This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mozilla First view 2012-03-14
Product Firefox Esr Last view 2020-07-09
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:mozilla:firefox_esr:10.0:*:*:*:*:*:*:* 474
cpe:2.3:a:mozilla:firefox_esr:10.0.2:*:*:*:*:*:*:* 468
cpe:2.3:a:mozilla:firefox_esr:10.0.1:*:*:*:*:*:*:* 468
cpe:2.3:a:mozilla:firefox_esr:10.0.3:*:*:*:*:*:*:* 462
cpe:2.3:a:mozilla:firefox_esr:10.0.4:*:*:*:*:*:*:* 451
cpe:2.3:a:mozilla:firefox_esr:10.0.5:*:*:*:*:*:*:* 441
cpe:2.3:a:mozilla:firefox_esr:10.0.6:*:*:*:*:*:*:* 424
cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:* 421
cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:* 419
cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:* 410
cpe:2.3:a:mozilla:firefox_esr:10.0.7:*:*:*:*:*:*:* 398
cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:* 398
cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:* 395
cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:* 392
cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:* 392
cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:* 385
cpe:2.3:a:mozilla:firefox_esr:17.0.4:*:*:*:*:*:*:* 384
cpe:2.3:a:mozilla:firefox_esr:10.0.8:*:*:*:*:*:*:* 379
cpe:2.3:a:mozilla:firefox_esr:10.0.9:*:*:*:*:*:*:* 378
cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:* 378
cpe:2.3:a:mozilla:firefox_esr:17.0.5:*:*:*:*:*:*:* 376
cpe:2.3:a:mozilla:firefox_esr:10.0.10:*:*:*:*:*:*:* 375
cpe:2.3:a:mozilla:firefox_esr:38.1.1:*:*:*:*:*:*:* 374
cpe:2.3:a:mozilla:firefox_esr:38.2.1:*:*:*:*:*:*:* 374
cpe:2.3:a:mozilla:firefox_esr:24.0.2:*:*:*:*:*:*:* 367
cpe:2.3:a:mozilla:firefox_esr:24.0.1:*:*:*:*:*:*:* 367
cpe:2.3:a:mozilla:firefox_esr:24.0:*:*:*:*:*:*:* 367
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* 367
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:x86:* 367
cpe:2.3:a:mozilla:firefox_esr:17.0.6:*:*:*:*:*:*:* 365
cpe:2.3:a:mozilla:firefox_esr:10.2:*:*:*:*:*:*:* 362
cpe:2.3:a:mozilla:firefox_esr:10.1:*:*:*:*:*:*:* 362
cpe:2.3:a:mozilla:firefox_esr:38.3.0:*:*:*:*:*:*:* 359
cpe:2.3:a:mozilla:firefox_esr:10.0.11:*:*:*:*:*:*:* 357
cpe:2.3:a:mozilla:firefox_esr:10.0.12:*:*:*:*:*:*:* 356
cpe:2.3:a:mozilla:firefox_esr:17.0.7:*:*:*:*:*:*:* 355
cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:* 355
cpe:2.3:a:mozilla:firefox_esr:24.1.1:*:*:*:*:*:*:* 353
cpe:2.3:a:mozilla:firefox_esr:24.1.0:*:*:*:*:*:*:* 353
cpe:2.3:a:mozilla:firefox_esr:17.0.8:*:*:*:*:*:*:* 346
cpe:2.3:a:mozilla:firefox_esr:24.2:*:*:*:*:*:*:* 346
cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:* 345
cpe:2.3:a:mozilla:firefox_esr:38.4.0:*:*:*:*:*:*:* 345
cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:* 341
cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:* 341
cpe:2.3:a:mozilla:firefox_esr:38.5.0:*:*:*:*:*:*:* 339
cpe:2.3:a:mozilla:firefox_esr:24.3:*:*:*:*:*:*:* 338
cpe:2.3:a:mozilla:firefox_esr:17.0.9:*:*:*:*:*:*:* 337
cpe:2.3:a:mozilla:firefox_esr:38.5.1:*:*:*:*:*:*:* 337
cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:* 336

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2020-07-09 CVE-2020-12421

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

8.8 2020-07-09 CVE-2020-12420

When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

8.8 2020-07-09 CVE-2020-12419

When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

6.5 2020-07-09 CVE-2020-12418

Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

8.8 2020-07-09 CVE-2020-12417

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

8.8 2020-07-09 CVE-2020-12410

Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

8.8 2020-07-09 CVE-2020-12406

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

5.3 2020-07-09 CVE-2020-12405

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

4.4 2020-07-09 CVE-2020-12399

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

8.8 2020-07-09 CVE-2018-12371

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.

9.8 2020-05-26 CVE-2020-6831

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

9.8 2020-05-26 CVE-2020-12395

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

7.8 2020-05-26 CVE-2020-12393

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

5.5 2020-05-26 CVE-2020-12392

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

10 2020-05-26 CVE-2020-12389

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.

10 2020-05-26 CVE-2020-12388

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.

8.1 2020-05-26 CVE-2020-12387

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

7.5 2020-04-24 CVE-2020-6828

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.
*Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.

4.7 2020-04-24 CVE-2020-6827

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI.
*Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.

9.8 2020-04-24 CVE-2020-6825

Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.

8.8 2020-04-24 CVE-2020-6822

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.

7.5 2020-04-24 CVE-2020-6821

When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.

8.1 2020-04-24 CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.

8.1 2020-04-24 CVE-2020-6819

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.

9.8 2020-03-25 CVE-2020-6814

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
28% (184) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
15% (98) CWE-416 Use After Free
7% (50) CWE-399 Resource Management Errors
7% (48) CWE-20 Improper Input Validation
6% (41) CWE-264 Permissions, Privileges, and Access Controls
5% (34) CWE-200 Information Exposure
3% (25) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (22) CWE-787 Out-of-bounds Write
2% (15) CWE-125 Out-of-bounds Read
1% (11) CWE-190 Integer Overflow or Wraparound
1% (11) CWE-189 Numeric Errors
1% (10) CWE-269 Improper Privilege Management
1% (10) CWE-254 Security Features
1% (9) CWE-17 Code
1% (8) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (8) CWE-94 Failure to Control Generation of Code ('Code Injection')
1% (7) CWE-704 Incorrect Type Conversion or Cast
1% (7) CWE-362 Race Condition
0% (6) CWE-346 Origin Validation Error
0% (4) CWE-352 Cross-Site Request Forgery (CSRF)
0% (3) CWE-732 Incorrect Permission Assignment for Critical Resource
0% (3) CWE-310 Cryptographic Issues
0% (3) CWE-295 Certificate Issues
0% (3) CWE-284 Access Control (Authorization) Issues
0% (3) CWE-19 Data Handling

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:14909 CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR...
oval:org.mitre.oval:def:14258 Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR...
oval:org.mitre.oval:def:14829 Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 1...
oval:org.mitre.oval:def:15007 The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x throu...
oval:org.mitre.oval:def:14775 Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeCo...
oval:org.mitre.oval:def:15122 Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 1...
oval:org.mitre.oval:def:15066 The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x throug...
oval:org.mitre.oval:def:15114 Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird...
oval:org.mitre.oval:def:15009 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox...
oval:org.mitre.oval:def:14980 DSA-2437-1 icedove -- several
oval:org.mitre.oval:def:14590 DSA-2433-1 iceweasel -- several
oval:org.mitre.oval:def:15012 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox...
oval:org.mitre.oval:def:15143 The nsWindow implementation in the browser engine in Mozilla Firefox before 3...
oval:org.mitre.oval:def:21392 RHSA-2012:0388: thunderbird security update (Critical)
oval:org.mitre.oval:def:21087 RHSA-2012:0387: firefox security and bug fix update (Critical)
oval:org.mitre.oval:def:17946 USN-1400-5 -- gsettings-desktop-schemas regression
oval:org.mitre.oval:def:17944 USN-1400-4 -- thunderbird regressions
oval:org.mitre.oval:def:15457 USN-1400-3 -- Thunderbird vulnerabilities
oval:org.mitre.oval:def:15321 USN-1400-1 -- Firefox vulnerabilities
oval:org.mitre.oval:def:15260 USN-1400-2 -- ubufox update
oval:org.mitre.oval:def:14977 USN-1401-2 -- Thunderbird vulnerabilities
oval:org.mitre.oval:def:14716 USN-1401-1 -- Xulrunner vulnerabilities
oval:org.mitre.oval:def:14170 Use-after-free vulnerability in the browser engine in Mozilla Firefox before ...
oval:org.mitre.oval:def:23382 ELSA-2012:0388: thunderbird security update (Critical)
oval:org.mitre.oval:def:23093 ELSA-2012:0387: firefox security and bug fix update (Critical)

SAINT Exploits

Description Link
Mozilla Firefox onreadystatechange Event Use After Free More info here
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability More info here
Firefox crypto.generateCRMFRequest command execution More info here

ExploitDB Exploits

id Description
34363 Firefox toString console.time Privileged Javascript Injection
30474 Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-09-18 Name : Debian Security Advisory DSA 2457-2 (iceweasel - several vulnerabilities)
File : nvt/deb_2457_2.nasl
2013-09-18 Name : Debian Security Advisory DSA 2458-2 (iceape - several vulnerabilities)
File : nvt/deb_2458_2.nasl
2013-09-18 Name : Debian Security Advisory DSA 2513-1 (iceape - several vulnerabilities)
File : nvt/deb_2513_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2553_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2583_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities)
File : nvt/deb_2584_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2588-1 (icedove - several vulnerabilities)
File : nvt/deb_2588_1.nasl
2013-04-01 Name : Mozilla Firefox ESR Code Execution Vulnerabilities - November12 (Mac OS X)
File : nvt/gb_mozilla_firefox_esr_code_exec_vuln_nov12_macosx.nasl
2013-04-01 Name : Mozilla Firefox ESR Code Execution Vulnerabilities - November12 (Windows)
File : nvt/gb_mozilla_firefox_esr_code_exec_vuln_nov12_win.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,)
File : nvt/gb_suse_2012_0760_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:0899-1 (MozillaFirefox)
File : nvt/gb_suse_2012_0899_1.nasl
2012-12-13 Name : SuSE Update for MozillaThunderbird openSUSE-SU-2012:0917-1 (MozillaThunderbird)
File : nvt/gb_suse_2012_0917_1.nasl
2012-12-13 Name : SuSE Update for xulrunner openSUSE-SU-2012:0924-1 (xulrunner)
File : nvt/gb_suse_2012_0924_1.nasl
2012-12-13 Name : SuSE Update for seamonkey openSUSE-SU-2012:0935-1 (seamonkey)
File : nvt/gb_suse_2012_0935_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox)
File : nvt/gb_suse_2012_1064_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1345-1 (MozillaFirefox)
File : nvt/gb_suse_2012_1345_1.nasl
2012-12-13 Name : SuSE Update for Mozilla Suite openSUSE-SU-2012:1412-1 (Mozilla Suite)
File : nvt/gb_suse_2012_1412_1.nasl
2012-12-06 Name : Fedora Update for seamonkey FEDORA-2012-18931
File : nvt/gb_fedora_2012_18931_seamonkey_fc16.nasl
2012-12-06 Name : Fedora Update for seamonkey FEDORA-2012-18952
File : nvt/gb_fedora_2012_18952_seamonkey_fc17.nasl
2012-12-04 Name : Ubuntu Update for firefox USN-1638-3
File : nvt/gb_ubuntu_USN_1638_3.nasl
2012-11-26 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox72.nasl
2012-11-26 Name : Mozilla Firefox Code Execution Vulnerabilities - November12 (Mac OS X)
File : nvt/gb_mozilla_firefox_code_exec_vuln_nov12_macosx.nasl
2012-11-26 Name : Mozilla Firefox Code Execution Vulnerabilities - November12 (Windows)
File : nvt/gb_mozilla_firefox_code_exec_vuln_nov12_win.nasl
2012-11-26 Name : Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows)
File : nvt/gb_mozilla_firefox_esr_mult_vuln01_nov12_win.nasl
2012-11-26 Name : Mozilla Firefox Multiple Vulnerabilities-01 November12 (Mac OS X)
File : nvt/gb_mozilla_prdts_mult_vuln01_nov12_macosx.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0223 Multiple Security Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0061473
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2014-A-0113 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0053309
2014-A-0082 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0052487
2014-A-0064 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0050011
2014-A-0043 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0046769
2014-A-0021 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0043921
2013-A-0233 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042596
2013-A-0220 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042380
2013-A-0203 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0041365
2012-A-0189 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0035032

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2020-07-23 Mozilla Firefox ReadableStreamCloseInternal out-of-bounds access attempt
RuleID : 54380 - Type : BROWSER-FIREFOX - Revision : 1
2020-07-23 Mozilla Firefox ReadableStreamCloseInternal out-of-bounds access attempt
RuleID : 54379 - Type : BROWSER-FIREFOX - Revision : 1
2020-05-07 Mozilla Firefox potential use after free attempt
RuleID : 53581 - Type : BROWSER-FIREFOX - Revision : 1
2020-05-07 Mozilla Firefox potential use after free attempt
RuleID : 53580 - Type : BROWSER-FIREFOX - Revision : 1
2020-01-14 IonMonkey MArraySlice buffer overflow attempt
RuleID : 52431 - Type : BROWSER-FIREFOX - Revision : 1
2020-01-14 IonMonkey MArraySlice buffer overflow attempt
RuleID : 52430 - Type : BROWSER-FIREFOX - Revision : 1
2020-01-14 Mozilla Firefox RemotePrompt sandbox escape attempt
RuleID : 52425 - Type : BROWSER-FIREFOX - Revision : 1
2020-01-14 Mozilla Firefox RemotePrompt sandbox escape attempt
RuleID : 52424 - Type : BROWSER-FIREFOX - Revision : 1
2019-10-08 Mozilla Firefox Custom Elements write-after-free attempt
RuleID : 51440 - Type : BROWSER-FIREFOX - Revision : 1
2019-10-08 Mozilla Firefox Custom Elements write-after-free attempt
RuleID : 51439 - Type : BROWSER-FIREFOX - Revision : 1
2019-08-13 Mozilla Firefox RemotePrompt sandbox escape attempt
RuleID : 50697 - Type : BROWSER-FIREFOX - Revision : 2
2019-08-13 Mozilla Firefox RemotePrompt sandbox escape attempt
RuleID : 50696 - Type : BROWSER-FIREFOX - Revision : 2
2019-07-31 Mozilla Firefox Array.prototype.pop type confusion attempt
RuleID : 50519 - Type : BROWSER-FIREFOX - Revision : 2
2019-07-31 Mozilla Firefox Array.prototype.pop type confusion attempt
RuleID : 50518 - Type : BROWSER-FIREFOX - Revision : 2
2019-05-24 Mozilla Firefox DOMSVGLength appendItem use after free attempt
RuleID : 49918 - Type : BROWSER-FIREFOX - Revision : 1
2019-05-24 Mozilla Firefox DOMSVGLength appendItem use after free attempt
RuleID : 49917 - Type : BROWSER-FIREFOX - Revision : 1
2019-01-17 Mozilla Firefox method array.prototype.push remote code execution attempt
RuleID : 48626 - Type : BROWSER-FIREFOX - Revision : 2
2019-01-17 Mozilla Firefox method array.prototype.push remote code execution attempt
RuleID : 48625 - Type : BROWSER-FIREFOX - Revision : 2
2019-01-10 Mozilla Firefox javascript type confusion code execution attempt
RuleID : 48565 - Type : BROWSER-FIREFOX - Revision : 1
2019-01-10 Mozilla Firefox javascript type confusion code execution attempt
RuleID : 48564 - Type : BROWSER-FIREFOX - Revision : 1
2018-12-07 out-of-bounds write attempt with malicious MAR file detected
RuleID : 48296 - Type : FILE-OTHER - Revision : 2
2018-12-07 out-of-bounds write attempt with malicious MAR file detected
RuleID : 48295 - Type : FILE-OTHER - Revision : 2
2018-11-10 libvorbis VORBIS audio data out of bounds write attempt
RuleID : 48106 - Type : FILE-MULTIMEDIA - Revision : 1
2018-11-10 libvorbis VORBIS audio data out of bounds write attempt
RuleID : 48105 - Type : FILE-MULTIMEDIA - Revision : 1
2018-11-08 Multiple browsers memory corruption attempt
RuleID : 48052 - Type : BROWSER-IE - Revision : 6

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-def329f680.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1414.nasl - Type: ACT_GATHER_INFO
2018-12-27 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3831.nasl - Type: ACT_GATHER_INFO
2018-12-27 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3833.nasl - Type: ACT_GATHER_INFO
2018-12-18 Name: A web browser installed on the remote macOS host is affected by multiple vuln...
File: macosx_firefox_62_0.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-1605.nasl - Type: ACT_GATHER_INFO
2018-12-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4354.nasl - Type: ACT_GATHER_INFO
2018-12-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_d10b49b28d0249e8afde0844626317af.nasl - Type: ACT_GATHER_INFO
2018-12-12 Name: A web browser installed on the remote macOS host is affected by multiple vuln...
File: macosx_firefox_60_4_esr.nasl - Type: ACT_GATHER_INFO
2018-12-12 Name: A web browser installed on the remote macOS host is affected by multiple vuln...
File: macosx_firefox_64_0.nasl - Type: ACT_GATHER_INFO
2018-12-12 Name: A web browser installed on the remote Windows host is affected by multiple vu...
File: mozilla_firefox_60_4_esr.nasl - Type: ACT_GATHER_INFO
2018-12-12 Name: A web browser installed on the remote Windows host is affected by multiple vu...
File: mozilla_firefox_64_0.nasl - Type: ACT_GATHER_INFO
2018-12-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1384.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2831.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2832.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2885.nasl - Type: ACT_GATHER_INFO
2018-11-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-13.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3531.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3532.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-1575.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4337.nasl - Type: ACT_GATHER_INFO
2018-11-09 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3403.nasl - Type: ACT_GATHER_INFO
2018-11-09 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-04.nasl - Type: ACT_GATHER_INFO
2018-11-08 Name: The remote Debian host is missing a security update.
File: debian_DLA-1571.nasl - Type: ACT_GATHER_INFO
2018-11-07 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1367.nasl - Type: ACT_GATHER_INFO