Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | New Mozilla Thunderbird packages fix several vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | DSA-1051 | First vendor Publication | 2006-05-04 |
| Vendor | Debian | Last vendor Modification | 2006-05-04 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several security related problems have been discovered in Mozilla Thunderbird. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2005-2353 The "run-mozilla.sh" script allows local users to create or overwrite arbitrary files when debugging is enabled via a symlink attack on temporary files. CVE-2005-4134 Web pages with extremely long titles cause subsequent launches of the browser to appear to "hang" for up to a few minutes, or even crash if the computer has insufficient memory. [MFSA-2006-03] CVE-2006-0292 The Javascript interpreter does not properly dereference objects, which allows remote attackers to cause a denial of service or execute arbitrary code. [MFSA-2006-01] CVE-2006-0293 The function allocation code allows attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-01] CVE-2006-0296 XULDocument.persist() did not validate the attribute name, allowing an attacker to inject arbitrary XML and JavaScript code into localstore.rdf that would be read and acted upon during startup. [MFSA-2006-05] CVE-2006-0748 An anonymous researcher for TippingPoint and the Zero Day Initiative reported that an invalid and nonsensical ordering of table-related tags can be exploited to execute arbitrary code. [MFSA-2006-27] CVE-2006-0749 A particular sequence of HTML tags can cause memory corruption that can be exploited to exectute arbitary code. [MFSA-2006-18] CVE-2006-0884 Georgi Guninski reports that forwarding mail in-line while using the default HTML "rich mail" editor will execute JavaScript embedded in the e-mail message with full privileges of the client. [MFSA-2006-21] CVE-2006-1045 The HTML rendering engine does not properly block external images from inline HTML attachments when "Block loading of remote images in mail messages" is enabled, which could allow remote attackers to obtain sensitive information. [MFSA-2006-26] CVE-2006-1529 A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary. [MFSA-2006-20] CVE-2006-1530 A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary. [MFSA-2006-20] CVE-2006-1531 A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary. [MFSA-2006-20] CVE-2006-1723 A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary. [MFSA-2006-20] CVE-2006-1724 A vulnerability potentially allows remote attackers to cause a denial of service and possibly execute arbitrary. [MFSA-2006-20] CVE-2006-1727 Georgi Guninski reported two variants of using scripts in an XBL control to gain chrome privileges when the page is viewed under "Print Preview".under "Print Preview". [MFSA-2006-25] CVE-2006-1728 "shutdown" discovered that the crypto.generateCRMFRequest method can be used to run arbitrary code with the privilege of the user running the browser, which could enable an attacker to install malware. [MFSA-2006-24] CVE-2006-1729 Claus Jørgensen reported that a text input box can be pre-filled with a filename and then turned into a file-upload control, allowing a malicious website to steal any local file whose name they can guess. [MFSA-2006-23] CVE-2006-1730 An anonymous researcher for TippingPoint and the Zero Day Initiative discovered an integer overflow triggered by the CSS letter-spacing property, which could be exploited to execute arbitrary code. [MFSA-2006-22] CVE-2006-1731 "moz_bug_r_a4" discovered that some internal functions return prototypes instead of objects, which allows remote attackers to conduct cross-site scripting attacks. [MFSA-2006-19] CVE-2006-1732 "shutdown" discovered that it is possible to bypass same-origin protections, allowing a malicious site to inject script into content from another site, which could allow the malicious page to steal information such as cookies or passwords from the other site, or perform transactions on the user's behalf if the user were already logged in. [MFSA-2006-17] CVE-2006-1733 "moz_bug_r_a4" discovered that the compilation scope of privileged built-in XBL bindings is not fully protected from web content and can still be executed which could be used to execute arbitrary JavaScript, which could allow an attacker to install malware such as viruses and password sniffers. [MFSA-2006-16] CVE-2006-1734 "shutdown" discovered that it is possible to access an internal function object which could then be used to run arbitrary JavaScriptcode with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-15] CVE-2006-1735 It is possible to create JavaScript functions that would get compiled with the wrong privileges, allowing an attacker to run code of their choice with full permissions of the user running the browser, which could be used to install spyware or viruses. [MFSA-2006-14] CVE-2006-1736 It is possible to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable. [MFSA-2006-13] CVE-2006-1737 An integer overflow allows remote attackers to cause a denial of service and possibly execute arbitrary bytecode via JavaScript with a large regular expression. [MFSA-2006-11] CVE-2006-1738 An unspecified vulnerability allows remote attackers to cause a denial of service. [MFSA-2006-11] CVE-2006-1739 Certain Cascading Style Sheets (CSS) can cause an out-of-bounds array write and buffer overflow that could lead to a denial of service and the possible execution of arbitrary code. [MFSA-2006-11] CVE-2006-1740 It is possible for remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. [MFSA-2006-12] CVE-2006-1741 "shutdown" discovered that it is possible to inject arbitrary JavaScript code into a page on another site using a modal alert to suspend an event handler while a new page is being loaded. This could be used to steal confidential information. [MFSA-2006-09] CVE-2006-1742 Igor Bukanov discovered that the JavaScript engine does not properly handle temporary variables, which might allow remote attackers to trigger operations on freed memory and cause memory corruption, causing memory corruption. [MFSA-2006-10] CVE-2006-1790 A regression fix that could lead to memory corruption allows remote attackers to cause a denial of service and possibly execute arbitrary code. [MFSA-2006-11] For the stable distribution (sarge) these problems have been fixed in version 1.0.2-2.sarge1.0.8. For the unstable distribution (sid) these problems have been fixed in version 1.5.0.2-1 of thunderbird. We recommend that you upgrade your Mozilla Thunderbird packages. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-1051 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 25 % | CWE-399 | Resource Management Errors |
| 17 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 17 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 17 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 17 % | CWE-20 | Improper Input Validation |
| 8 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10254 | |||
| Oval ID: | oval:org.mitre.oval:def:10254 | ||
| Title: | The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed. | ||
| Description: | The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-1045 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:1037 | |||
| Oval ID: | oval:org.mitre.oval:def:1037 | ||
| Title: | Mozilla Privilege Escalation via XBL.method.eval | ||
| Description: | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1735 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10815 | |||
| Oval ID: | oval:org.mitre.oval:def:10815 | ||
| Title: | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain." | ||
| Description: | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-1733 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1087 | |||
| Oval ID: | oval:org.mitre.oval:def:1087 | ||
| Title: | Mozilla JavaScript Garbage-collection Hazard Audit | ||
| Description: | The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1742 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11382 | |||
| Oval ID: | oval:org.mitre.oval:def:11382 | ||
| Title: | Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue. | ||
| Description: | Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-4134 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1189 | |||
| Oval ID: | oval:org.mitre.oval:def:1189 | ||
| Title: | Mozilla Table Rebuilding Code Execution Vulnerability | ||
| Description: | Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-0748 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1247 | |||
| Oval ID: | oval:org.mitre.oval:def:1247 | ||
| Title: | Mozilla Privilege Escalation Using a JavaScript Function's Cloned Parent | ||
| Description: | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1734 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1266 | |||
| Oval ID: | oval:org.mitre.oval:def:1266 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (Firefox Regression Fix) | ||
| Description: | A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1790 | Version: | 2 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1493 | |||
| Oval ID: | oval:org.mitre.oval:def:1493 | ||
| Title: | Mozilla XML Attribute Name Validation Vulnerability | ||
| Description: | The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-0296 | Version: | 4 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1494 | |||
| Oval ID: | oval:org.mitre.oval:def:1494 | ||
| Title: | Mozilla JavaScript Garbage-Collection Hazards in jsfun.c | ||
| Description: | The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-0293 | Version: | 4 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1548 | |||
| Oval ID: | oval:org.mitre.oval:def:1548 | ||
| Title: | Mozilla Downloading Executables with "Save Image As..." | ||
| Description: | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1736 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1574 | |||
| Oval ID: | oval:org.mitre.oval:def:1574 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1723) | ||
| Description: | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1723 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1614 | |||
| Oval ID: | oval:org.mitre.oval:def:1614 | ||
| Title: | Mozilla CSS Letter-Spacing Heap Overflow Vulnerability | ||
| Description: | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1730 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1619 | |||
| Oval ID: | oval:org.mitre.oval:def:1619 | ||
| Title: | Mozilla Firefox History File Buffer Overflow | ||
| Description: | Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2005-4134 | Version: | 4 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1649 | |||
| Oval ID: | oval:org.mitre.oval:def:1649 | ||
| Title: | Mozilla Privilege Escalation through Print Preview | ||
| Description: | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview". | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1727 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1667 | |||
| Oval ID: | oval:org.mitre.oval:def:1667 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (CSS BO) | ||
| Description: | The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1739 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1687 | |||
| Oval ID: | oval:org.mitre.oval:def:1687 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (moz-grid) | ||
| Description: | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1738 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1698 | |||
| Oval ID: | oval:org.mitre.oval:def:1698 | ||
| Title: | Mozilla Privilege Escalation Using crypto.generateCRMFRequest | ||
| Description: | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1728 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1811 | |||
| Oval ID: | oval:org.mitre.oval:def:1811 | ||
| Title: | Mozilla Secure-site Spoof (requires security warning dialog) | ||
| Description: | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1740 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1829 | |||
| Oval ID: | oval:org.mitre.oval:def:1829 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (RegEx) | ||
| Description: | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1737 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1848 | |||
| Oval ID: | oval:org.mitre.oval:def:1848 | ||
| Title: | Mozilla Mozilla Firefox Tag Order Vulnerability | ||
| Description: | nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-0749 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1855 | |||
| Oval ID: | oval:org.mitre.oval:def:1855 | ||
| Title: | Mozilla Cross-site JavaScript Injection Using Event Handlers | ||
| Description: | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1741 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1887 | |||
| Oval ID: | oval:org.mitre.oval:def:1887 | ||
| Title: | Mozilla Cross-site Scripting through window.controllers | ||
| Description: | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1732 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1901 | |||
| Oval ID: | oval:org.mitre.oval:def:1901 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1724) | ||
| Description: | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1724 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1903 | |||
| Oval ID: | oval:org.mitre.oval:def:1903 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1530) | ||
| Description: | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1530 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1929 | |||
| Oval ID: | oval:org.mitre.oval:def:1929 | ||
| Title: | Mozilla File Stealing by Changing Input Type | ||
| Description: | Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1729 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1947 | |||
| Oval ID: | oval:org.mitre.oval:def:1947 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1529) | ||
| Description: | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1529 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1955 | |||
| Oval ID: | oval:org.mitre.oval:def:1955 | ||
| Title: | Mozilla Cross-site Scripting Using .valueOf.call() | ||
| Description: | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1731 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1975 | |||
| Oval ID: | oval:org.mitre.oval:def:1975 | ||
| Title: | Mozilla Mail Multiple Information Disclosure | ||
| Description: | The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1045 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:2020 | |||
| Oval ID: | oval:org.mitre.oval:def:2020 | ||
| Title: | Mozilla Accessing XBL Compilation Scope via valueOf.call() | ||
| Description: | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1733 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:2023 | |||
| Oval ID: | oval:org.mitre.oval:def:2023 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1531) | ||
| Description: | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1531 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:2024 | |||
| Oval ID: | oval:org.mitre.oval:def:2024 | ||
| Title: | Mozilla JavaScript Execution in Mail When Forwarding In-line | ||
| Description: | The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-0884 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:670 | |||
| Oval ID: | oval:org.mitre.oval:def:670 | ||
| Title: | Mozilla JavaScript Garbage-Collection Hazards in jsinterp.c | ||
| Description: | The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-0292 | Version: | 4 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9167 | |||
| Oval ID: | oval:org.mitre.oval:def:9167 | ||
| Title: | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". | ||
| Description: | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-1741 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for Mozilla suite File : nvt/sles9p5019559.nasl |
| 2009-05-05 | Name : HP-UX Update for Thunderbird HPSBUX02156 File : nvt/gb_hp_ux_HPSBUX02156.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox) File : nvt/glsa_200604_12.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200604-18 (mozilla) File : nvt/glsa_200604_18.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird) File : nvt/glsa_200605_09.nasl |
| 2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox22.nasl |
| 2008-09-04 | Name : FreeBSD Ports: thunderbird, mozilla-thunderbird File : nvt/freebsd_thunderbird6.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1044-1 (mozilla-firefox) File : nvt/deb_1044_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1046-1 (mozilla) File : nvt/deb_1046_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1051-1 (mozilla-thunderbird) File : nvt/deb_1051_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1118-1 (mozilla) File : nvt/deb_1118_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1120-1 (mozilla-firefox) File : nvt/deb_1120_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1134-1 (mozilla-thunderbird) File : nvt/deb_1134_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 24947 | Mozilla Multiple Products Crafted Table Tag Arbitrary Code Execution |
| 24681 | Mozilla Thunderbird Remote Image Block Bypass |
| 24680 | Mozilla Multiple Products XBL Control Print Preview Privilege Escalation |
| 24679 | Mozilla Multiple Products crypto.generateCRMFRequest Method Arbitrary Code Ex... |
| 24678 | Mozilla Multiple Products Text Box Arbitrary File Access |
| 24677 | Mozilla Multiple Products CSS letter-spacing Property Overflow |
| 24676 | Mozilla Multiple Products DHTML Unspecified Memory Corruption (327941) |
| 24675 | Mozilla Multiple Products DHTML Unspecified Memory Corruption (326834) |
| 24674 | Mozilla Multiple Products DHTML Unspecified Memory Corruption (326615) |
| 24673 | Mozilla Multiple Products DHTML Unspecified Memory Corruption (315254) |
| 24672 | Mozilla Multiple Products DHTML Unspecified Memory Corruption (282105) |
| 24671 | Mozilla Multiple Products .valueOf.call() / .valueOf.apply() Same-origin Bypass |
| 24670 | Mozilla Multiple Products nsHTMLContentSink.cpp Crafted HTML Memory Corruption |
| 24669 | Mozilla Multiple Products window.controllers Array Same-origin Bypass |
| 24668 | Mozilla Multiple Products XBL Binding Multiple Method Privilege Escalation |
| 24667 | Mozilla Multiple Products Object.watch Method Arbitrary Code Execution |
| 24666 | Mozilla Multiple Products XBL.method.eval Javascript Function Privilege Escal... |
| 24665 | Mozilla Multiple Products Transparent Image Link Arbitrary File Download |
| 24664 | Mozilla Multiple Products Popup Window Trusted Site Spoofing |
| 24663 | Mozilla Multiple Products InstallTrigger.install() Method Memory Corruption |
| 24662 | Mozilla Multiple Products -moz-grid* Modification DoS |
| 24661 | Mozilla Multiple Products Javascript Regular Expression Parsing Overflow |
| 24660 | Mozilla Multiple Products CSS border-rendering Code Crafted CSS Memory Corrup... |
| 24659 | Mozilla Multiple Products Javascript Engine garbage-collection Temporary Vari... |
| 24658 | Mozilla Multiple Products Modal Alert Suspended Handler XSS |
| 23653 | Mozilla Thunderbird Mail Content iframe src Validation Failure XSS Mozilla Suite, Mozilla Seamonkey and Mozilla Thunderbird contain a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the javascript content of an email upon forwarding it to another email receipient. This could allow a user to create a specially crafted email that would execute arbitrary code in a user's browser with user privileges without security restrictions, leading to a loss of integrity. |
| 22894 | Mozilla Multiple Products XULDocument.persist() Function Localstore.rdf XML I... |
| 22892 | Mozilla Multiple Products Web Page Title Processing Overflow DoS |
| 22890 | Mozilla Multiple Products JavaScript Engine Crafted Object Memory Corruption |
| 21533 | Multiple Browser Large History Entry DoS |
| 13625 | Mozilla Firefox run-mozilla.sh Arbitrary File Overwrite Mozilla Firefox contains a flaw that may allow a malicious user to perform arbitrary file overwrites. The issue is triggered when a user runs the 'run-mozilla.sh' script within '/usr/lib/mozilla' with debugging enabled. It is possible that the flaw may allow a local attacker to create a symlink from a critical file to one of the temporary files which the script uses which may allow the symlink file to be overwritten with the priveleges of the target user resulting in a loss of integrity. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-12-29 | Mozilla products CSS rendering out-of-bounds array write attempt RuleID : 44991 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2017-08-23 | Mozilla Firefox multiple vulnerabilities memory corruption attempt RuleID : 43642 - Revision : 4 - Type : BROWSER-FIREFOX |
| 2016-03-14 | Mozilla Firefox Javascript large regex memory corruption attempt RuleID : 36789 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Object.watch parent access attempt RuleID : 20739 - Revision : 5 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla XBL.method memory corruption attempt RuleID : 20730 - Revision : 6 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla XBL object init code execution attempt RuleID : 20729 - Revision : 7 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox Javascript large regex memory corruption attempt RuleID : 18298 - Revision : 7 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox InstallTrigger.install memory corruption attempt RuleID : 18187 - Revision : 6 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla products -moz-grid and -moz-grid-group display styles code execution ... RuleID : 18186 - Revision : 6 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla products CSS rendering out-of-bounds array write attempt RuleID : 18078 - Revision : 7 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla products CSS rendering out-of-bounds array write attempt RuleID : 18077 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox tag order memory corruption attempt RuleID : 17581 - Revision : 13 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox tag order memory corruption attempt RuleID : 16050 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox CSS Letter-Spacing overflow attempt RuleID : 16044 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt RuleID : 16038 - Revision : 8 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-12-21 | Name : A web browser on the remote host is prone to multiple flaws. File : mozilla_firefox_108.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-323-1.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-296-1.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-296-2.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-1585.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris9_120671.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris8_120671.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-487.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-488.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-489.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-490.nasl - Type : ACT_GATHER_INFO |
| 2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris9_x86_120672.nasl - Type : ACT_GATHER_INFO |
| 2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris8_x86_120672.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 119116-35 File : solaris10_x86_119116.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 119115-36 File : solaris10_119115.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1051.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1118.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1120.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1134.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1046.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1044.nasl - Type : ACT_GATHER_INFO |
| 2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0200.nasl - Type : ACT_GATHER_INFO |
| 2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0328.nasl - Type : ACT_GATHER_INFO |
| 2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0330.nasl - Type : ACT_GATHER_INFO |
| 2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0199.nasl - Type : ACT_GATHER_INFO |
| 2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0329.nasl - Type : ACT_GATHER_INFO |
| 2006-05-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200605-09.nasl - Type : ACT_GATHER_INFO |
| 2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_61349f77c62011dab2fb000e0c2e438a.nasl - Type : ACT_GATHER_INFO |
| 2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_84630f4acd8c11dab7b9000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
| 2006-05-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200604-18.nasl - Type : ACT_GATHER_INFO |
| 2006-05-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-276-1.nasl - Type : ACT_GATHER_INFO |
| 2006-04-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-275-1.nasl - Type : ACT_GATHER_INFO |
| 2006-04-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200604-12.nasl - Type : ACT_GATHER_INFO |
| 2006-04-26 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_021.nasl - Type : ACT_GATHER_INFO |
| 2006-04-26 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-075.nasl - Type : ACT_GATHER_INFO |
| 2006-04-26 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0330.nasl - Type : ACT_GATHER_INFO |
| 2006-04-26 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-078.nasl - Type : ACT_GATHER_INFO |
| 2006-04-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0329.nasl - Type : ACT_GATHER_INFO |
| 2006-04-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-271-1.nasl - Type : ACT_GATHER_INFO |
| 2006-04-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-410.nasl - Type : ACT_GATHER_INFO |
| 2006-04-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-411.nasl - Type : ACT_GATHER_INFO |
| 2006-04-17 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0328.nasl - Type : ACT_GATHER_INFO |
| 2006-04-14 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_101.nasl - Type : ACT_GATHER_INFO |
| 2006-04-14 | Name : A web browser on the remote host is prone to multiple flaws. File : mozilla_firefox_1502.nasl - Type : ACT_GATHER_INFO |
| 2006-03-06 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-052.nasl - Type : ACT_GATHER_INFO |
| 2006-02-10 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-037.nasl - Type : ACT_GATHER_INFO |
| 2006-02-05 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0200.nasl - Type : ACT_GATHER_INFO |
| 2006-02-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-076.nasl - Type : ACT_GATHER_INFO |
| 2006-02-05 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-075.nasl - Type : ACT_GATHER_INFO |
| 2006-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0199.nasl - Type : ACT_GATHER_INFO |
| 2006-02-05 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_10.nasl - Type : ACT_GATHER_INFO |
| 2006-02-04 | Name : A web browser on the remote host is prone to multiple flaws. File : mozilla_firefox_1501.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-157-1.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-174.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-173.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:25:45 |
|
| 2013-05-11 12:16:51 |
|
