5 - CVE-2008-0594

Executive Summary

Informations
Name	CVE-2008-0594	First vendor Publication	2008-02-08
Vendor	Cve	Last vendor Modification	2018-10-15

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0594

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17533

Oval ID:	oval:org.mitre.oval:def:17533
Title:	USN-576-1 -- firefox vulnerabilities
Description:	Various flaws were discovered in the browser and JavaScript engine.
Family:	unix	Class:	patch
Reference(s):	USN-576-1 CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0420 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10	Product(s):	firefox
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND firefox DPKG is earlier than 1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1 AND Release section Ubuntu 6.10 is installed AND firefox DPKG is earlier than 2.0.0.12+0nobinonly+2-0ubuntu0.6.10 AND Release section Ubuntu 7.04 is installed AND firefox DPKG is earlier than 2.0.0.12+1nobinonly+2-0ubuntu0.7.4 AND Release section Ubuntu 7.10 is installed AND firefox DPKG is earlier than 2.0.0.12+2nobinonly+2-0ubuntu0.7.10

Definition Id: oval:org.mitre.oval:def:18417

Oval ID:	oval:org.mitre.oval:def:18417
Title:	DSA-1485-2 icedove - several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.
Family:	unix	Class:	patch
Reference(s):	DSA-1485-2 CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	icedove
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND icedove DPKG is earlier than 1.5.0.13+1.5.0.15b.dfsg1-0etch2

Definition Id: oval:org.mitre.oval:def:18434

Oval ID:	oval:org.mitre.oval:def:18434
Title:	DSA-1489-1 iceweasel - several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.
Family:	unix	Class:	patch
Reference(s):	DSA-1489-1 CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594	Version:	7
Platform(s):	Debian GNU/Linux 4.0	Product(s):	iceweasel
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND iceweasel DPKG is earlier than 2.0.0.12-0etch1

Definition Id: oval:org.mitre.oval:def:20074

Oval ID:	oval:org.mitre.oval:def:20074
Title:	DSA-1506-1 iceape - several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite.
Family:	unix	Class:	patch
Reference(s):	DSA-1506-1 CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	iceape
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND iceape DPKG is earlier than 0:1.0.12~pre080131b-0etch1

Definition Id: oval:org.mitre.oval:def:20267

Oval ID:	oval:org.mitre.oval:def:20267
Title:	DSA-1484-1 xulrunner - several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.
Family:	unix	Class:	patch
Reference(s):	DSA-1484-1 CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	xulrunner
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND xulrunner DPKG is earlier than 0:1.8.0.15~pre080131b-0etch1

Definition Id: oval:org.mitre.oval:def:7909

Oval ID:	oval:org.mitre.oval:def:7909
Title:	DSA-1489 iceweasel -- several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor and tgirmann discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. hong and Gregory Fleischer discovered that file input focus vulnerabilities in the file upload control could allow information disclosure of local files. moz_bug_r_a4 and Boris Zbarsky discovered several vulnerabilities in JavaScript handling, which could allow privilege escalation. Justin Dolske discovered that the password storage mechanism could be abused by malicious web sites to corrupt existing saved passwords. Gerry Eisenhaur and moz_bug_r_a4 discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure. David Bloom discovered a race condition in the image handling of designMode elements, which can lead to information disclosure and potentially the execution of arbitrary code. Michal Zalewski discovered that timers protecting security-sensitive dialogs (by disabling dialog elements until a timeout is reached) could be bypassed by window focus changes through JavaScript. It was discovered that malformed content declarations of saved attachments could prevent a user from opening local files with a .txt file name, resulting in minor denial of service. Martin Straka discovered that insecure stylesheet handling during redirects could lead to information disclosure. Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing protections could be bypassed with div elements. The Mozilla products from the old stable distribution (sarge) are no longer supported with security updates.
Family:	unix	Class:	patch
Reference(s):	DSA-1489 CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	iceweasel
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section mozilla-firefox is earlier than 2.0.0.12-0etch1 AND firefox is earlier than 2.0.0.12-0etch1 AND firefox-dom-inspector is earlier than 2.0.0.12-0etch1 AND iceweasel-dom-inspector is earlier than 2.0.0.12-0etch1 AND mozilla-firefox-gnome-support is earlier than 2.0.0.12-0etch1 AND mozilla-firefox-dom-inspector is earlier than 2.0.0.12-0etch1 AND firefox-gnome-support is earlier than 2.0.0.12-0etch1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section iceweasel-gnome-support is earlier than 2.0.0.12-0etch1 AND iceweasel-dbg is earlier than 2.0.0.12-0etch1 AND iceweasel is earlier than 2.0.0.12-0etch1

Definition Id: oval:org.mitre.oval:def:7914

Oval ID:	oval:org.mitre.oval:def:7914
Title:	DSA-1485 icedove -- several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor and tgirmann discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. moz_bug_r_a4 and Boris Zbarsky discovered several vulnerabilities in JavaScript handling, which could allow privilege escalation. Gerry Eisenhaur and moz_bug_r_a4 discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure. David Bloom discovered a race condition in the image handling of designMode elements, which can lead to information disclosure and potentially the execution of arbitrary code. Michal Zalewski discovered that timers protecting security-sensitive dialogs (by disabling dialog elements until a timeout is reached) could be bypassed by window focus changes through JavaScript. The Mozilla products from the old stable distribution (sarge) are no longer supported with security updates.
Family:	unix	Class:	patch
Reference(s):	DSA-1485 CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	icedove
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section thunderbird-gnome-support is earlier than 1.5.0.13+1.5.0.15b.dfsg1-0etch2 AND thunderbird-dev is earlier than 1.5.0.13+1.5.0.15a.dfsg1-0etch2 AND mozilla-thunderbird is earlier than 1.5.0.13+1.5.0.15a.dfsg1-0etch2 AND thunderbird is earlier than 1.5.0.13+1.5.0.15b.dfsg1-0etch2 AND mozilla-thunderbird-dev is earlier than 1.5.0.13+1.5.0.15a.dfsg1-0etch2 AND mozilla-thunderbird-typeaheadfind is earlier than 1.5.0.13+1.5.0.15b.dfsg1-0etch2 AND thunderbird-dbg is earlier than 1.5.0.13+1.5.0.15a.dfsg1-0etch2 AND thunderbird-typeaheadfind is earlier than 1.5.0.13+1.5.0.15b.dfsg1-0etch2 AND mozilla-thunderbird-inspector is earlier than 1.5.0.13+1.5.0.15a.dfsg1-0etch2 AND thunderbird-inspector is earlier than 1.5.0.13+1.5.0.15a.dfsg1-0etch2 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section icedove-typeaheadfind is earlier than 1.5.0.13+1.5.0.15b.dfsg1-0etch2 AND icedove is earlier than 1.5.0.13+1.5.0.15b.dfsg1-0etch2 AND icedove-inspector is earlier than 1.5.0.13+1.5.0.15b.dfsg1-0etch2 AND icedove-dev is earlier than 1.5.0.13+1.5.0.15b.dfsg1-0etch2 AND icedove-dbg is earlier than 1.5.0.13+1.5.0.15b.dfsg1-0etch2 AND icedove-gnome-support is earlier than 1.5.0.13+1.5.0.15b.dfsg1-0etch2 OR Architecture dependent section Installed architecture is amd64 AND Packages section icedove-typeaheadfind is earlier than 1.5.0.13+1.5.0.15a.dfsg1-0etch2 AND icedove is earlier than 1.5.0.13+1.5.0.15b.dfsg1-0etch2 AND icedove-dev is earlier than 1.5.0.13+1.5.0.15a.dfsg1-0etch2 AND icedove-inspector is earlier than 1.5.0.13+1.5.0.15a.dfsg1-0etch2 AND icedove-dbg is earlier than 1.5.0.13+1.5.0.15b.dfsg1-0etch2 AND icedove-gnome-support is earlier than 1.5.0.13+1.5.0.15a.dfsg1-0etch2

Definition Id: oval:org.mitre.oval:def:8000

Oval ID:	oval:org.mitre.oval:def:8000
Title:	DSA-1484 xulrunner -- several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor and tgirmann discovered crashes in the JavaScript engine, which might allow the execution of arbitrary code. hong and Gregory Fleischer discovered that file input focus vulnerabilities in the file upload control could allow information disclosure of local files. moz_bug_r_a4 and Boris Zbarsky discovered several vulnerabilities in JavaScript handling, which could allow privilege escalation. Justin Dolske discovered that the password storage mechanism could be abused by malicious web sites to corrupt existing saved passwords. Gerry Eisenhaur and moz_bug_r_a4 discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure. David Bloom discovered a race condition in the image handling of designMode elements, which could lead to information disclosure or potentially the execution of arbitrary code. Michal Zalewski discovered that timers protecting security-sensitive dialogs (which disable dialog elements until a timeout is reached) could be bypassed by window focus changes through JavaScript. It was discovered that malformed content declarations of saved attachments could prevent a user from opening local files with a .txt file name, resulting in minor denial of service. Martin Straka discovered that insecure stylesheet handling during redirects could lead to information disclosure. Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing protections could be bypassed with div elements. The old stable distribution (sarge) doesn't contain xulrunner.
Family:	unix	Class:	patch
Reference(s):	DSA-1484 CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	xulrunner
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section libnspr4-dev is earlier than 1.8.0.15~pre080131a-0etch1 AND libmozjs-dev is earlier than 1.8.0.15~pre080131a-0etch1 AND libsmjs1 is earlier than 1.8.0.15~pre080131b-0etch1 AND libmozillainterfaces-java is earlier than 1.8.0.15~pre080131b-0etch1 AND libxul-common is earlier than 1.8.0.15~pre080131a-0etch1 AND libsmjs-dev is earlier than 1.8.0.15~pre080131a-0etch1 AND libxul-dev is earlier than 1.8.0.15~pre080131b-0etch1 AND libnss3-dev is earlier than 1.8.0.15~pre080131b-0etch1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is sparc AND Installed architecture is powerpc AND Installed architecture is i386 AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is mipsel AND Installed architecture is arm AND Packages section libxul0d is earlier than 1.8.0.15~pre080131b-0etch1 AND libnss3-0d-dbg is earlier than 1.8.0.15~pre080131b-0etch1 AND libmozjs0d-dbg is earlier than 1.8.0.15~pre080131b-0etch1 AND libnss3-0d is earlier than 1.8.0.15~pre080131b-0etch1 AND spidermonkey-bin is earlier than 1.8.0.15~pre080131b-0etch1 AND libnspr4-0d-dbg is earlier than 1.8.0.15~pre080131b-0etch1 AND xulrunner-gnome-support is earlier than 1.8.0.15~pre080131b-0etch1 AND libxul0d-dbg is earlier than 1.8.0.15~pre080131b-0etch1 AND libmozjs0d is earlier than 1.8.0.15~pre080131b-0etch1 AND xulrunner is earlier than 1.8.0.15~pre080131b-0etch1 AND libnss3-tools is earlier than 1.8.0.15~pre080131b-0etch1 AND python-xpcom is earlier than 1.8.0.15~pre080131b-0etch1 AND libnspr4-0d is earlier than 1.8.0.15~pre080131b-0etch1 OR Architecture dependent section Installed architecture is amd64 AND Packages section libxul0d is earlier than 1.8.0.15~pre080131b-0etch1 AND libnss3-0d-dbg is earlier than 1.8.0.15~pre080131a-0etch1 AND libmozjs0d-dbg is earlier than 1.8.0.15~pre080131a-0etch1 AND libnss3-0d is earlier than 1.8.0.15~pre080131b-0etch1 AND spidermonkey-bin is earlier than 1.8.0.15~pre080131b-0etch1 AND libnspr4-0d is earlier than 1.8.0.15~pre080131b-0etch1 AND libnspr4-0d-dbg is earlier than 1.8.0.15~pre080131a-0etch1 AND xulrunner-gnome-support is earlier than 1.8.0.15~pre080131a-0etch1 AND libxul0d-dbg is earlier than 1.8.0.15~pre080131b-0etch1 AND xulrunner is earlier than 1.8.0.15~pre080131b-0etch1 AND libnss3-tools is earlier than 1.8.0.15~pre080131b-0etch1 AND python-xpcom is earlier than 1.8.0.15~pre080131a-0etch1 AND libmozjs0d is earlier than 1.8.0.15~pre080131b-0etch1

Definition Id: oval:org.mitre.oval:def:8162

Oval ID:	oval:org.mitre.oval:def:8162
Title:	DSA-1506 iceape -- several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson discovered crashes in the layout engine, which might allow the execution of arbitrary code. Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown, Philip Taylor and tgirmann discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. hong and Gregory Fleischer discovered that file input focus vulnerabilities in the file upload control could allow information disclosure of local files. moz_bug_r_a4 and Boris Zbarsky discovered several vulnerabilities in Javascript handling, which could allow privilege escalation. Justin Dolske discovered that the password storage mechanism could be abused by malicious web sites to corrupt existing saved passwords. Gerry Eisenhaur and moz_bug_r_a4 discovered that a directory traversal vulnerability in chrome: URI handling could lead to information disclosure. David Bloom discovered a race condition in the image handling of designMode elements, which can lead to information disclosure and potentially the execution of arbitrary code. Michal Zalewski discovered that timers protecting security-sensitive dialogs (by disabling dialog elements until a timeout is reached) could be bypassed by window focus changes through Javascript. It was discovered that malformed content declarations of saved attachments could prevent a user in the opening local files with a .txt file name, resulting in minor denial of service. Martin Straka discovered that insecure stylesheet handling during redirects could lead to information disclosure. Emil Ljungdahl and Lars-Olof Moilanen discovered that phishing protections could be bypassed with div elements. The Mozilla products from the old stable distribution (sarge) are no longer supported with security updates.
Family:	unix	Class:	patch
Reference(s):	DSA-1506 CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	iceape
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND Packages section mozilla-js-debugger is earlier than 1.8+1.0.12~pre080131b-0etch1 AND mozilla-chatzilla is earlier than 1.8+1.0.12~pre080131b-0etch1 AND iceape is earlier than 1.0.12~pre080131b-0etch1 AND iceape-chatzilla is earlier than 1.0.12~pre080131b-0etch1 AND mozilla is earlier than 1.8+1.0.12~pre080131b-0etch1 AND mozilla-psm is earlier than 1.8+1.0.12~pre080131b-0etch1 AND mozilla-mailnews is earlier than 1.8+1.0.12~pre080131b-0etch1 AND mozilla-dom-inspector is earlier than 1.8+1.0.12~pre080131b-0etch1 AND mozilla-calendar is earlier than 1.8+1.0.12~pre080131b-0etch1 AND mozilla-browser is earlier than 1.8+1.0.12~pre080131b-0etch1 AND mozilla-dev is earlier than 1.8+1.0.12~pre080131b-0etch1 AND iceape-dev is earlier than 1.0.12~pre080131b-0etch1 AND iceape-dbg is earlier than 1.0.12~pre080131b-0etch1 AND iceape-dom-inspector is earlier than 1.0.12~pre080131b-0etch1 AND iceape-mailnews is earlier than 1.0.12~pre080131b-0etch1 AND iceape-browser is earlier than 1.0.12~pre080131b-0etch1 AND iceape-calendar is earlier than 1.0.12~pre080131b-0etch1 AND iceape-gnome-support is earlier than 1.0.12~pre080131b-0etch1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mozilla Firefox cpe:2.3:a:mozilla:firefox:2.0.0.9:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.9:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.9:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.8:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.8:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.8:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.7:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.7:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.7:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.6:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.6:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.5:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.5:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.4:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.4:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.3:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.3:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.2:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.2:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.11:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.11:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.11:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.10:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.10:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.10:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::* cpe:2.3:a:mozilla:firefox:2.0.0.1:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0.0.1:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:2.0:::::::* cpe:2.3:a:mozilla:firefox:2.0:beta1:::::: cpe:2.3:a:mozilla:firefox:2.0:beta_1:::::: cpe:2.3:a:mozilla:firefox:2.0:rc3:::::: cpe:2.3:a:mozilla:firefox:2.0:rc2:::::: cpe:2.3:a:mozilla:firefox:2.0:-:linux:::::* cpe:2.3:a:mozilla:firefox:2.0:-:~~~linux~~:::::* cpe:2.3:a:mozilla:firefox:1.8:::::::* cpe:2.3:a:mozilla:firefox:1.5.8:::::::* cpe:2.3:a:mozilla:firefox:1.5.7:::::::* cpe:2.3:a:mozilla:firefox:1.5.6:::::::* cpe:2.3:a:mozilla:firefox:1.5.5:::::::* cpe:2.3:a:mozilla:firefox:1.5.4:::::::* cpe:2.3:a:mozilla:firefox:1.5.3:::::::* cpe:2.3:a:mozilla:firefox:1.5.2:::::::* cpe:2.3:a:mozilla:firefox:1.5.1:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.9:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.8:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.7:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.6:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.5:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.4:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.3:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.2:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.12:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.11:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.10:::::::* cpe:2.3:a:mozilla:firefox:1.5.0.1:::::::* cpe:2.3:a:mozilla:firefox:1.5:-:::::: cpe:2.3:a:mozilla:firefox:1.5:beta2:::::: cpe:2.3:a:mozilla:firefox:1.5:beta1:::::: cpe:2.3:a:mozilla:firefox:1.4.1:::::::* cpe:2.3:a:mozilla:firefox:1.0.8:::::::* cpe:2.3:a:mozilla:firefox:1.0.7:::::::* cpe:2.3:a:mozilla:firefox:1.0.6:::::::* cpe:2.3:a:mozilla:firefox:1.0.6::linux::::: cpe:2.3:a:mozilla:firefox:1.0.5:::::::* cpe:2.3:a:mozilla:firefox:1.0.4:::::::* cpe:2.3:a:mozilla:firefox:1.0.3:::::::* cpe:2.3:a:mozilla:firefox:1.0.2:::::::* cpe:2.3:a:mozilla:firefox:1.0.1:::::::* cpe:2.3:a:mozilla:firefox:1.0:preview_release:::::: cpe:2.3:a:mozilla:firefox:1.0:-:::::: cpe:2.3:a:mozilla:firefox:0.9.3:::::::* cpe:2.3:a:mozilla:firefox:0.9.2:::::::* cpe:2.3:a:mozilla:firefox:0.9.1:::::::* cpe:2.3:a:mozilla:firefox:0.9_rc:::::::* cpe:2.3:a:mozilla:firefox:0.9:rc:::::: cpe:2.3:a:mozilla:firefox:0.9:::::::* cpe:2.3:a:mozilla:firefox:0.8:::::::* cpe:2.3:a:mozilla:firefox:0.7.1:::::::* cpe:2.3:a:mozilla:firefox:0.7:::::::* cpe:2.3:a:mozilla:firefox:0.6.1:::::::* cpe:2.3:a:mozilla:firefox:0.6:::::::* cpe:2.3:a:mozilla:firefox:0.5:::::::* cpe:2.3:a:mozilla:firefox:0.4:::::::* cpe:2.3:a:mozilla:firefox:0.3:::::::* cpe:2.3:a:mozilla:firefox:0.2:::::::* cpe:2.3:a:mozilla:firefox:0.10.1:::::::* cpe:2.3:a:mozilla:firefox:0.10:::::::* cpe:2.3:a:mozilla:firefox:0.1:::::::* cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:firefox:::::::x86:* cpe:2.3:a:mozilla:firefox::::::x86::* cpe:2.3:a:mozilla:firefox::::::iphone_os::* cpe:2.3:a:mozilla:firefox::::::-::* cpe:2.3:a:mozilla:firefox::::::android::* cpe:2.3:a:mozilla:firefox:::::android:::* cpe:2.3:a:mozilla:firefox:-:::::::* cpe:2.3:a:mozilla:firefox:-:::::iphone_os::	103

OpenVAS Exploits

Date	Description
2009-10-10	Name : SLES9: Security update for Mozilla File : nvt/sles9p5021982.nasl
2009-04-09	Name : Mandriva Update for mozilla-firefox MDVSA-2008:048 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_048.nasl
2009-03-23	Name : Ubuntu Update for firefox vulnerabilities USN-576-1 File : nvt/gb_ubuntu_USN_576_1.nasl
2009-02-16	Name : Fedora Update for yelp FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_yelp_fc7.nasl
2009-02-16	Name : Fedora Update for Miro FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_Miro_fc8.nasl
2009-02-16	Name : Fedora Update for blam FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_blam_fc8.nasl
2009-02-16	Name : Fedora Update for chmsee FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_chmsee_fc8.nasl
2009-02-16	Name : Fedora Update for devhelp FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_devhelp_fc8.nasl
2009-02-16	Name : Fedora Update for epiphany-extensions FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_epiphany-extensions_fc8.nasl
2009-02-16	Name : Fedora Update for epiphany FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_epiphany_fc8.nasl
2009-02-16	Name : Fedora Update for firefox FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_firefox_fc8.nasl
2009-02-16	Name : Fedora Update for galeon FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_galeon_fc8.nasl
2009-02-16	Name : Fedora Update for gnome-python2-extras FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_gnome-python2-extras_fc8.nasl
2009-02-16	Name : Fedora Update for gnome-web-photo FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_gnome-web-photo_fc8.nasl
2009-02-16	Name : Fedora Update for gtkmozembedmm FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_gtkmozembedmm_fc8.nasl
2009-02-16	Name : Fedora Update for kazehakase FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_kazehakase_fc8.nasl
2009-02-16	Name : Fedora Update for liferea FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_liferea_fc8.nasl
2009-02-16	Name : Fedora Update for openvrml FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_openvrml_fc8.nasl
2009-02-16	Name : Fedora Update for ruby-gnome2 FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_ruby-gnome2_fc8.nasl
2009-02-16	Name : Fedora Update for yelp FEDORA-2008-1535 File : nvt/gb_fedora_2008_1535_yelp_fc8.nasl
2009-02-16	Name : Fedora Update for ruby-gnome2 FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_ruby-gnome2_fc7.nasl
2009-02-16	Name : Fedora Update for Miro FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_Miro_fc7.nasl
2009-02-16	Name : Fedora Update for chmsee FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_chmsee_fc7.nasl
2009-02-16	Name : Fedora Update for devhelp FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_devhelp_fc7.nasl
2009-02-16	Name : Fedora Update for epiphany-extensions FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_epiphany-extensions_fc7.nasl
2009-02-16	Name : Fedora Update for epiphany FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_epiphany_fc7.nasl
2009-02-16	Name : Fedora Update for firefox FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_firefox_fc7.nasl
2009-02-16	Name : Fedora Update for galeon FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_galeon_fc7.nasl
2009-02-16	Name : Fedora Update for gnome-python2-extras FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_gnome-python2-extras_fc7.nasl
2009-02-16	Name : Fedora Update for gtkmozembedmm FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_gtkmozembedmm_fc7.nasl
2009-02-16	Name : Fedora Update for kazehakase FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_kazehakase_fc7.nasl
2009-02-16	Name : Fedora Update for liferea FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_liferea_fc7.nasl
2009-02-16	Name : Fedora Update for openvrml FEDORA-2008-1435 File : nvt/gb_fedora_2008_1435_openvrml_fc7.nasl
2009-01-23	Name : SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2008:008 File : nvt/gb_suse_2008_008.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200808-03 (mozilla ...) File : nvt/glsa_200808_03.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200805-18 (mozilla ...) File : nvt/glsa_200805_18.nasl
2008-09-04	Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox31.nasl
2008-03-27	Name : Debian Security Advisory DSA 1506-2 (iceape) File : nvt/deb_1506_2.nasl
2008-03-19	Name : Debian Security Advisory DSA 1485-2 (icedove) File : nvt/deb_1485_2.nasl
2008-02-28	Name : Debian Security Advisory DSA 1506-1 (iceape) File : nvt/deb_1506_1.nasl
2008-02-15	Name : Debian Security Advisory DSA 1485-1 (icedove) File : nvt/deb_1485_1.nasl
2008-02-15	Name : Debian Security Advisory DSA 1489-1 (iceweasel) File : nvt/deb_1489_1.nasl
2008-02-15	Name : Debian Security Advisory DSA 1484-1 (xulrunner) File : nvt/deb_1484_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
43226	Mozilla Firefox DIV Tag Web Forgery Warning Bypass

Nessus® Vulnerability Scanner

Date	Description
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-048.nasl - Type : ACT_GATHER_INFO
2008-08-07	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200808-03.nasl - Type : ACT_GATHER_INFO
2008-05-22	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-18.nasl - Type : ACT_GATHER_INFO
2008-03-28	Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner-5123.nasl - Type : ACT_GATHER_INFO
2008-03-28	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner-5118.nasl - Type : ACT_GATHER_INFO
2008-03-19	Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5095.nasl - Type : ACT_GATHER_INFO
2008-03-17	Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5098.nasl - Type : ACT_GATHER_INFO
2008-02-25	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_810a5197e0d911dc891a02061b08fc24.nasl - Type : ACT_GATHER_INFO
2008-02-25	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1506.nasl - Type : ACT_GATHER_INFO
2008-02-22	Name : The remote Windows host contains a web browser that is affected by multiple v... File : netscape_browser_9006.nasl - Type : ACT_GATHER_INFO
2008-02-18	Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5012.nasl - Type : ACT_GATHER_INFO
2008-02-18	Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5011.nasl - Type : ACT_GATHER_INFO
2008-02-14	Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-1535.nasl - Type : ACT_GATHER_INFO
2008-02-14	Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-1435.nasl - Type : ACT_GATHER_INFO
2008-02-14	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5001.nasl - Type : ACT_GATHER_INFO
2008-02-14	Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5002.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-576-1.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1485.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1489.nasl - Type : ACT_GATHER_INFO
2008-02-11	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1484.nasl - Type : ACT_GATHER_INFO
2008-02-08	Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20012.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/27683
BUGTRAQ	http://www.securityfocus.com/archive/1/487826/100/0/threaded http://www.securityfocus.com/archive/1/488002/100/0/threaded
CONFIRM	http://browser.netscape.com/releasenotes/ http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html http://wiki.rpath.com/Advisories:rPSA-2008-0051 http://www.mozilla.org/security/announce/2008/mfsa2008-11.html https://bugzilla.mozilla.org/show_bug.cgi?id=408164
DEBIAN	http://www.debian.org/security/2008/dsa-1484 http://www.debian.org/security/2008/dsa-1485 http://www.debian.org/security/2008/dsa-1489 http://www.debian.org/security/2008/dsa-1506
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0027... https://www.redhat.com/archives/fedora-package-announce/2008-February/msg0038...
GENTOO	http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2008:048
SECTRACK	http://www.securitytracker.com/id?1019342
SECUNIA	http://secunia.com/advisories/28864 http://secunia.com/advisories/28865 http://secunia.com/advisories/28877 http://secunia.com/advisories/28879 http://secunia.com/advisories/28924 http://secunia.com/advisories/28939 http://secunia.com/advisories/28958 http://secunia.com/advisories/29086 http://secunia.com/advisories/29567 http://secunia.com/advisories/30327 http://secunia.com/advisories/30620
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
UBUNTU	http://www.ubuntu.com/usn/usn-576-1
VUPEN	http://www.vupen.com/english/advisories/2008/0453/references http://www.vupen.com/english/advisories/2008/0627/references http://www.vupen.com/english/advisories/2008/1793/references

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-10 01:07:50	Multiple Updates
2024-02-02 01:08:13	Multiple Updates
2024-02-01 12:02:34	Multiple Updates
2023-09-05 12:07:39	Multiple Updates
2023-09-05 01:02:25	Multiple Updates
2023-09-02 12:07:46	Multiple Updates
2023-09-02 01:02:26	Multiple Updates
2023-08-12 12:09:08	Multiple Updates
2023-08-12 01:02:25	Multiple Updates
2023-08-11 12:07:49	Multiple Updates
2023-08-11 01:02:30	Multiple Updates
2023-08-06 12:07:28	Multiple Updates
2023-08-06 01:02:27	Multiple Updates
2023-08-04 12:07:34	Multiple Updates
2023-08-04 01:02:30	Multiple Updates
2023-07-14 12:07:32	Multiple Updates
2023-07-14 01:02:27	Multiple Updates
2023-03-29 01:08:31	Multiple Updates
2023-03-28 12:02:33	Multiple Updates
2022-10-11 12:06:41	Multiple Updates
2022-10-11 01:02:17	Multiple Updates
2021-05-04 12:07:04	Multiple Updates
2021-04-22 01:07:31	Multiple Updates
2020-10-14 01:03:27	Multiple Updates
2020-10-03 01:03:26	Multiple Updates
2020-05-29 01:03:09	Multiple Updates
2020-05-23 01:39:04	Multiple Updates
2020-05-23 00:21:12	Multiple Updates
2018-10-16 05:18:08	Multiple Updates
2017-11-22 12:02:32	Multiple Updates
2016-04-26 17:05:26	Multiple Updates
2014-02-17 10:43:39	Multiple Updates
2013-05-11 00:08:33	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	9
CPE ID(s)	103
Sources(s)	34
osvdb(s)	1
Openvas Exploit(s)	43
Nessus® Exploit(s)	21

	Related
9.3	USN-576-1
9.3	SUN-238492
9.3	MDVSA-2008:048
9.3	GLSA-200805-18
9.3	DSA-1506
9.3	DSA-1489
9.3	DSA-1485
9.3	DSA-1484
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 8 more Alert(s)

5 - CVE-2008-0594

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU