Executive Summary

Informations
Name CVE-2008-5913 First vendor Publication 2009-01-20
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:P/I:P/A:N)
Cvss Base Score 4.9 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5913

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11139
 
Oval ID: oval:org.mitre.oval:def:11139
Title: The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."
Description: The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack."
Family: unix Class: vulnerability
Reference(s): CVE-2008-5913
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12521
 
Oval ID: oval:org.mitre.oval:def:12521
Title: USN-930-6 -- firefox, firefox-3.0, xulrunner-1.9.2 vulnerability
Description: USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites
Family: unix Class: patch
Reference(s): USN-930-6
CVE-2010-1214
CVE-2010-2755
CVE-2010-1121
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
CVE-2010-1198
CVE-2010-1196
CVE-2010-1199
CVE-2010-1125
CVE-2010-1197
CVE-2008-5913
 Version: 5
Platform(s): Ubuntu 9.04
Ubuntu 9.10
 Product(s): firefox
firefox-3.0
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12712
 
Oval ID: oval:org.mitre.oval:def:12712
Title: USN-930-1 -- firefox, firefox-3.0, xulrunner-1.9.2 vulnerabilities
Description: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites
Family: unix Class: patch
Reference(s): USN-930-1
CVE-2010-1121
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
CVE-2010-1198
CVE-2010-1196
CVE-2010-1199
CVE-2010-1125
CVE-2010-1197
CVE-2008-5913
 Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 10.04
 Product(s): firefox
firefox-3.0
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13144
 
Oval ID: oval:org.mitre.oval:def:13144
Title: USN-930-4 -- firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities
Description: USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites
Family: unix Class: patch
Reference(s): USN-930-4
CVE-2010-1208
CVE-2010-1209
CVE-2010-1211
CVE-2010-1212
CVE-2010-1214
CVE-2010-1215
CVE-2010-2752
CVE-2010-2753
CVE-2010-1205
CVE-2010-1213
CVE-2010-1207
CVE-2010-1210
CVE-2010-1206
CVE-2010-2751
CVE-2010-0654
CVE-2010-2754
CVE-2010-1121
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
CVE-2010-1198
CVE-2010-1196
CVE-2010-1199
CVE-2010-1125
CVE-2010-1197
CVE-2008-5913
 Version: 6
Platform(s): Ubuntu 9.04
Ubuntu 9.10
 Product(s): firefox-3.0
firefox-3.5
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13237
 
Oval ID: oval:org.mitre.oval:def:13237
Title: USN-930-3 -- firefox regression
Description: USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging problem, the Firefox 3.6 update could not be installed when the firefox-2 package was also installed. This update fixes the problem and updates apturl for the change. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites
Family: unix Class: patch
Reference(s): USN-930-3
CVE-2010-1121
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
CVE-2010-1198
CVE-2010-1196
CVE-2010-1199
CVE-2010-1125
CVE-2010-1197
CVE-2008-5913
 Version: 7
Platform(s): Ubuntu 8.04
 Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13567
 
Oval ID: oval:org.mitre.oval:def:13567
Title: USN-930-2 -- apturl, epiphany-browser, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update
Description: USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on Ubuntu 8.04 LTS. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites
Family: unix Class: patch
Reference(s): USN-930-2
CVE-2010-1121
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
CVE-2010-1198
CVE-2010-1196
CVE-2010-1199
CVE-2010-1125
CVE-2010-1197
CVE-2008-5913
 Version: 7
Platform(s): Ubuntu 8.04
 Product(s): apturl
epiphany-browser
gecko-sharp
gnome-python-extras
liferea
rhythmbox
totem
ubufox
yelp
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27902
 
Oval ID: oval:org.mitre.oval:def:27902
Title: DEPRECATED: ELSA-2010-0501 -- firefox security, bug fix, and enhancement update (critical)
Description: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. A website that allows arbitrary uploads and relies on the "Content-Disposition: attachment" HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182)
Family: unix Class: patch
Reference(s): ELSA-2010-0501
CVE-2009-5017
CVE-2010-0182
CVE-2010-1121
CVE-2010-1125
CVE-2010-1196
CVE-2010-1197
CVE-2010-1198
CVE-2010-1199
CVE-2010-1200
CVE-2010-1202
CVE-2010-1203
CVE-2008-5913
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): devhelp
esc
firefox
gnome-python2-extras
totem
xulrunner
yelp
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 14
Application 59

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for devhelp CESA-2010:0501 centos5 i386
File : nvt/gb_CESA-2010_0501_devhelp_centos5_i386.nasl
2010-07-30 Name : Ubuntu Update for Firefox and Xulrunner vulnerability USN-930-6
File : nvt/gb_ubuntu_USN_930_6.nasl
2010-07-26 Name : Ubuntu Update USN-930-5
File : nvt/gb_ubuntu_USN_930_5.nasl
2010-07-26 Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-4
File : nvt/gb_ubuntu_USN_930_4.nasl
2010-07-23 Name : SuSE Update for MozillaFirefox,mozilla-xulrunner191 SUSE-SA:2010:030
File : nvt/gb_suse_2010_030.nasl
2010-07-06 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox47.nasl
2010-07-02 Name : Ubuntu Update for firefox regression USN-930-3
File : nvt/gb_ubuntu_USN_930_3.nasl
2010-07-02 Name : Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea...
File : nvt/gb_ubuntu_USN_930_2.nasl
2010-07-02 Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-1
File : nvt/gb_ubuntu_USN_930_1.nasl
2010-06-28 Name : RedHat Update for firefox RHSA-2010:0501-01
File : nvt/gb_RHSA-2010_0501-01_firefox.nasl
2010-06-25 Name : Fedora Update for gnome-web-photo FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_gnome-web-photo_fc13.nasl
2010-06-25 Name : Mandriva Update for firefox MDVSA-2010:125 (firefox)
File : nvt/gb_mandriva_MDVSA_2010_125.nasl
2010-06-25 Name : Fedora Update for seamonkey FEDORA-2010-10363
File : nvt/gb_fedora_2010_10363_seamonkey_fc13.nasl
2010-06-25 Name : Fedora Update for xulrunner FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_xulrunner_fc13.nasl
2010-06-25 Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_perl-Gtk2-MozEmbed_fc13.nasl
2010-06-25 Name : Fedora Update for mozvoikko FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_mozvoikko_fc13.nasl
2010-06-25 Name : Fedora Update for gnome-python2-extras FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_gnome-python2-extras_fc13.nasl
2010-06-25 Name : Fedora Update for galeon FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_galeon_fc13.nasl
2010-06-25 Name : Fedora Update for firefox FEDORA-2010-10361
File : nvt/gb_fedora_2010_10361_firefox_fc13.nasl
2010-06-25 Name : Fedora Update for xulrunner FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_xulrunner_fc12.nasl
2010-06-25 Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_perl-Gtk2-MozEmbed_fc12.nasl
2010-06-25 Name : Fedora Update for mozvoikko FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_mozvoikko_fc12.nasl
2010-06-25 Name : Fedora Update for gnome-web-photo FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_gnome-web-photo_fc12.nasl
2010-06-25 Name : Fedora Update for gnome-python2-extras FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_gnome-python2-extras_fc12.nasl
2010-06-25 Name : Fedora Update for galeon FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_galeon_fc12.nasl
2010-06-25 Name : Fedora Update for firefox FEDORA-2010-10344
File : nvt/gb_fedora_2010_10344_firefox_fc12.nasl
2010-06-25 Name : Fedora Update for seamonkey FEDORA-2010-10329
File : nvt/gb_fedora_2010_10329_seamonkey_fc12.nasl
2010-06-25 Name : RedHat Update for firefox RHSA-2010:0500-01
File : nvt/gb_RHSA-2010_0500-01_firefox.nasl
2010-04-29 Name : Mandriva Update for ldetect-lst MDVA-2010:125 (ldetect-lst)
File : nvt/gb_mandriva_MDVA_2010_125.nasl
2009-01-28 Name : Firefox Information Disclosure Vulnerability Jan09 (Win)
File : nvt/secpod_firefox_js_info_disc_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
53341 Mozilla Firefox JavaScript Implementation Web Site Temporary Footprint Spoofi...

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0501.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0500.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0499.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100622_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100622_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-100628.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7083.nasl - Type : ACT_GATHER_INFO
2010-09-08 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_369.nasl - Type : ACT_GATHER_INFO
2010-08-09 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0500.nasl - Type : ACT_GATHER_INFO
2010-07-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-6.nasl - Type : ACT_GATHER_INFO
2010-07-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-5.nasl - Type : ACT_GATHER_INFO
2010-07-26 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-4.nasl - Type : ACT_GATHER_INFO
2010-07-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0499.nasl - Type : ACT_GATHER_INFO
2010-07-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_MozillaFirefox-100625.nasl - Type : ACT_GATHER_INFO
2010-07-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_MozillaFirefox-100625.nasl - Type : ACT_GATHER_INFO
2010-07-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_MozillaFirefox-100628.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-10361.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-10344.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10363.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-10329.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-3.nasl - Type : ACT_GATHER_INFO
2010-06-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-1.nasl - Type : ACT_GATHER_INFO
2010-06-30 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-930-2.nasl - Type : ACT_GATHER_INFO
2010-06-25 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0501.nasl - Type : ACT_GATHER_INFO
2010-06-25 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_99858b7c7ece11dfa007000f20797ede.nasl - Type : ACT_GATHER_INFO
2010-06-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-125.nasl - Type : ACT_GATHER_INFO
2010-06-23 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0500.nasl - Type : ACT_GATHER_INFO
2010-06-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0501.nasl - Type : ACT_GATHER_INFO
2010-06-23 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : seamonkey_205.nasl - Type : ACT_GATHER_INFO
2010-06-23 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_364.nasl - Type : ACT_GATHER_INFO
2010-06-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0499.nasl - Type : ACT_GATHER_INFO
2010-06-23 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3510.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-co...
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html
http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html
http://secunia.com/advisories/40326
http://secunia.com/advisories/40401
http://secunia.com/advisories/40481
http://support.avaya.com/css/P8/documents/100091069
http://ubuntu.com/usn/usn-930-1
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=21290...
http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_wi...
http://www.mandriva.com/security/advisories?name=MDVSA-2010:125
http://www.mozilla.org/security/announce/2010/mfsa2010-33.html
http://www.redhat.com/support/errata/RHSA-2010-0500.html
http://www.redhat.com/support/errata/RHSA-2010-0501.html
http://www.securityfocus.com/bid/33276
http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf
http://www.ubuntu.com/usn/usn-930-2
http://www.vupen.com/english/advisories/2010/1551
http://www.vupen.com/english/advisories/2010/1557
http://www.vupen.com/english/advisories/2010/1592
http://www.vupen.com/english/advisories/2010/1640
http://www.vupen.com/english/advisories/2010/1773
https://bugzilla.mozilla.org/show_bug.cgi?id=475585
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2024-11-28 23:12:28
  • Multiple Updates
2024-11-28 12:17:26
  • Multiple Updates
2021-05-04 12:08:38
  • Multiple Updates
2021-04-22 01:08:59
  • Multiple Updates
2020-05-24 01:05:15
  • Multiple Updates
2020-05-23 00:22:50
  • Multiple Updates
2017-11-21 12:02:21
  • Multiple Updates
2017-09-29 09:23:54
  • Multiple Updates
2016-06-28 17:24:09
  • Multiple Updates
2016-04-26 18:12:55
  • Multiple Updates
2014-02-17 10:47:51
  • Multiple Updates
2013-05-11 00:34:12
  • Multiple Updates
2012-11-07 00:18:47
  • Multiple Updates