | oval:org.mitre.oval:def:12186 | ||
Title: | Mozilla Multiple Products nsTextFrameUtils::TransformText Function Bidirectional Text Run Overflow | ||
Description: | Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3166 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12192 | |||
Oval ID: | oval:org.mitre.oval:def:12192 | ||
Title: | Mozilla Multiple Products Document Selection Addition designMode Property XSS | ||
Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2769 | Version: | 23 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12717 | |||
Oval ID: | oval:org.mitre.oval:def:12717 | ||
Title: | DSA-2106-2 xulrunner -- several | ||
Description: | DSA-2106-1 introduced a regression that could lead to an application crash. This update fixes this problem. For reference, the text of the original advisory is provided below. Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: - - Implementation errors in XUL processing allow the execution of arbitrary code - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy - - An integer overflow in frame handling allows the execution of arbitrary code - - An implementation error in DOM handling allows the execution of arbitrary code - - Incorrect pointer handling in the plugin code allow the execution of arbitrary code - - Incorrect handling of an object tag may lead to the bypass of cross site scripting filters - - Incorrect copy and paste handling could lead to cross site scripting - - Crashes in the layout engine may lead to the execution of arbitrary code For the stable distribution, the problem has been fixed in version 1.9.0.19-5. The packages for the mips architecture are not included in this update. They will be released as soon as they become available. We recommend that you upgrade your xulrunner packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2106-2 CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12733 | |||
Oval ID: | oval:org.mitre.oval:def:12733 | ||
Title: | DSA-2106-1 xulrunner -- several | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: - - Implementation errors in XUL processing allow the execution of arbitrary code - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy - - An integer overflow in frame handling allows the execution of arbitrary code - - An implementation error in DOM handling allows the execution of arbitrary code - - Incorrect pointer handling in the plugin code allow the execution of arbitrary code - - Incorrect handling of an object tag may lead to the bypass of cross site scripting filters - - Incorrect copy and paste handling could lead to cross site scripting - - Crashes in the layout engine may lead to the execution of arbitrary code For the stable distribution, these problems have been fixed in version 1.9.0.19-4. For the unstable distribution, these problems have been fixed in version 3.5.12-1 of the iceweasel source package. For the experimental distribution, these problems have been fixed in version 3.6.9-1 of the iceweasel source package. We recommend that you upgrade your xulrunner packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2106-1 CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12797 | |||
Oval ID: | oval:org.mitre.oval:def:12797 | ||
Title: | DSA-2124-1 xulrunner -- several | ||
Description: | Several vulnerabilities have been discovered in Xulrunner, the component that provides the core functionality of Iceweasel, Debian's variant of Mozilla's browser technology. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3765 Xulrunner allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption. CVE-2010-3174 CVE-2010-3176 Multiple unspecified vulnerabilities in the browser engine in Xulrunner allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. CVE-2010-3177 Multiple cross-site scripting vulnerabilities in the Gopher parser in Xulrunner allow remote attackers to inject arbitrary web script or HTML via a crafted name of a file or directory on a Gopher server. CVE-2010-3178 Xulrunner does not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. CVE-2010-3179 Stack-based buffer overflow in the text-rendering functionality in Xulrunner allows remote attackers to execute arbitrary code or cause a denial of service via a long argument to the document.write method. CVE-2010-3180 Use-after-free vulnerability in the nsBarProp function in Xulrunner allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. CVE-2010-3183 The LookupGetterOrSetter function in Xulrunner does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. In addition, this security update includes corrections for regressions caused by the fixes for CVE-2010-0654 and CVE-2010-2769 in DSA-2075-1 and DSA-2106-1. For the stable distribution, these problems have been fixed in version 1.9.0.19-6. For the unstable distribution and the upcoming stable distribution, these problems have been fixed in version 3.5.15-1 of the iceweasel package. We recommend that you upgrade your Xulrunner packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2124-1 CVE-2010-3765 CVE-2010-3174 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3183 CVE-2010-0654 CVE-2010-2769 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13194 | |||
Oval ID: | oval:org.mitre.oval:def:13194 | ||
Title: | USN-978-1 -- thunderbird vulnerabilities | ||
Description: | Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. It was discovered that the XPCSafeJSObjectWrapper security wrapper did not always honor the same-origin policy. If JavaScript was enabled, an attacker could exploit this to run untrusted JavaScript from other domains. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. If JavaScript was enabled, an attacker could utilize this to perform cross-site scripting attacks. A buffer overflow was discovered in Thunderbird when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program | ||
Family: | unix | Class: | patch |
Reference(s): | USN-978-1 CVE-2010-2760 CVE-2010-2767 CVE-2010-3167 CVE-2010-2763 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-3168 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3169 | Version: | 5 |
Platform(s): | Ubuntu 10.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13381 | |||
Oval ID: | oval:org.mitre.oval:def:13381 | ||
Title: | USN-978-2 -- thunderbird regression | ||
Description: | USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported stability problems under certain circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. It was discovered that the XPCSafeJSObjectWrapper security wrapper did not always honor the same-origin policy. If JavaScript was enabled, an attacker could exploit this to run untrusted JavaScript from other domains. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. If JavaScript was enabled, an attacker could utilize this to perform cross-site scripting attacks. A buffer overflow was discovered in Thunderbird when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program | ||
Family: | unix | Class: | patch |
Reference(s): | USN-978-2 CVE-2010-2760 CVE-2010-2767 CVE-2010-3167 CVE-2010-2763 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-3168 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3169 | Version: | 5 |
Platform(s): | Ubuntu 10.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21457 | |||
Oval ID: | oval:org.mitre.oval:def:21457 | ||
Title: | RHSA-2010:0682: thunderbird security update (Moderate) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0682-01 CESA-2010:0682 CVE-2010-2760 CVE-2010-2765 CVE-2010-2767 CVE-2010-2768 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 94 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22355 | |||
Oval ID: | oval:org.mitre.oval:def:22355 | ||
Title: | RHSA-2010:0681: firefox security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0681-01 CESA-2010:0681 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 159 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | firefox nspr nss xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22852 | |||
Oval ID: | oval:org.mitre.oval:def:22852 | ||
Title: | ELSA-2010:0681: firefox security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0681-01 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 53 |
Platform(s): | Oracle Linux 5 | Product(s): | firefox nspr nss xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23121 | |||
Oval ID: | oval:org.mitre.oval:def:23121 | ||
Title: | ELSA-2010:0682: thunderbird security update (Moderate) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0682-01 CVE-2010-2760 CVE-2010-2765 CVE-2010-2767 CVE-2010-2768 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 33 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for firefox CESA-2010:0681 centos5 i386 File : nvt/gb_CESA-2010_0681_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0682 centos5 i386 File : nvt/gb_CESA-2010_0682_thunderbird_centos5_i386.nasl |
2010-11-17 | Name : Debian Security Advisory DSA 2124-1 (xulrunner) File : nvt/deb_2124_1.nasl |
2010-11-16 | Name : SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2010:056 File : nvt/gb_suse_2010_056.nasl |
2010-10-19 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2010:049 File : nvt/gb_suse_2010_049.nasl |
2010-10-10 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox50.nasl |
2010-10-10 | Name : Debian Security Advisory DSA 2106-1 (xulrunner) File : nvt/deb_2106_1.nasl |
2010-09-22 | Name : Ubuntu Update for thunderbird regression USN-978-2 File : nvt/gb_ubuntu_USN_978_2.nasl |
2010-09-22 | Name : Ubuntu Update for Firefox and Xulrunner regression USN-975-2 File : nvt/gb_ubuntu_USN_975_2.nasl |
2010-09-14 | Name : Mandriva Update for firefox MDVSA-2010:173 (firefox) File : nvt/gb_mandriva_MDVSA_2010_173.nasl |
2010-09-10 | Name : Fedora Update for xulrunner FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_xulrunner_fc12.nasl |
2010-09-10 | Name : CentOS Update for seamonkey CESA-2010:0680 centos3 i386 File : nvt/gb_CESA-2010_0680_seamonkey_centos3_i386.nasl |
2010-09-10 | Name : Ubuntu Update for thunderbird vulnerabilities USN-978-1 File : nvt/gb_ubuntu_USN_978_1.nasl |
2010-09-10 | Name : CentOS Update for seamonkey CESA-2010:0680 centos4 i386 File : nvt/gb_CESA-2010_0680_seamonkey_centos4_i386.nasl |
2010-09-10 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-975-1 File : nvt/gb_ubuntu_USN_975_1.nasl |
2010-09-10 | Name : CentOS Update for firefox CESA-2010:0681 centos4 i386 File : nvt/gb_CESA-2010_0681_firefox_centos4_i386.nasl |
2010-09-10 | Name : CentOS Update for thunderbird CESA-2010:0682 centos4 i386 File : nvt/gb_CESA-2010_0682_thunderbird_centos4_i386.nasl |
2010-09-10 | Name : Mozilla Products 'SJOW' Arbitrary Code Execution Vulnerability (Windows) File : nvt/gb_mozilla_prdts_sjow_arbitrary_code_exec_vuln_win.nasl |
2010-09-10 | Name : Mozilla Products Multiple Vulnerabilities sep-10 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_sep10.nasl |
2010-09-10 | Name : RedHat Update for seamonkey RHSA-2010:0680-01 File : nvt/gb_RHSA-2010_0680-01_seamonkey.nasl |
2010-09-10 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_perl-Gtk2-MozEmbed_fc12.nasl |
2010-09-10 | Name : Fedora Update for mozvoikko FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_mozvoikko_fc12.nasl |
2010-09-10 | Name : Fedora Update for gnome-web-photo FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_gnome-web-photo_fc12.nasl |
2010-09-10 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_gnome-python2-extras_fc12.nasl |
2010-09-10 | Name : Fedora Update for galeon FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_galeon_fc12.nasl |
2010-09-10 | Name : Fedora Update for firefox FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_firefox_fc12.nasl |
2010-09-10 | Name : RedHat Update for thunderbird RHSA-2010:0682-01 File : nvt/gb_RHSA-2010_0682-01_thunderbird.nasl |
2010-09-10 | Name : RedHat Update for firefox RHSA-2010:0681-01 File : nvt/gb_RHSA-2010_0681-01_firefox.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
67913 | Mozilla Multiple Products Browser Engine Unspecified Memory Corruption |
67912 | Mozilla Multiple Products XUL Tree Removal Property Change Role Restriction W... |
67911 | Mozilla Multiple Products nsTreeContentView Function XUL Tree Node Removal De... |
67910 | Mozilla Multiple Products nsTextFrameUtils::TransformText Function Bidirectio... |
67907 | Mozilla Multiple Products Document Selection Addition designMode Property XSS |
67906 | Mozilla Multiple Products Document Charset OBJECT Element UTF-7 XSS Protectio... |
67905 | Mozilla Multiple Products navigator.plugins DOM Plugin Array Destruction Navi... |
67904 | Mozilla Multiple Products normalizeDocument Function DOM Node Removal Deleted... |
67903 | Mozilla Multiple Products FRAMESET Element cols Attribute Handling Overflow |
67902 | Mozilla Multiple Products XMLHttpRequest Object statusText Property Cross-ori... |
67900 | Mozilla Multiple Products SafeJSObjectWrapper XPCSafeJSObjectWrapper Class Ch... |
66601 | Mozilla Multiple Products nsTreeSelection Selection Range Calculation Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-100917.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-100916.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0680.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0681.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0682.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100907_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100907_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100907_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-04-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0681.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100921.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7208.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2124.nasl - Type : ACT_GATHER_INFO |
2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-101022.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO |
2010-10-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-100916.nasl - Type : ACT_GATHER_INFO |
2010-10-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO |
2010-10-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-100917.nasl - Type : ACT_GATHER_INFO |
2010-10-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO |
2010-09-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO |
2010-09-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-100917.nasl - Type : ACT_GATHER_INFO |
2010-09-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO |
2010-09-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100917.nasl - Type : ACT_GATHER_INFO |
2010-09-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-975-2.nasl - Type : ACT_GATHER_INFO |
2010-09-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-978-2.nasl - Type : ACT_GATHER_INFO |
2010-09-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-173.nasl - Type : ACT_GATHER_INFO |
2010-09-12 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0682.nasl - Type : ACT_GATHER_INFO |
2010-09-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0681.nasl - Type : ACT_GATHER_INFO |
2010-09-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0680.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-975-1.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-14362.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4a21ce2cbb1311df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-978-1.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2106.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_307.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_207.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0682.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0680.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3512.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_369.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_313.nasl - Type : ACT_GATHER_INFO |
2010-08-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
2010-07-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-958-1.nasl - Type : ACT_GATHER_INFO |
2010-07-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO |
2010-07-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:00 |
|