This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Mozilla First view 2004-08-06
Product Thunderbird Last view 2020-07-09
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:mozilla:thunderbird:1.5:-:*:*:*:*:*:* 821
cpe:2.3:a:mozilla:thunderbird:0.7:-:*:*:*:*:*:* 809
cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:* 808
cpe:2.3:a:mozilla:thunderbird:1.0:-:*:*:*:*:*:* 808
cpe:2.3:a:mozilla:thunderbird:1.0.1:*:*:*:*:*:*:* 805
cpe:2.3:a:mozilla:thunderbird:1.0.7:*:*:*:*:*:*:* 804
cpe:2.3:a:mozilla:thunderbird:1.0.6:*:*:*:*:*:*:* 803
cpe:2.3:a:mozilla:thunderbird:1.0.5:*:*:*:*:*:*:* 803
cpe:2.3:a:mozilla:thunderbird:1.0.2:*:*:*:*:*:*:* 803
cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:* 802
cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:* 802
cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:* 802
cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:* 802
cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:* 802
cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:* 801
cpe:2.3:a:mozilla:thunderbird:0.7.1:*:*:*:*:*:*:* 801
cpe:2.3:a:mozilla:thunderbird:0.7.2:*:*:*:*:*:*:* 801
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* 800
cpe:2.3:a:mozilla:thunderbird:1.0.4:*:*:*:*:*:*:* 799
cpe:2.3:a:mozilla:thunderbird:1.0.3:*:*:*:*:*:*:* 799
cpe:2.3:a:mozilla:thunderbird:0.7.3:*:*:*:*:*:*:* 797
cpe:2.3:a:mozilla:thunderbird:0.8:*:*:*:*:*:*:* 796
cpe:2.3:a:mozilla:thunderbird:1.0.5:beta:*:*:*:*:*:* 796
cpe:2.3:a:mozilla:thunderbird:0.9:*:*:*:*:*:*:* 794
cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:* 791
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:* 790
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:* 789
cpe:2.3:a:mozilla:thunderbird:0.7:rc:*:*:*:*:*:* 789
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:x86:* 789
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:* 784
cpe:2.3:a:mozilla:thunderbird:1.0:rc:*:*:*:*:*:* 783
cpe:2.3:a:mozilla:thunderbird:1.0.8:*:*:*:*:*:*:* 782
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:* 776
cpe:2.3:a:mozilla:thunderbird:1.1:alpha1:*:*:*:*:*:* 774
cpe:2.3:a:mozilla:thunderbird:1.1:alpha2:*:*:*:*:*:* 774
cpe:2.3:a:mozilla:thunderbird:1.5:beta1:*:*:*:*:*:* 774
cpe:2.3:a:mozilla:thunderbird:1.5:rc1:*:*:*:*:*:* 774
cpe:2.3:a:mozilla:thunderbird:1.5:rc2:*:*:*:*:*:* 774
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:* 770
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:* 767
cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:* 764
cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:* 762
cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:* 758
cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:* 758
cpe:2.3:a:mozilla:thunderbird:2.0.0.1:*:*:*:*:*:*:* 758
cpe:2.3:a:mozilla:thunderbird:2.0.0.2:*:*:*:*:*:*:* 758
cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:* 756
cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:* 756
cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:* 755
cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:* 754

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
6.5 2020-07-09 CVE-2020-12421

When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

8.8 2020-07-09 CVE-2020-12420

When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

8.8 2020-07-09 CVE-2020-12419

When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

6.5 2020-07-09 CVE-2020-12418

Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

8.8 2020-07-09 CVE-2020-12417

Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.

8.8 2020-07-09 CVE-2020-12406

Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

5.3 2020-07-09 CVE-2020-12405

When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

4.4 2020-07-09 CVE-2020-12399

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

7.5 2020-07-09 CVE-2020-12398

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.

8.8 2020-07-09 CVE-2018-12371

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.

9.8 2020-05-26 CVE-2020-6831

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

9.8 2020-05-26 CVE-2020-12395

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

7.8 2020-05-26 CVE-2020-12393

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

5.5 2020-05-26 CVE-2020-12392

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

8.1 2020-05-26 CVE-2020-12387

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

4.3 2020-05-22 CVE-2020-12397

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0.

9.8 2020-04-24 CVE-2020-6825

Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.

8.8 2020-04-24 CVE-2020-6822

On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.

7.5 2020-04-24 CVE-2020-6821

When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.

8.1 2020-04-24 CVE-2020-6820

Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.

8.1 2020-04-24 CVE-2020-6819

Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.

9.8 2020-03-25 CVE-2020-6814

Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

5.3 2020-03-25 CVE-2020-6812

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

8.8 2020-03-25 CVE-2020-6811

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

8.8 2020-03-25 CVE-2020-6807

When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
22% (170) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
13% (102) CWE-399 Resource Management Errors
12% (93) CWE-416 Use After Free
8% (61) CWE-20 Improper Input Validation
7% (60) CWE-264 Permissions, Privileges, and Access Controls
6% (47) CWE-200 Information Exposure
5% (40) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (29) CWE-94 Failure to Control Generation of Code ('Code Injection')
2% (19) CWE-189 Numeric Errors
2% (17) CWE-787 Out-of-bounds Write
2% (17) CWE-125 Out-of-bounds Read
1% (10) CWE-190 Integer Overflow or Wraparound
1% (8) CWE-269 Improper Privilege Management
0% (6) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
0% (6) CWE-16 Configuration
0% (5) CWE-704 Incorrect Type Conversion or Cast
0% (5) CWE-362 Race Condition
0% (5) CWE-346 Origin Validation Error
0% (5) CWE-17 Code
0% (4) CWE-352 Cross-Site Request Forgery (CSRF)
0% (4) CWE-310 Cryptographic Issues
0% (4) CWE-287 Improper Authentication
0% (4) CWE-254 Security Features
0% (4) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
0% (4) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-26 Leveraging Race Conditions
CAPEC-28 Fuzzing
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-63 Simple Script Injection
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66 SQL Injection

Oval Markup Language : Definitions

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
OvalID Name
oval:org.mitre.oval:def:3250 Mozilla, Firefox, Thunderbird POP3 SendUidl Buffer Overflow
oval:org.mitre.oval:def:11042 Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla...
oval:org.mitre.oval:def:9240 Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow rem...
oval:org.mitre.oval:def:3603 Mozilla, Firefox, Thunderbird Security Lock Icon Spoof Vulnerability
oval:org.mitre.oval:def:4403 Mozilla, Firefox, Thunderbird XPInstall Security Vulnerability
oval:org.mitre.oval:def:10032 Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow rem...
oval:org.mitre.oval:def:9419 Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow rem...
oval:org.mitre.oval:def:2418 Mozilla, Firefox, Thunderbird User Interface Hijacking Vulnerability
oval:org.mitre.oval:def:11162 The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and...
oval:org.mitre.oval:def:11201 Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Re...
oval:org.mitre.oval:def:10873 Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for ...
oval:org.mitre.oval:def:10952 Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the P...
oval:org.mitre.oval:def:11668 The XPInstall installer in Mozilla Firefox before the Preview Release, Mozill...
oval:org.mitre.oval:def:9745 Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunder...
oval:org.mitre.oval:def:9543 Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to sp...
oval:org.mitre.oval:def:100056 Mozilla Creates World-readable temp Files
oval:org.mitre.oval:def:100048 Mozilla Thunderbird Subject to IE Vulnerabilities via javascript
oval:org.mitre.oval:def:11407 Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the n...
oval:org.mitre.oval:def:100047 Mozilla Mail News Cookie Security Bypass Vulnerability
oval:org.mitre.oval:def:9111 The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 bef...
oval:org.mitre.oval:def:100040 Mozilla String Library Memory Overwrite Vulnerability
oval:org.mitre.oval:def:11377 The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 bef...
oval:org.mitre.oval:def:100028 Mozilla GIF Heap Overflow
oval:org.mitre.oval:def:10010 The installation confirmation dialog in Firefox before 1.0.1, Thunderbird bef...
oval:org.mitre.oval:def:100041 Mozilla 'user:pass@host' Spoofing Vulnerability

SAINT Exploits

Description Link
Firefox AttributeChildRemoved Use After Free More info here
Mozilla Firefox document.write and DOM insertion memory corruption More info here
Mozilla Firefox GIF processing buffer overflow More info here
Firefox sensor.dll Insecure Library Loading More info here
Mozilla Firefox onreadystatechange Event Use After Free More info here
Firefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access More info here
Mozilla Firefox QueryInterface method memory corruption More info here
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability More info here
Firefox crypto.generateCRMFRequest command execution More info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
77956 Mozilla Multiple Product Large OGG <video> Element Handling Remote DoS
77955 Mozilla Multiple Product for Mac DOM Frame Deletion NULL Dereference Remote C...
77954 Mozilla Multiple Product SVG Animation accessKey Event Handling Disabled Java...
77953 Mozilla Multiple Product DOMAttrModified SVG Element Handling Out-of-bounds M...
77952 Mozilla Multiple Product Multiple Unspecified Remote Memory Corruption
77951 Mozilla Multiple Product YARR Regular Expression Library Javascript Parsing R...
77609 Mozilla Multiple Product CSS Token Sequence Parsing Timing Attack Remote Info...
76955 Mozilla Multiple Product NoWaiverWrappers Internal Privilege Check Weakness R...
76954 Mozilla Multiple Product WebGL GPU Memory Random Image Disclosure
76953 Mozilla Multiple Product Windows D2D Hardware Acceleration Same Origin Policy...
76952 Mozilla Multiple Product Firebug JavaScript File Profiling Remote Memory Corr...
76951 Mozilla Multiple Product Multiple Unspecified Remote Memory Corruption (2011-...
76950 Mozilla Multiple Product Unchecked Allocation Failure Remote Memory Corruption
76949 Mozilla Multiple Product SVG <mpath> Non-SVG Link Remote Memory Corruption
76948 Mozilla Multiple Product Shift-JIS XSS
76947 Mozilla Multiple Product JSSubScriptLoader loadSubScript Method XPCNativeWrap...
75846 Mozilla Multiple Product Use-after-free OGG File Handling Remote Code Execution
75844 Mozilla Multiple Product YARR Unspecified Memory Corruption
75841 Mozilla Multiple Product Enter Key Download Dialog Verification Bypass
75840 Mozilla Multiple Product PLUGINSPAGE Enter Key Addon Installation Verificatio...
75839 Mozilla Multiple Product Multiple Header Handling HTTP Response Splitting Wea...
75838 Mozilla Multiple Product window.location Named Frame Creation Same Origin Pol...
75836 Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2997)
75834 Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2995)
74595 Mozilla Multiple Products Ogg Reader Unspecified DoS

ExploitDB Exploits

id Description
34363 Firefox toString console.time Privileged Javascript Injection
30474 Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution
18531 Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit
17974 Mozilla Firefox Array.reduceRight() Integer Overflow Exploit
15342 Firefox Memory Corruption Proof of Concept (Simplified)
15104 MOAUB #25 - Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
14949 MOAUB #9 - Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-09-18 Name : Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities)
File : nvt/deb_2406_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2457-2 (iceweasel - several vulnerabilities)
File : nvt/deb_2457_2.nasl
2013-09-18 Name : Debian Security Advisory DSA 2458-2 (iceape - several vulnerabilities)
File : nvt/deb_2458_2.nasl
2013-09-18 Name : Debian Security Advisory DSA 2513-1 (iceape - several vulnerabilities)
File : nvt/deb_2513_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2553_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities)
File : nvt/deb_2583_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities)
File : nvt/deb_2584_1.nasl
2013-09-18 Name : Debian Security Advisory DSA 2588-1 (icedove - several vulnerabilities)
File : nvt/deb_2588_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,)
File : nvt/gb_suse_2012_0760_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:0899-1 (MozillaFirefox)
File : nvt/gb_suse_2012_0899_1.nasl
2012-12-13 Name : SuSE Update for MozillaThunderbird openSUSE-SU-2012:0917-1 (MozillaThunderbird)
File : nvt/gb_suse_2012_0917_1.nasl
2012-12-13 Name : SuSE Update for xulrunner openSUSE-SU-2012:0924-1 (xulrunner)
File : nvt/gb_suse_2012_0924_1.nasl
2012-12-13 Name : SuSE Update for seamonkey openSUSE-SU-2012:0935-1 (seamonkey)
File : nvt/gb_suse_2012_0935_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox)
File : nvt/gb_suse_2012_1064_1.nasl
2012-12-13 Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1345-1 (MozillaFirefox)
File : nvt/gb_suse_2012_1345_1.nasl
2012-12-13 Name : SuSE Update for Mozilla Suite openSUSE-SU-2012:1412-1 (Mozilla Suite)
File : nvt/gb_suse_2012_1412_1.nasl
2012-12-06 Name : Fedora Update for seamonkey FEDORA-2012-18931
File : nvt/gb_fedora_2012_18931_seamonkey_fc16.nasl
2012-12-06 Name : Fedora Update for seamonkey FEDORA-2012-18952
File : nvt/gb_fedora_2012_18952_seamonkey_fc17.nasl
2012-12-04 Name : Ubuntu Update for firefox USN-1638-3
File : nvt/gb_ubuntu_USN_1638_3.nasl
2012-11-26 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox72.nasl
2012-11-26 Name : Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows)
File : nvt/gb_mozilla_firefox_esr_mult_vuln01_nov12_win.nasl
2012-11-26 Name : Mozilla Firefox Multiple Vulnerabilities-01 November12 (Mac OS X)
File : nvt/gb_mozilla_prdts_mult_vuln01_nov12_macosx.nasl
2012-11-26 Name : Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln01_nov12_win.nasl
2012-11-26 Name : Mozilla Firefox Multiple Vulnerabilities-02 November12 (Mac OS X)
File : nvt/gb_mozilla_prdts_mult_vuln02_nov12_macosx.nasl
2012-11-26 Name : Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln02_nov12_win.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0158 Multiple Vulnerabilities in Oracle Java SE
Severity: Category I - VMSKEY: V0061089
2014-A-0113 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0053309
2014-A-0082 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0052487
2014-A-0064 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0050011
2014-A-0043 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0046769
2014-A-0021 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0043921
2014-A-0009 Multiple Vulnerabilities in Oracle Fusion Middleware
Severity: Category I - VMSKEY: V0043395
2013-A-0233 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0042596
2013-A-0203 Multiple Vulnerabilities in Mozilla Products
Severity: Category I - VMSKEY: V0041365
2012-A-0189 Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1
Severity: Category I - VMSKEY: V0035032
2011-A-0160 Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana...
Severity: Category I - VMSKEY: V0030769

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2014-01-10 Mozilla regular expression heap corruption attempt
RuleID : 8443 - Type : BROWSER-FIREFOX - Revision : 15
2014-01-10 Mozilla regular expression heap corruption attempt
RuleID : 8442 - Type : SMTP - Revision : 2
2014-01-10 Mozilla GIF multipacket heap overflow - ANIMEXTS1.0
RuleID : 6503 - Type : WEB-CLIENT - Revision : 9
2014-01-10 Mozilla GIF single packet heap overflow - ANIMEXTS1.0
RuleID : 6502 - Type : FILE-IMAGE - Revision : 15
2020-07-23 Mozilla Firefox ReadableStreamCloseInternal out-of-bounds access attempt
RuleID : 54380 - Type : BROWSER-FIREFOX - Revision : 1
2020-07-23 Mozilla Firefox ReadableStreamCloseInternal out-of-bounds access attempt
RuleID : 54379 - Type : BROWSER-FIREFOX - Revision : 1
2020-05-07 Mozilla Firefox potential use after free attempt
RuleID : 53581 - Type : BROWSER-FIREFOX - Revision : 1
2020-05-07 Mozilla Firefox potential use after free attempt
RuleID : 53580 - Type : BROWSER-FIREFOX - Revision : 1
2020-02-11 Mozilla multiple products SharedWorker MessagePort memory corruption attempt
RuleID : 52569 - Type : BROWSER-FIREFOX - Revision : 1
2020-01-14 IonMonkey MArraySlice buffer overflow attempt
RuleID : 52431 - Type : BROWSER-FIREFOX - Revision : 1
2020-01-14 IonMonkey MArraySlice buffer overflow attempt
RuleID : 52430 - Type : BROWSER-FIREFOX - Revision : 1
2020-01-14 Mozilla Firefox RemotePrompt sandbox escape attempt
RuleID : 52425 - Type : BROWSER-FIREFOX - Revision : 1
2020-01-14 Mozilla Firefox RemotePrompt sandbox escape attempt
RuleID : 52424 - Type : BROWSER-FIREFOX - Revision : 1
2019-10-08 Mozilla Firefox Custom Elements write-after-free attempt
RuleID : 51440 - Type : BROWSER-FIREFOX - Revision : 1
2019-10-08 Mozilla Firefox Custom Elements write-after-free attempt
RuleID : 51439 - Type : BROWSER-FIREFOX - Revision : 1
2019-10-08 Mozilla Thunderbird input filter bypass cross site scripting attempt
RuleID : 51405 - Type : SERVER-MAIL - Revision : 1
2019-10-08 Mozilla Firefox GeckoActiveXObject exploit attempt
RuleID : 51394 - Type : BROWSER-OTHER - Revision : 2
2019-10-08 Mozilla Firefox GeckoActiveXObject exploit attempt
RuleID : 51393 - Type : BROWSER-OTHER - Revision : 2
2019-08-13 Mozilla Firefox RemotePrompt sandbox escape attempt
RuleID : 50697 - Type : BROWSER-FIREFOX - Revision : 2
2019-08-13 Mozilla Firefox RemotePrompt sandbox escape attempt
RuleID : 50696 - Type : BROWSER-FIREFOX - Revision : 2
2019-07-31 Mozilla Firefox Array.prototype.pop type confusion attempt
RuleID : 50519 - Type : BROWSER-FIREFOX - Revision : 2
2019-07-31 Mozilla Firefox Array.prototype.pop type confusion attempt
RuleID : 50518 - Type : BROWSER-FIREFOX - Revision : 2
2019-05-24 Mozilla Firefox DOMSVGLength appendItem use after free attempt
RuleID : 49918 - Type : BROWSER-FIREFOX - Revision : 1
2019-05-24 Mozilla Firefox DOMSVGLength appendItem use after free attempt
RuleID : 49917 - Type : BROWSER-FIREFOX - Revision : 1
2018-12-07 out-of-bounds write attempt with malicious MAR file detected
RuleID : 48296 - Type : FILE-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-77fe2e20ad.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-def329f680.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1414.nasl - Type: ACT_GATHER_INFO
2018-12-27 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3831.nasl - Type: ACT_GATHER_INFO
2018-12-27 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3833.nasl - Type: ACT_GATHER_INFO
2018-12-18 Name: A web browser installed on the remote macOS host is affected by multiple vuln...
File: macosx_firefox_62_0.nasl - Type: ACT_GATHER_INFO
2018-12-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-1605.nasl - Type: ACT_GATHER_INFO
2018-12-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4354.nasl - Type: ACT_GATHER_INFO
2018-12-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_d10b49b28d0249e8afde0844626317af.nasl - Type: ACT_GATHER_INFO
2018-12-12 Name: A web browser installed on the remote macOS host is affected by multiple vuln...
File: macosx_firefox_60_4_esr.nasl - Type: ACT_GATHER_INFO
2018-12-12 Name: A web browser installed on the remote macOS host is affected by multiple vuln...
File: macosx_firefox_64_0.nasl - Type: ACT_GATHER_INFO
2018-12-12 Name: A web browser installed on the remote Windows host is affected by multiple vu...
File: mozilla_firefox_60_4_esr.nasl - Type: ACT_GATHER_INFO
2018-12-12 Name: A web browser installed on the remote Windows host is affected by multiple vu...
File: mozilla_firefox_64_0.nasl - Type: ACT_GATHER_INFO
2018-12-11 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1384.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2831.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2832.nasl - Type: ACT_GATHER_INFO
2018-11-27 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-2885.nasl - Type: ACT_GATHER_INFO
2018-11-26 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-13.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3531.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3532.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security update.
File: debian_DLA-1575.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4337.nasl - Type: ACT_GATHER_INFO
2018-11-09 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2018-3403.nasl - Type: ACT_GATHER_INFO
2018-11-09 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201811-04.nasl - Type: ACT_GATHER_INFO
2018-11-08 Name: The remote Debian host is missing a security update.
File: debian_DLA-1571.nasl - Type: ACT_GATHER_INFO