Summary
| Detail | |||
|---|---|---|---|
| Vendor | Mozilla | First view | 2006-02-02 |
| Product | Seamonkey | Last view | 2015-05-20 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 3.7 | 2015-05-20 | CVE-2015-4000 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
| 6.8 | 2015-05-14 | CVE-2015-0797 | GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. |
| 7.5 | 2015-03-23 | CVE-2015-0818 | Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. |
| 6.8 | 2015-03-23 | CVE-2015-0817 | The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. |
| 4.3 | 2015-01-14 | CVE-2014-8642 | Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate. |
| 7.5 | 2015-01-14 | CVE-2014-8641 | Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. |
| 5 | 2015-01-14 | CVE-2014-8640 | The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls. |
| 6.8 | 2015-01-14 | CVE-2014-8639 | Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. |
| 6.8 | 2015-01-14 | CVE-2014-8638 | The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. |
| 5 | 2015-01-14 | CVE-2014-8637 | Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element. |
| 7.5 | 2015-01-14 | CVE-2014-8636 | The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. |
| 7.5 | 2015-01-14 | CVE-2014-8635 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
| 7.5 | 2015-01-14 | CVE-2014-8634 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
| 4.3 | 2014-12-11 | CVE-2014-8632 | The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal. |
| 4.3 | 2014-12-11 | CVE-2014-8631 | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method. |
| 6.8 | 2014-12-11 | CVE-2014-1594 | Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. |
| 6.8 | 2014-12-11 | CVE-2014-1593 | Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. |
| 6.8 | 2014-12-11 | CVE-2014-1592 | Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. |
| 4.3 | 2014-12-11 | CVE-2014-1591 | Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect. |
| 4.3 | 2014-12-11 | CVE-2014-1590 | The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object. |
| 6.8 | 2014-12-11 | CVE-2014-1589 | Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding. |
| 6.8 | 2014-12-11 | CVE-2014-1588 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
| 6.8 | 2014-12-11 | CVE-2014-1587 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
| 9.8 | 2014-04-30 | CVE-2014-1532 | Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution. |
| 8.8 | 2014-04-30 | CVE-2014-1531 | Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 15% (81) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 14% (77) | CWE-399 | Resource Management Errors |
| 9% (52) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 9% (51) | CWE-264 | Permissions, Privileges, and Access Controls |
| 9% (50) | CWE-416 | Use After Free |
| 7% (41) | CWE-20 | Improper Input Validation |
| 7% (38) | CWE-200 | Information Exposure |
| 4% (25) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 3% (20) | CWE-189 | Numeric Errors |
| 3% (16) | CWE-787 | Out-of-bounds Write |
| 1% (9) | CWE-16 | Configuration |
| 1% (7) | CWE-125 | Out-of-bounds Read |
| 1% (6) | CWE-310 | Cryptographic Issues |
| 1% (6) | CWE-269 | Improper Privilege Management |
| 0% (5) | CWE-287 | Improper Authentication |
| 0% (5) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 0% (4) | CWE-362 | Race Condition |
| 0% (4) | CWE-190 | Integer Overflow or Wraparound |
| 0% (4) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 0% (3) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 0% (3) | CWE-346 | Origin Validation Error |
| 0% (3) | CWE-326 | Inadequate Encryption Strength |
| 0% (3) | CWE-284 | Access Control (Authorization) Issues |
| 0% (2) | CWE-295 | Certificate Issues |
| 0% (1) | CWE-682 | Incorrect Calculation |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-7 | Blind SQL Injection |
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| CAPEC-13 | Subverting Environment Variable Values |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-26 | Leveraging Race Conditions |
| CAPEC-28 | Fuzzing |
| CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-32 | Embedding Scripts in HTTP Query Strings |
| CAPEC-42 | MIME Conversion |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
| CAPEC-44 | Overflow Binary Resource File |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-52 | Embedding NULL Bytes |
| CAPEC-53 | Postfix, Null Terminate, and Backslash |
| CAPEC-63 | Simple Script Injection |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:1514 | Element position: Style Change Vulnerability |
| oval:org.mitre.oval:def:1562 | Mozilla QueryInterface Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:1493 | Mozilla XML Attribute Name Validation Vulnerability |
| oval:org.mitre.oval:def:11803 | The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaM... |
| oval:org.mitre.oval:def:1339 | Mozilla Integer overflows in E4X, SVG, and Canvas Features |
| oval:org.mitre.oval:def:677 | Mozilla XML Parser Read Beyond Buffer Bug |
| oval:org.mitre.oval:def:1625 | Mozilla "AnyName" Entrainment and Access Control Hazard |
| oval:org.mitre.oval:def:1189 | Mozilla Table Rebuilding Code Execution Vulnerability |
| oval:org.mitre.oval:def:11164 | Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mo... |
| oval:org.mitre.oval:def:1848 | Mozilla Mozilla Firefox Tag Order Vulnerability |
| oval:org.mitre.oval:def:11704 | nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1... |
| oval:org.mitre.oval:def:1947 | Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1529) |
| oval:org.mitre.oval:def:1903 | Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1530) |
| oval:org.mitre.oval:def:2023 | Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1531) |
| oval:org.mitre.oval:def:1574 | Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1723) |
| oval:org.mitre.oval:def:1901 | Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1724) |
| oval:org.mitre.oval:def:10243 | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x be... |
| oval:org.mitre.oval:def:1471 | Mozilla Spoofing with Translucent Windows |
| oval:org.mitre.oval:def:1968 | Mozilla Security Check of js_ValueToFunctionObject() Can Be Circumvented |
| oval:org.mitre.oval:def:1649 | Mozilla Privilege Escalation through Print Preview |
| oval:org.mitre.oval:def:10364 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0... |
| oval:org.mitre.oval:def:1698 | Mozilla Privilege Escalation Using crypto.generateCRMFRequest |
| oval:org.mitre.oval:def:10508 | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0... |
| oval:org.mitre.oval:def:1929 | Mozilla File Stealing by Changing Input Type |
| oval:org.mitre.oval:def:10922 | Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite befo... |
SAINT Exploits
| Description | Link |
|---|---|
| Firefox AttributeChildRemoved Use After Free | More info here |
| Mozilla Firefox document.write and DOM insertion memory corruption | More info here |
| Firefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access | More info here |
| Mozilla Firefox OBJECT mChannel Use-After-Free | More info here |
| Mozilla Firefox JavaScript Navigator object vulnerability | More info here |
| Mozilla Firefox nsTreeRange Use After Free | More info here |
| Mozilla Firefox QueryInterface method memory corruption | More info here |
| Mozilla Firefox UTF-8 URL buffer overflow | More info here |
| Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability | More info here |
| Firefox crypto.generateCRMFRequest command execution | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 77956 | Mozilla Multiple Product Large OGG <video> Element Handling Remote DoS |
| 77955 | Mozilla Multiple Product for Mac DOM Frame Deletion NULL Dereference Remote C... |
| 77954 | Mozilla Multiple Product SVG Animation accessKey Event Handling Disabled Java... |
| 77953 | Mozilla Multiple Product DOMAttrModified SVG Element Handling Out-of-bounds M... |
| 77952 | Mozilla Multiple Product Multiple Unspecified Remote Memory Corruption |
| 77951 | Mozilla Multiple Product YARR Regular Expression Library Javascript Parsing R... |
| 77609 | Mozilla Multiple Product CSS Token Sequence Parsing Timing Attack Remote Info... |
| 75847 | Mozilla Multiple Product Multiple Tab Handling Keystroke Disclosure |
| 75846 | Mozilla Multiple Product Use-after-free OGG File Handling Remote Code Execution |
| 75845 | Mozilla Multiple Product loadSubScript Method XPCNativeWrappers Unwrapping Re... |
| 75844 | Mozilla Multiple Product YARR Unspecified Memory Corruption |
| 75843 | Mozilla Multiple Product WebGL Test Case Unspecified Out-of-bounds Write Memo... |
| 75842 | Mozilla Multiple Product WebGL ANGLE GrowAtomTable() Function Overflow |
| 75841 | Mozilla Multiple Product Enter Key Download Dialog Verification Bypass |
| 75840 | Mozilla Multiple Product PLUGINSPAGE Enter Key Addon Installation Verificatio... |
| 75839 | Mozilla Multiple Product Multiple Header Handling HTTP Response Splitting Wea... |
| 75838 | Mozilla Multiple Product window.location Named Frame Creation Same Origin Pol... |
| 75836 | Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2997) |
| 75834 | Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2995) |
| 74596 | Mozilla Multiple Products JAR Digital Signature Same Origin Policy Bypass Pri... |
| 74595 | Mozilla Multiple Products Ogg Reader Unspecified DoS |
| 74594 | Mozilla Multiple Products JavaScript Unspecified DoS |
| 74593 | Mozilla Multiple Products Content Security Policy (CSP) Violation Report Prox... |
| 74592 | Mozilla Multiple Products WebGL Unspecified DoS |
| 74591 | Mozilla Multiple Products WebGL Shader Compiler ShaderSource Method Overflow |
ExploitDB Exploits
| id | Description |
|---|---|
| 34363 | Firefox toString console.time Privileged Javascript Injection |
| 30474 | Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution |
| 27699 | Mozilla Firefox 3.5.4 - Local Color Map Exploit |
| 18531 | Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit |
| 17974 | Mozilla Firefox Array.reduceRight() Integer Overflow Exploit |
| 15342 | Firefox Memory Corruption Proof of Concept (Simplified) |
| 15104 | MOAUB #25 - Mozilla Firefox CSS font-face Remote Code Execution Vulnerability |
| 15027 | MOAUB #17 - Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code ... |
| 14949 | MOAUB #9 - Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability |
| 14422 | libpng <= 1.4.2 Denial of Service Vulnerability |
| 12678 | Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities |
| 10544 | Mozilla Firefox Location Bar Spoofing Vulnerability |
| 10380 | Sunbird 0.9 Array Overrun (code execution) 0day |
| 10187 | Opera 10.01 Remote Array Overrun |
| 10186 | K-Meleon 1.5.3 Remote Array Overrun |
| 10185 | SeaMonkey 1.1.8 Remote Array Overrun |
| 10184 | KDE KDELibs 4.3.3 Remote Array Overrun |
| 9663 | Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit |
| 3340 | Mozilla Firefox <= 2.0.0.1 (location.hostname) Cross-Domain Vulnerability |
| 2082 | Mozilla Firefox <= 1.5.0.4 Javascript Navigator Object Code Execution PoC |
OpenVAS Exploits
| id | Description |
|---|---|
| 2013-09-18 | Name : Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities) File : nvt/deb_2406_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2457-2 (iceweasel - several vulnerabilities) File : nvt/deb_2457_2.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2458-2 (iceape - several vulnerabilities) File : nvt/deb_2458_2.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2513-1 (iceape - several vulnerabilities) File : nvt/deb_2513_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities) File : nvt/deb_2553_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities) File : nvt/deb_2583_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities) File : nvt/deb_2584_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2588-1 (icedove - several vulnerabilities) File : nvt/deb_2588_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,) File : nvt/gb_suse_2012_0760_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:0899-1 (MozillaFirefox) File : nvt/gb_suse_2012_0899_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaThunderbird openSUSE-SU-2012:0917-1 (MozillaThunderbird) File : nvt/gb_suse_2012_0917_1.nasl |
| 2012-12-13 | Name : SuSE Update for xulrunner openSUSE-SU-2012:0924-1 (xulrunner) File : nvt/gb_suse_2012_0924_1.nasl |
| 2012-12-13 | Name : SuSE Update for seamonkey openSUSE-SU-2012:0935-1 (seamonkey) File : nvt/gb_suse_2012_0935_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox) File : nvt/gb_suse_2012_1064_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1345-1 (MozillaFirefox) File : nvt/gb_suse_2012_1345_1.nasl |
| 2012-12-13 | Name : SuSE Update for Mozilla Suite openSUSE-SU-2012:1412-1 (Mozilla Suite) File : nvt/gb_suse_2012_1412_1.nasl |
| 2012-12-06 | Name : Fedora Update for seamonkey FEDORA-2012-18931 File : nvt/gb_fedora_2012_18931_seamonkey_fc16.nasl |
| 2012-12-06 | Name : Fedora Update for seamonkey FEDORA-2012-18952 File : nvt/gb_fedora_2012_18952_seamonkey_fc17.nasl |
| 2012-12-04 | Name : Ubuntu Update for firefox USN-1638-3 File : nvt/gb_ubuntu_USN_1638_3.nasl |
| 2012-11-26 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox72.nasl |
| 2012-11-26 | Name : Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows) File : nvt/gb_mozilla_firefox_esr_mult_vuln01_nov12_win.nasl |
| 2012-11-26 | Name : Mozilla Firefox Multiple Vulnerabilities-01 November12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln01_nov12_macosx.nasl |
| 2012-11-26 | Name : Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln01_nov12_win.nasl |
| 2012-11-26 | Name : Mozilla Firefox Multiple Vulnerabilities-02 November12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln02_nov12_macosx.nasl |
| 2012-11-26 | Name : Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln02_nov12_win.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
| 2014-A-0064 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0050011 |
| 2014-A-0043 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0046769 |
| 2014-B-0024 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0046157 |
| 2014-A-0030 | Apple Mac OS X Security Update 2014-001 Severity: Category I - VMSKEY: V0044547 |
| 2014-A-0021 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0043921 |
| 2014-A-0009 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0043395 |
| 2013-A-0233 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0042596 |
| 2013-A-0220 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0042380 |
| 2013-B-0124 | Multiple Vulnerabilities in Google Chrome Severity: Category I - VMSKEY: V0042301 |
| 2013-A-0203 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0041365 |
| 2012-A-0189 | Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity: Category I - VMSKEY: V0035032 |
| 2011-A-0160 | Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity: Category I - VMSKEY: V0030769 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Mozilla regular expression heap corruption attempt RuleID : 8443 - Type : BROWSER-FIREFOX - Revision : 15 |
| 2014-01-10 | Mozilla regular expression heap corruption attempt RuleID : 8442 - Type : SMTP - Revision : 2 |
| 2014-01-10 | Mozilla javascript navigator object access RuleID : 8058 - Type : BROWSER-FIREFOX - Revision : 11 |
| 2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52307 - Type : FILE-IMAGE - Revision : 1 |
| 2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52306 - Type : FILE-IMAGE - Revision : 1 |
| 2019-10-08 | Mozilla Thunderbird input filter bypass cross site scripting attempt RuleID : 51405 - Type : SERVER-MAIL - Revision : 1 |
| 2019-10-08 | Mozilla Firefox GeckoActiveXObject exploit attempt RuleID : 51394 - Type : BROWSER-OTHER - Revision : 2 |
| 2019-10-08 | Mozilla Firefox GeckoActiveXObject exploit attempt RuleID : 51393 - Type : BROWSER-OTHER - Revision : 2 |
| 2018-02-27 | Mozilla Network Security Services heap underflow exploit attempt RuleID : 45539 - Type : SERVER-OTHER - Revision : 1 |
| 2018-02-27 | Mozilla Network Security Services heap underflow exploit attempt RuleID : 45538 - Type : SERVER-OTHER - Revision : 1 |
| 2018-02-27 | Mozilla Network Security Services heap underflow exploit attempt RuleID : 45537 - Type : SERVER-OTHER - Revision : 1 |
| 2018-01-18 | Multiple browser pressure function denial of service attempt RuleID : 45206 - Type : BROWSER-FIREFOX - Revision : 3 |
| 2018-01-17 | Mozilla Firefox nsTreeContentView double-free memory corruption attempt RuleID : 45176 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2017-12-29 | Mozilla products CSS rendering out-of-bounds array write attempt RuleID : 44991 - Type : BROWSER-FIREFOX - Revision : 3 |
| 2017-09-26 | Mozilla Firefox JSXML integer overflow attempt RuleID : 44147 - Type : BROWSER-FIREFOX - Revision : 3 |
| 2017-09-26 | Mozilla Firefox JSXML integer overflow attempt RuleID : 44146 - Type : BROWSER-FIREFOX - Revision : 3 |
| 2017-09-21 | Mozilla Firefox memory corruption attempt RuleID : 44049 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2017-09-21 | Mozilla Firefox memory corruption attempt RuleID : 44048 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2017-09-21 | Mozilla Firefox memory corruption attempt RuleID : 44047 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2017-09-21 | Mozilla Firefox memory corruption attempt RuleID : 44046 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2017-09-21 | Mozilla Firefox invalid watchpoint memory corruption attempt RuleID : 44045 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2017-09-21 | Mozilla Firefox invalid watchpoint memory corruption attempt RuleID : 44044 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2017-09-21 | Mozilla browsers JavaScript argument passing code execution attempt RuleID : 44043 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2017-09-19 | Mozilla Firefox empty lookupGetter dangling pointer attempt RuleID : 44010 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2017-09-19 | Mozilla Firefox empty lookupGetter dangling pointer attempt RuleID : 44009 - Type : BROWSER-FIREFOX - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-11-02 | Name: The remote Debian host is missing a security update. File: debian_DLA-1564.nasl - Type: ACT_GATHER_INFO |
| 2017-04-12 | Name: An application installed on the remote macOS or Mac OS X host is affected by ... File: macosx_ms17-04-4019460_mono.nasl - Type: ACT_GATHER_INFO |
| 2017-04-12 | Name: The remote Windows host is affected by an information disclosure vulnerability. File: smb_nt_ms17_apr_4015383.nasl - Type: ACT_GATHER_INFO |
| 2017-04-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015549.nasl - Type: ACT_GATHER_INFO |
| 2017-04-12 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015550.nasl - Type: ACT_GATHER_INFO |
| 2017-04-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17-apr_4015551.nasl - Type: ACT_GATHER_INFO |
| 2017-04-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015217.nasl - Type: ACT_GATHER_INFO |
| 2017-04-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015219.nasl - Type: ACT_GATHER_INFO |
| 2017-04-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015221.nasl - Type: ACT_GATHER_INFO |
| 2017-04-11 | Name: The remote Windows host is affected by multiple vulnerabilities. File: smb_nt_ms17_apr_4015583.nasl - Type: ACT_GATHER_INFO |
| 2017-04-11 | Name: A web application framework running on the remote host is affected by an info... File: smb_nt_ms17_apr_4017094.nasl - Type: ACT_GATHER_INFO |
| 2017-01-20 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-46.nasl - Type: ACT_GATHER_INFO |
| 2016-12-01 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-2958-1.nasl - Type: ACT_GATHER_INFO |
| 2016-10-06 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3688.nasl - Type: ACT_GATHER_INFO |
| 2016-09-27 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-2385-1.nasl - Type: ACT_GATHER_INFO |
| 2016-09-09 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1064.nasl - Type: ACT_GATHER_INFO |
| 2016-09-02 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-2209-1.nasl - Type: ACT_GATHER_INFO |
| 2016-08-29 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-1618-1.nasl - Type: ACT_GATHER_INFO |
| 2016-06-23 | Name: The remote device is affected by multiple vulnerabilities. File: juniper_space_jsa10727.nasl - Type: ACT_GATHER_INFO |
| 2016-06-08 | Name: The remote Debian host is missing a security update. File: debian_DLA-507.nasl - Type: ACT_GATHER_INFO |
| 2016-06-06 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201606-03.nasl - Type: ACT_GATHER_INFO |
| 2016-06-01 | Name: The remote device is affected by multiple vulnerabilities. File: cisco_ace_A5_3_3.nasl - Type: ACT_GATHER_INFO |
| 2016-05-31 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201605-06.nasl - Type: ACT_GATHER_INFO |
| 2016-05-24 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL59503294.nasl - Type: ACT_GATHER_INFO |
| 2016-05-18 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL16716.nasl - Type: ACT_GATHER_INFO |
