Summary
| Detail | |||
|---|---|---|---|
| Vendor | Mozilla | First view | 2004-08-06 |
| Product | Thunderbird | Last view | 2020-07-09 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.5 | 2020-07-09 | CVE-2020-12421 | When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
| 8.8 | 2020-07-09 | CVE-2020-12420 | When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
| 8.8 | 2020-07-09 | CVE-2020-12419 | When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
| 6.5 | 2020-07-09 | CVE-2020-12418 | Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
| 8.8 | 2020-07-09 | CVE-2020-12417 | Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. |
| 8.8 | 2020-07-09 | CVE-2020-12406 | Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. |
| 5.3 | 2020-07-09 | CVE-2020-12405 | When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. |
| 4.4 | 2020-07-09 | CVE-2020-12399 | NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. |
| 7.5 | 2020-07-09 | CVE-2020-12398 | If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0. |
| 8.8 | 2020-07-09 | CVE-2018-12371 | An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61. |
| 9.8 | 2020-05-26 | CVE-2020-6831 | A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. |
| 9.8 | 2020-05-26 | CVE-2020-12395 | Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. |
| 7.8 | 2020-05-26 | CVE-2020-12393 | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. |
| 5.5 | 2020-05-26 | CVE-2020-12392 | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. |
| 8.1 | 2020-05-26 | CVE-2020-12387 | A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. |
| 4.3 | 2020-05-22 | CVE-2020-12397 | By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. |
| 9.8 | 2020-04-24 | CVE-2020-6825 | Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. |
| 8.8 | 2020-04-24 | CVE-2020-6822 | On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in |
| 7.5 | 2020-04-24 | CVE-2020-6821 | When reading from areas partially or fully outside the source resource with WebGL's |
| 8.1 | 2020-04-24 | CVE-2020-6820 | Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. |
| 8.1 | 2020-04-24 | CVE-2020-6819 | Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. |
| 9.8 | 2020-03-25 | CVE-2020-6814 | Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. |
| 5.3 | 2020-03-25 | CVE-2020-6812 | The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. |
| 8.8 | 2020-03-25 | CVE-2020-6811 | The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. |
| 8.8 | 2020-03-25 | CVE-2020-6807 | When a device was changed while a stream was about to be destroyed, the |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 22% (170) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 14% (106) | CWE-399 | Resource Management Errors |
| 11% (90) | CWE-416 | Use After Free |
| 8% (63) | CWE-264 | Permissions, Privileges, and Access Controls |
| 7% (60) | CWE-20 | Improper Input Validation |
| 6% (47) | CWE-200 | Information Exposure |
| 5% (39) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 3% (28) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 2% (19) | CWE-189 | Numeric Errors |
| 2% (17) | CWE-787 | Out-of-bounds Write |
| 2% (17) | CWE-125 | Out-of-bounds Read |
| 1% (10) | CWE-190 | Integer Overflow or Wraparound |
| 1% (8) | CWE-269 | Improper Privilege Management |
| 0% (6) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 0% (6) | CWE-16 | Configuration |
| 0% (5) | CWE-704 | Incorrect Type Conversion or Cast |
| 0% (5) | CWE-362 | Race Condition |
| 0% (5) | CWE-346 | Origin Validation Error |
| 0% (5) | CWE-17 | Code |
| 0% (4) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 0% (4) | CWE-310 | Cryptographic Issues |
| 0% (4) | CWE-287 | Improper Authentication |
| 0% (4) | CWE-254 | Security Features |
| 0% (4) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
| 0% (4) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-7 | Blind SQL Injection |
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| CAPEC-13 | Subverting Environment Variable Values |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-26 | Leveraging Race Conditions |
| CAPEC-28 | Fuzzing |
| CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-32 | Embedding Scripts in HTTP Query Strings |
| CAPEC-42 | MIME Conversion |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-52 | Embedding NULL Bytes |
| CAPEC-53 | Postfix, Null Terminate, and Backslash |
| CAPEC-63 | Simple Script Injection |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CAPEC-66 | SQL Injection |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:3250 | Mozilla, Firefox, Thunderbird POP3 SendUidl Buffer Overflow |
| oval:org.mitre.oval:def:11042 | Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla... |
| oval:org.mitre.oval:def:9240 | Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow rem... |
| oval:org.mitre.oval:def:3603 | Mozilla, Firefox, Thunderbird Security Lock Icon Spoof Vulnerability |
| oval:org.mitre.oval:def:4403 | Mozilla, Firefox, Thunderbird XPInstall Security Vulnerability |
| oval:org.mitre.oval:def:10032 | Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow rem... |
| oval:org.mitre.oval:def:9419 | Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow rem... |
| oval:org.mitre.oval:def:2418 | Mozilla, Firefox, Thunderbird User Interface Hijacking Vulnerability |
| oval:org.mitre.oval:def:11162 | The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and... |
| oval:org.mitre.oval:def:11201 | Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Re... |
| oval:org.mitre.oval:def:10873 | Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for ... |
| oval:org.mitre.oval:def:10952 | Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the P... |
| oval:org.mitre.oval:def:11668 | The XPInstall installer in Mozilla Firefox before the Preview Release, Mozill... |
| oval:org.mitre.oval:def:9745 | Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunder... |
| oval:org.mitre.oval:def:9543 | Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to sp... |
| oval:org.mitre.oval:def:100056 | Mozilla Creates World-readable temp Files |
| oval:org.mitre.oval:def:100048 | Mozilla Thunderbird Subject to IE Vulnerabilities via javascript |
| oval:org.mitre.oval:def:11407 | Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the n... |
| oval:org.mitre.oval:def:100047 | Mozilla Mail News Cookie Security Bypass Vulnerability |
| oval:org.mitre.oval:def:9111 | The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 bef... |
| oval:org.mitre.oval:def:100040 | Mozilla String Library Memory Overwrite Vulnerability |
| oval:org.mitre.oval:def:11377 | The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 bef... |
| oval:org.mitre.oval:def:100028 | Mozilla GIF Heap Overflow |
| oval:org.mitre.oval:def:10010 | The installation confirmation dialog in Firefox before 1.0.1, Thunderbird bef... |
| oval:org.mitre.oval:def:100041 | Mozilla 'user:pass@host' Spoofing Vulnerability |
SAINT Exploits
| Description | Link |
|---|---|
| Firefox AttributeChildRemoved Use After Free | More info here |
| Mozilla Firefox document.write and DOM insertion memory corruption | More info here |
| Mozilla Firefox GIF processing buffer overflow | More info here |
| Firefox sensor.dll Insecure Library Loading | More info here |
| Mozilla Firefox onreadystatechange Event Use After Free | More info here |
| Firefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access | More info here |
| Mozilla Firefox QueryInterface method memory corruption | More info here |
| Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability | More info here |
| Firefox crypto.generateCRMFRequest command execution | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 77956 | Mozilla Multiple Product Large OGG <video> Element Handling Remote DoS |
| 77955 | Mozilla Multiple Product for Mac DOM Frame Deletion NULL Dereference Remote C... |
| 77954 | Mozilla Multiple Product SVG Animation accessKey Event Handling Disabled Java... |
| 77953 | Mozilla Multiple Product DOMAttrModified SVG Element Handling Out-of-bounds M... |
| 77952 | Mozilla Multiple Product Multiple Unspecified Remote Memory Corruption |
| 77951 | Mozilla Multiple Product YARR Regular Expression Library Javascript Parsing R... |
| 77609 | Mozilla Multiple Product CSS Token Sequence Parsing Timing Attack Remote Info... |
| 76955 | Mozilla Multiple Product NoWaiverWrappers Internal Privilege Check Weakness R... |
| 76954 | Mozilla Multiple Product WebGL GPU Memory Random Image Disclosure |
| 76953 | Mozilla Multiple Product Windows D2D Hardware Acceleration Same Origin Policy... |
| 76952 | Mozilla Multiple Product Firebug JavaScript File Profiling Remote Memory Corr... |
| 76951 | Mozilla Multiple Product Multiple Unspecified Remote Memory Corruption (2011-... |
| 76950 | Mozilla Multiple Product Unchecked Allocation Failure Remote Memory Corruption |
| 76949 | Mozilla Multiple Product SVG <mpath> Non-SVG Link Remote Memory Corruption |
| 76948 | Mozilla Multiple Product Shift-JIS XSS |
| 76947 | Mozilla Multiple Product JSSubScriptLoader loadSubScript Method XPCNativeWrap... |
| 75846 | Mozilla Multiple Product Use-after-free OGG File Handling Remote Code Execution |
| 75844 | Mozilla Multiple Product YARR Unspecified Memory Corruption |
| 75841 | Mozilla Multiple Product Enter Key Download Dialog Verification Bypass |
| 75840 | Mozilla Multiple Product PLUGINSPAGE Enter Key Addon Installation Verificatio... |
| 75839 | Mozilla Multiple Product Multiple Header Handling HTTP Response Splitting Wea... |
| 75838 | Mozilla Multiple Product window.location Named Frame Creation Same Origin Pol... |
| 75836 | Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2997) |
| 75834 | Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2995) |
| 74595 | Mozilla Multiple Products Ogg Reader Unspecified DoS |
ExploitDB Exploits
| id | Description |
|---|---|
| 34363 | Firefox toString console.time Privileged Javascript Injection |
| 30474 | Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution |
| 18531 | Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit |
| 17974 | Mozilla Firefox Array.reduceRight() Integer Overflow Exploit |
| 15342 | Firefox Memory Corruption Proof of Concept (Simplified) |
| 15104 | MOAUB #25 - Mozilla Firefox CSS font-face Remote Code Execution Vulnerability |
| 14949 | MOAUB #9 - Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability |
OpenVAS Exploits
| id | Description |
|---|---|
| 2013-09-18 | Name : Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities) File : nvt/deb_2406_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2457-2 (iceweasel - several vulnerabilities) File : nvt/deb_2457_2.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2458-2 (iceape - several vulnerabilities) File : nvt/deb_2458_2.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2513-1 (iceape - several vulnerabilities) File : nvt/deb_2513_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities) File : nvt/deb_2553_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities) File : nvt/deb_2583_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities) File : nvt/deb_2584_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2588-1 (icedove - several vulnerabilities) File : nvt/deb_2588_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,) File : nvt/gb_suse_2012_0760_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:0899-1 (MozillaFirefox) File : nvt/gb_suse_2012_0899_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaThunderbird openSUSE-SU-2012:0917-1 (MozillaThunderbird) File : nvt/gb_suse_2012_0917_1.nasl |
| 2012-12-13 | Name : SuSE Update for xulrunner openSUSE-SU-2012:0924-1 (xulrunner) File : nvt/gb_suse_2012_0924_1.nasl |
| 2012-12-13 | Name : SuSE Update for seamonkey openSUSE-SU-2012:0935-1 (seamonkey) File : nvt/gb_suse_2012_0935_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox) File : nvt/gb_suse_2012_1064_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1345-1 (MozillaFirefox) File : nvt/gb_suse_2012_1345_1.nasl |
| 2012-12-13 | Name : SuSE Update for Mozilla Suite openSUSE-SU-2012:1412-1 (Mozilla Suite) File : nvt/gb_suse_2012_1412_1.nasl |
| 2012-12-06 | Name : Fedora Update for seamonkey FEDORA-2012-18931 File : nvt/gb_fedora_2012_18931_seamonkey_fc16.nasl |
| 2012-12-06 | Name : Fedora Update for seamonkey FEDORA-2012-18952 File : nvt/gb_fedora_2012_18952_seamonkey_fc17.nasl |
| 2012-12-04 | Name : Ubuntu Update for firefox USN-1638-3 File : nvt/gb_ubuntu_USN_1638_3.nasl |
| 2012-11-26 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox72.nasl |
| 2012-11-26 | Name : Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows) File : nvt/gb_mozilla_firefox_esr_mult_vuln01_nov12_win.nasl |
| 2012-11-26 | Name : Mozilla Firefox Multiple Vulnerabilities-01 November12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln01_nov12_macosx.nasl |
| 2012-11-26 | Name : Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln01_nov12_win.nasl |
| 2012-11-26 | Name : Mozilla Firefox Multiple Vulnerabilities-02 November12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln02_nov12_macosx.nasl |
| 2012-11-26 | Name : Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln02_nov12_win.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0158 | Multiple Vulnerabilities in Oracle Java SE Severity: Category I - VMSKEY: V0061089 |
| 2014-A-0113 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0053309 |
| 2014-A-0082 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0052487 |
| 2014-A-0064 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0050011 |
| 2014-A-0043 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0046769 |
| 2014-A-0021 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0043921 |
| 2014-A-0009 | Multiple Vulnerabilities in Oracle Fusion Middleware Severity: Category I - VMSKEY: V0043395 |
| 2013-A-0233 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0042596 |
| 2013-A-0203 | Multiple Vulnerabilities in Mozilla Products Severity: Category I - VMSKEY: V0041365 |
| 2012-A-0189 | Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity: Category I - VMSKEY: V0035032 |
| 2011-A-0160 | Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity: Category I - VMSKEY: V0030769 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Mozilla regular expression heap corruption attempt RuleID : 8443 - Type : BROWSER-FIREFOX - Revision : 15 |
| 2014-01-10 | Mozilla regular expression heap corruption attempt RuleID : 8442 - Type : SMTP - Revision : 2 |
| 2014-01-10 | Mozilla GIF multipacket heap overflow - ANIMEXTS1.0 RuleID : 6503 - Type : WEB-CLIENT - Revision : 9 |
| 2014-01-10 | Mozilla GIF single packet heap overflow - ANIMEXTS1.0 RuleID : 6502 - Type : FILE-IMAGE - Revision : 15 |
| 2020-07-23 | Mozilla Firefox ReadableStreamCloseInternal out-of-bounds access attempt RuleID : 54380 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2020-07-23 | Mozilla Firefox ReadableStreamCloseInternal out-of-bounds access attempt RuleID : 54379 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2020-05-07 | Mozilla Firefox potential use after free attempt RuleID : 53581 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2020-05-07 | Mozilla Firefox potential use after free attempt RuleID : 53580 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2020-02-11 | Mozilla multiple products SharedWorker MessagePort memory corruption attempt RuleID : 52569 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2020-01-14 | IonMonkey MArraySlice buffer overflow attempt RuleID : 52431 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2020-01-14 | IonMonkey MArraySlice buffer overflow attempt RuleID : 52430 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2020-01-14 | Mozilla Firefox RemotePrompt sandbox escape attempt RuleID : 52425 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2020-01-14 | Mozilla Firefox RemotePrompt sandbox escape attempt RuleID : 52424 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2019-10-08 | Mozilla Firefox Custom Elements write-after-free attempt RuleID : 51440 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2019-10-08 | Mozilla Firefox Custom Elements write-after-free attempt RuleID : 51439 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2019-10-08 | Mozilla Thunderbird input filter bypass cross site scripting attempt RuleID : 51405 - Type : SERVER-MAIL - Revision : 1 |
| 2019-10-08 | Mozilla Firefox GeckoActiveXObject exploit attempt RuleID : 51394 - Type : BROWSER-OTHER - Revision : 2 |
| 2019-10-08 | Mozilla Firefox GeckoActiveXObject exploit attempt RuleID : 51393 - Type : BROWSER-OTHER - Revision : 2 |
| 2019-08-13 | Mozilla Firefox RemotePrompt sandbox escape attempt RuleID : 50697 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2019-08-13 | Mozilla Firefox RemotePrompt sandbox escape attempt RuleID : 50696 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2019-07-31 | Mozilla Firefox Array.prototype.pop type confusion attempt RuleID : 50519 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2019-07-31 | Mozilla Firefox Array.prototype.pop type confusion attempt RuleID : 50518 - Type : BROWSER-FIREFOX - Revision : 2 |
| 2019-05-24 | Mozilla Firefox DOMSVGLength appendItem use after free attempt RuleID : 49918 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2019-05-24 | Mozilla Firefox DOMSVGLength appendItem use after free attempt RuleID : 49917 - Type : BROWSER-FIREFOX - Revision : 1 |
| 2018-12-07 | out-of-bounds write attempt with malicious MAR file detected RuleID : 48296 - Type : FILE-OTHER - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-77fe2e20ad.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-def329f680.nasl - Type: ACT_GATHER_INFO |
| 2018-12-28 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1414.nasl - Type: ACT_GATHER_INFO |
| 2018-12-27 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2018-3831.nasl - Type: ACT_GATHER_INFO |
| 2018-12-27 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2018-3833.nasl - Type: ACT_GATHER_INFO |
| 2018-12-18 | Name: A web browser installed on the remote macOS host is affected by multiple vuln... File: macosx_firefox_62_0.nasl - Type: ACT_GATHER_INFO |
| 2018-12-14 | Name: The remote Debian host is missing a security update. File: debian_DLA-1605.nasl - Type: ACT_GATHER_INFO |
| 2018-12-13 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4354.nasl - Type: ACT_GATHER_INFO |
| 2018-12-13 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_d10b49b28d0249e8afde0844626317af.nasl - Type: ACT_GATHER_INFO |
| 2018-12-12 | Name: A web browser installed on the remote macOS host is affected by multiple vuln... File: macosx_firefox_60_4_esr.nasl - Type: ACT_GATHER_INFO |
| 2018-12-12 | Name: A web browser installed on the remote macOS host is affected by multiple vuln... File: macosx_firefox_64_0.nasl - Type: ACT_GATHER_INFO |
| 2018-12-12 | Name: A web browser installed on the remote Windows host is affected by multiple vu... File: mozilla_firefox_60_4_esr.nasl - Type: ACT_GATHER_INFO |
| 2018-12-12 | Name: A web browser installed on the remote Windows host is affected by multiple vu... File: mozilla_firefox_64_0.nasl - Type: ACT_GATHER_INFO |
| 2018-12-11 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1384.nasl - Type: ACT_GATHER_INFO |
| 2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-2831.nasl - Type: ACT_GATHER_INFO |
| 2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-2832.nasl - Type: ACT_GATHER_INFO |
| 2018-11-27 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-2885.nasl - Type: ACT_GATHER_INFO |
| 2018-11-26 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201811-13.nasl - Type: ACT_GATHER_INFO |
| 2018-11-21 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2018-3531.nasl - Type: ACT_GATHER_INFO |
| 2018-11-21 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2018-3532.nasl - Type: ACT_GATHER_INFO |
| 2018-11-13 | Name: The remote Debian host is missing a security update. File: debian_DLA-1575.nasl - Type: ACT_GATHER_INFO |
| 2018-11-13 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4337.nasl - Type: ACT_GATHER_INFO |
| 2018-11-09 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2018-3403.nasl - Type: ACT_GATHER_INFO |
| 2018-11-09 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201811-04.nasl - Type: ACT_GATHER_INFO |
| 2018-11-08 | Name: The remote Debian host is missing a security update. File: debian_DLA-1571.nasl - Type: ACT_GATHER_INFO |
