Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Mozilla Products: Multiple vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | GLSA-201301-01 | First vendor Publication | 2013-01-08 |
| Vendor | Gentoo | Last vendor Modification | 2013-01-08 |
| Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Synopsis Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. Background Description Impact A local attacker could gain escalated privileges, obtain sensitive information, or replace an arbitrary downloaded file. Workaround Resolution All users of the Mozilla Firefox binary package should upgrade to the latest version: All Mozilla Thunderbird users should upgrade to the latest version: All users of the Mozilla Thunderbird binary package should upgrade to the latest version: All Mozilla SeaMonkey users should upgrade to the latest version: All users of the Mozilla SeaMonkey binary package should upgrade to the latest version: All NSS users should upgrade to the latest version: The "www-client/mozilla-firefox" package has been merged into the The "www-client/mozilla-firefox-bin" package has been merged into the The "mail-client/mozilla-thunderbird" package has been merged into the The "mail-client/mozilla-thunderbird-bin" package has been merged into the "mail-client/thunderbird-bin" package. To upgrade, please unmerge Gentoo discontinued support for GNU IceCat. We recommend that users unmerge GNU IceCat: Gentoo discontinued support for XULRunner. We recommend that users unmerge XULRunner: Gentoo discontinued support for the XULRunner binary package. We recommend that users unmerge XULRunner: References http://blog.mozilla.org/security/2011/03/22/firefox-blocking-fraudulent-certificates/ Availability http://security.gentoo.org/glsa/glsa-201301-01.xml |
Original Source
| Url : http://security.gentoo.org/glsa/glsa-201301-01.xml |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-26 | Leveraging Race Conditions |
| CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
| CAPEC-172 | Time and State Attacks |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 19 % | CWE-399 | Resource Management Errors |
| 15 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 12 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 10 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 8 % | CWE-200 | Information Exposure |
| 7 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 7 % | CWE-20 | Improper Input Validation |
| 7 % | CWE-416 | Use After Free |
| 5 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 2 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
| 2 % | CWE-310 | Cryptographic Issues |
| 2 % | CWE-16 | Configuration |
| 1 % | CWE-362 | Race Condition |
| 1 % | CWE-287 | Improper Authentication |
| 1 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
| 1 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
| 1 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
| 1 % | CWE-295 | Certificate Issues |
| 0 % | CWE-682 | Incorrect Calculation |
| 0 % | CWE-426 | Untrusted Search Path |
| 0 % | CWE-346 | Origin Validation Error |
| 0 % | CWE-326 | Inadequate Encryption Strength |
| 0 % | CWE-269 | Improper Privilege Management |
| 0 % | CWE-255 | Credentials Management |
| 0 % | CWE-125 | Out-of-bounds Read |
| 0 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
| 0 % | CWE-91 | XML Injection (aka Blind XPath Injection) |
| 0 % | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
| 0 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10030 | |||
| Oval ID: | oval:org.mitre.oval:def:10030 | ||
| Title: | Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation. | ||
| Description: | Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2469 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10047 | |||
| Oval ID: | oval:org.mitre.oval:def:10047 | ||
| Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||
| Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3983 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10088 | |||
| Oval ID: | oval:org.mitre.oval:def:10088 | ||
| Title: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10106 | |||
| Oval ID: | oval:org.mitre.oval:def:10106 | ||
| Title: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
| Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1302 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10110 | |||
| Oval ID: | oval:org.mitre.oval:def:10110 | ||
| Title: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1305 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10150 | |||
| Oval ID: | oval:org.mitre.oval:def:10150 | ||
| Title: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
| Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1306 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10197 | |||
| Oval ID: | oval:org.mitre.oval:def:10197 | ||
| Title: | Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply. | ||
| Description: | Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2470 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10206 | |||
| Oval ID: | oval:org.mitre.oval:def:10206 | ||
| Title: | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp. | ||
| Description: | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-4062 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10237 | |||
| Oval ID: | oval:org.mitre.oval:def:10237 | ||
| Title: | Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." | ||
| Description: | Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1832 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10349 | |||
| Oval ID: | oval:org.mitre.oval:def:10349 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3072 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10369 | |||
| Oval ID: | oval:org.mitre.oval:def:10369 | ||
| Title: | Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows. | ||
| Description: | Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2463 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10386 | |||
| Oval ID: | oval:org.mitre.oval:def:10386 | ||
| Title: | The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. | ||
| Description: | The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-1125 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10390 | |||
| Oval ID: | oval:org.mitre.oval:def:10390 | ||
| Title: | Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. | ||
| Description: | Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3079 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10401 | |||
| Oval ID: | oval:org.mitre.oval:def:10401 | ||
| Title: | The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp. | ||
| Description: | The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-1203 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10402 | |||
| Oval ID: | oval:org.mitre.oval:def:10402 | ||
| Title: | Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function. | ||
| Description: | Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2465 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10428 | |||
| Oval ID: | oval:org.mitre.oval:def:10428 | ||
| Title: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. | ||
| Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1308 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10436 | |||
| Oval ID: | oval:org.mitre.oval:def:10436 | ||
| Title: | Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters. | ||
| Description: | Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1834 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10440 | |||
| Oval ID: | oval:org.mitre.oval:def:10440 | ||
| Title: | content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. | ||
| Description: | content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3375 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10443 | |||
| Oval ID: | oval:org.mitre.oval:def:10443 | ||
| Title: | Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies. | ||
| Description: | Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5505 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10446 | |||
| Oval ID: | oval:org.mitre.oval:def:10446 | ||
| Title: | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||
| Description: | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1313 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10460 | |||
| Oval ID: | oval:org.mitre.oval:def:10460 | ||
| Title: | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. | ||
| Description: | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0178 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10473 | |||
| Oval ID: | oval:org.mitre.oval:def:10473 | ||
| Title: | Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object. | ||
| Description: | Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2467 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10491 | |||
| Oval ID: | oval:org.mitre.oval:def:10491 | ||
| Title: | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0773 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10572 | |||
| Oval ID: | oval:org.mitre.oval:def:10572 | ||
| Title: | The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper. | ||
| Description: | The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2471 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10610 | |||
| Oval ID: | oval:org.mitre.oval:def:10610 | ||
| Title: | Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. | ||
| Description: | Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0358 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10628 | |||
| Oval ID: | oval:org.mitre.oval:def:10628 | ||
| Title: | Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. | ||
| Description: | Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1837 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10684 | |||
| Oval ID: | oval:org.mitre.oval:def:10684 | ||
| Title: | Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Description: | Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3373 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10697 | |||
| Oval ID: | oval:org.mitre.oval:def:10697 | ||
| Title: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
| Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0162 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10698 | |||
| Oval ID: | oval:org.mitre.oval:def:10698 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3071 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10750 | |||
| Oval ID: | oval:org.mitre.oval:def:10750 | ||
| Title: | Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. | ||
| Description: | Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5012 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10751 | |||
| Oval ID: | oval:org.mitre.oval:def:10751 | ||
| Title: | Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. | ||
| Description: | Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2408 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10773 | |||
| Oval ID: | oval:org.mitre.oval:def:10773 | ||
| Title: | Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. | ||
| Description: | Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0171 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10805 | |||
| Oval ID: | oval:org.mitre.oval:def:10805 | ||
| Title: | Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing. | ||
| Description: | Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0163 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10833 | |||
| Oval ID: | oval:org.mitre.oval:def:10833 | ||
| Title: | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability." | ||
| Description: | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0177 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10871 | |||
| Oval ID: | oval:org.mitre.oval:def:10871 | ||
| Title: | Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. | ||
| Description: | Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3078 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10889 | |||
| Oval ID: | oval:org.mitre.oval:def:10889 | ||
| Title: | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-1202 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10906 | |||
| Oval ID: | oval:org.mitre.oval:def:10906 | ||
| Title: | The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition. | ||
| Description: | The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2462 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10924 | |||
| Oval ID: | oval:org.mitre.oval:def:10924 | ||
| Title: | Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. | ||
| Description: | Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-1121 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10933 | |||
| Oval ID: | oval:org.mitre.oval:def:10933 | ||
| Title: | Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." | ||
| Description: | Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-4070 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10939 | |||
| Oval ID: | oval:org.mitre.oval:def:10939 | ||
| Title: | Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | ||
| Description: | Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1311 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10956 | |||
| Oval ID: | oval:org.mitre.oval:def:10956 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3979 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10958 | |||
| Oval ID: | oval:org.mitre.oval:def:10958 | ||
| Title: | Mozilla Firefox, Thunderbird, and SeaMonkey 'nsTreeSelection' Remote Code Execution Vulnerability | ||
| Description: | Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2753 | Version: | 25 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10972 | |||
| Oval ID: | oval:org.mitre.oval:def:10972 | ||
| Title: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
| Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1307 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10977 | |||
| Oval ID: | oval:org.mitre.oval:def:10977 | ||
| Title: | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. | ||
| Description: | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3372 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10993 | |||
| Oval ID: | oval:org.mitre.oval:def:10993 | ||
| Title: | Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. | ||
| Description: | Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3379 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11052 | |||
| Oval ID: | oval:org.mitre.oval:def:11052 | ||
| Title: | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." | ||
| Description: | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0176 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11055 | |||
| Oval ID: | oval:org.mitre.oval:def:11055 | ||
| Title: | Mozilla Firefox and SeaMonkey 'NodeIterator' Use-after-free Vulnerability | ||
| Description: | Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1209 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11063 | |||
| Oval ID: | oval:org.mitre.oval:def:11063 | ||
| Title: | Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. | ||
| Description: | Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5015 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11080 | |||
| Oval ID: | oval:org.mitre.oval:def:11080 | ||
| Title: | The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. | ||
| Description: | The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1838 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11138 | |||
| Oval ID: | oval:org.mitre.oval:def:11138 | ||
| Title: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | ||
| Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0774 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11139 | |||
| Oval ID: | oval:org.mitre.oval:def:11139 | ||
| Title: | The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." | ||
| Description: | The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5913 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11151 | |||
| Oval ID: | oval:org.mitre.oval:def:11151 | ||
| Title: | Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames. | ||
| Description: | Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-4063 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11166 | |||
| Oval ID: | oval:org.mitre.oval:def:11166 | ||
| Title: | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Description: | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0160 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11174 | |||
| Oval ID: | oval:org.mitre.oval:def:11174 | ||
| Title: | Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. | ||
| Description: | Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2404 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11219 | |||
| Oval ID: | oval:org.mitre.oval:def:11219 | ||
| Title: | layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Description: | layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3382 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11222 | |||
| Oval ID: | oval:org.mitre.oval:def:11222 | ||
| Title: | Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. | ||
| Description: | Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0777 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11227 | |||
| Oval ID: | oval:org.mitre.oval:def:11227 | ||
| Title: | Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | ||
| Description: | Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1571 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11314 | |||
| Oval ID: | oval:org.mitre.oval:def:11314 | ||
| Title: | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | ||
| Description: | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0771 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11365 | |||
| Oval ID: | oval:org.mitre.oval:def:11365 | ||
| Title: | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3075 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11368 | |||
| Oval ID: | oval:org.mitre.oval:def:11368 | ||
| Title: | Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. | ||
| Description: | Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1044 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11372 | |||
| Oval ID: | oval:org.mitre.oval:def:11372 | ||
| Title: | The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. | ||
| Description: | The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1169 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11391 | |||
| Oval ID: | oval:org.mitre.oval:def:11391 | ||
| Title: | The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching. | ||
| Description: | The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0169 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11396 | |||
| Oval ID: | oval:org.mitre.oval:def:11396 | ||
| Title: | The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected. | ||
| Description: | The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0652 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11423 | |||
| Oval ID: | oval:org.mitre.oval:def:11423 | ||
| Title: | The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings. | ||
| Description: | The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5503 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11424 | |||
| Oval ID: | oval:org.mitre.oval:def:11424 | ||
| Title: | Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. | ||
| Description: | Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-1196 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11487 | |||
| Oval ID: | oval:org.mitre.oval:def:11487 | ||
| Title: | The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1833 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11492 | |||
| Oval ID: | oval:org.mitre.oval:def:11492 | ||
| Title: | Mozilla Multiple Products SafeJSObjectWrapper XPCSafeJSObjectWrapper Class Chrome Privileged Object Arbitrary JavaScript Code Execution | ||
| Description: | The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2762 | Version: | 18 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11517 | |||
| Oval ID: | oval:org.mitre.oval:def:11517 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3174 | Version: | 22 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11519 | |||
| Oval ID: | oval:org.mitre.oval:def:11519 | ||
| Title: | Mozilla Multiple Products FRAMESET Element cols Attribute Handling Overflow | ||
| Description: | Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2765 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11520 | |||
| Oval ID: | oval:org.mitre.oval:def:11520 | ||
| Title: | Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. | ||
| Description: | Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1310 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11527 | |||
| Oval ID: | oval:org.mitre.oval:def:11527 | ||
| Title: | Mozilla Firefox and Thunderbird Arbitrary code execution using SJOW and fast native function | ||
| Description: | Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object from the chrome scope." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1215 | Version: | 18 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11531 | |||
| Oval ID: | oval:org.mitre.oval:def:11531 | ||
| Title: | DSA-2075 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Wladimir Palant discovered that security checks in XML processing were insufficiently enforced. Chris Evans discovered that insecure CSS handling could lead to reading data across domain boundaries. Aki Helin discovered a buffer overflow in the internal copy of libpng, which could lead to the execution of arbitrary code. "regenrecht" discovered that incorrect memory handling in DOM parsing could lead to the execution of arbitrary code. Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert discovered crashes in the layout engine, which might allow the execution of arbitrary code. "JS3" discovered an integer overflow in the plugin code, which could lead to the execution of arbitrary code. Jordi Chancel discovered that the location could be spoofed to appear like a secured page. "regenrecht" discovered that incorrect memory handling in XUL parsing could lead to the execution of arbitrary code. Soroush Dalili discovered an information leak in script processing. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2075 CVE-2010-0182 CVE-2010-0654 CVE-2010-1205 CVE-2010-1208 CVE-2010-1211 CVE-2010-1214 CVE-2010-2751 CVE-2010-2753 CVE-2010-2754 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11550 | |||
| Oval ID: | oval:org.mitre.oval:def:11550 | ||
| Title: | DEPRECATED: Mozilla Multiple Products on Mac OS X data: URL Crafted Font Remote DoS | ||
| Description: | Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2770 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11552 | |||
| Oval ID: | oval:org.mitre.oval:def:11552 | ||
| Title: | Mozilla Firefox/Thunderbird/SeaMonkey Memory Corruption Vulnerability | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1211 | Version: | 25 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11568 | |||
| Oval ID: | oval:org.mitre.oval:def:11568 | ||
| Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
| Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3986 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11578 | |||
| Oval ID: | oval:org.mitre.oval:def:11578 | ||
| Title: | Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects OpenSSL | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 3 |
| Platform(s): | Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11617 | |||
| Oval ID: | oval:org.mitre.oval:def:11617 | ||
| Title: | AIX OpenSSL session renegotiation vulnerability | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 3 |
| Platform(s): | IBM AIX 5.2 IBM AIX 5.3 IBM AIX 6.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11666 | |||
| Oval ID: | oval:org.mitre.oval:def:11666 | ||
| Title: | Java security bypass vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11 | ||
| Description: | Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3775 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11675 | |||
| Oval ID: | oval:org.mitre.oval:def:11675 | ||
| Title: | Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 | ||
| Description: | Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3179 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11680 | |||
| Oval ID: | oval:org.mitre.oval:def:11680 | ||
| Title: | Mozilla Firefox, Thunderbird and SeaMonkey CSS Values Integer Overflow Vulnerability | ||
| Description: | Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2752 | Version: | 25 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11684 | |||
| Oval ID: | oval:org.mitre.oval:def:11684 | ||
| Title: | Mozilla Multiple Products XMLHttpRequest Object statusText Property Cross-origin Request Intranet Server Enumeration | ||
| Description: | Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2764 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11685 | |||
| Oval ID: | oval:org.mitre.oval:def:11685 | ||
| Title: | Mozilla Firefox and SeaMonkey Plugin Parameter 'EnsureCachedAttrParamArrays' Remote Code Execution Vulnerability | ||
| Description: | Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1214 | Version: | 20 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11688 | |||
| Oval ID: | oval:org.mitre.oval:def:11688 | ||
| Title: | Mozilla Firefox and SeaMonkey Location Bar Spoofing Vulnerability | ||
| Description: | The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2751 | Version: | 20 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11702 | |||
| Oval ID: | oval:org.mitre.oval:def:11702 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3070 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11735 | |||
| Oval ID: | oval:org.mitre.oval:def:11735 | ||
| Title: | Mozilla Multiple Products Document Charset OBJECT Element UTF-7 XSS Protection Mechanism Bypass | ||
| Description: | Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2768 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11740 | |||
| Oval ID: | oval:org.mitre.oval:def:11740 | ||
| Title: | Mozilla Firefox and SeaMonkey DOM Attribute Cloning Remote Code Execution Vulnerability | ||
| Description: | Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1208 | Version: | 20 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11743 | |||
| Oval ID: | oval:org.mitre.oval:def:11743 | ||
| Title: | Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp. | ||
| Description: | Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-4064 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11764 | |||
| Oval ID: | oval:org.mitre.oval:def:11764 | ||
| Title: | Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | ||
| Description: | Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1836 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11770 | |||
| Oval ID: | oval:org.mitre.oval:def:11770 | ||
| Title: | Mozilla Firefox, Thunderbird, and SeaMonkey Cross-origin data leakage from script filename in error messages | ||
| Description: | dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2754 | Version: | 25 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11771 | |||
| Oval ID: | oval:org.mitre.oval:def:11771 | ||
| Title: | Mozilla Firefox/Thunderbird/SeaMonkey Memory Corruption Vulnerability | ||
| Description: | js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagation of deep aborts in the TraceRecorder::record_JSOP_BINDNAME function, (2) depth handling in the TraceRecorder::record_JSOP_GETELEM function, and (3) tracing of out-of-range arguments in the TraceRecorder::record_JSOP_ARGSUB function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1212 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11778 | |||
| Oval ID: | oval:org.mitre.oval:def:11778 | ||
| Title: | Mozilla Multiple Products normalizeDocument Function DOM Node Removal Deleted Object Arbitrary Code Execution | ||
| Description: | The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2766 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11799 | |||
| Oval ID: | oval:org.mitre.oval:def:11799 | ||
| Title: | Mozilla Multiple Products nsTreeSelection Selection Range Calculation Overflow | ||
| Description: | Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2760 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11811 | |||
| Oval ID: | oval:org.mitre.oval:def:11811 | ||
| Title: | Mozilla Firefox, Thunderbird and SeaMonkey Cross-domain Data Theft Using CSS Vulnerability | ||
| Description: | Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0654 | Version: | 25 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11835 | |||
| Oval ID: | oval:org.mitre.oval:def:11835 | ||
| Title: | Mozilla Firefox/Thunderbird/SeaMonkey Cross-origin data disclosure via Web Workers and importScripts | ||
| Description: | The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1213 | Version: | 25 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11851 | |||
| Oval ID: | oval:org.mitre.oval:def:11851 | ||
| Title: | Mozilla Firefox/Thunderbird/SeaMonkey 'libpng' Buffer Overflow Vulnerability | ||
| Description: | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1205 | Version: | 25 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11863 | |||
| Oval ID: | oval:org.mitre.oval:def:11863 | ||
| Title: | Mozilla Firefox and Thunderbird Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish | ||
| Description: | intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1210 | Version: | 18 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11887 | |||
| Oval ID: | oval:org.mitre.oval:def:11887 | ||
| Title: | Mozilla Firefox and Thunderbird Same-origin Bypass Using Canvas Context Vulnerability | ||
| Description: | Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1207 | Version: | 18 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11891 | |||
| Oval ID: | oval:org.mitre.oval:def:11891 | ||
| Title: | Vulnerability in the LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 | ||
| Description: | The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3183 | Version: | 24 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11917 | |||
| Oval ID: | oval:org.mitre.oval:def:11917 | ||
| Title: | DSA-2064 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: "wushi" discovered that incorrect pointer handling in the frame processing code could lead to the execution of arbitrary code. "Nils" discovered that an integer overflow in DOM node parsing could lead to the execution of arbitrary code. Ilja von Sprundel discovered that incorrect parsing of Content-Disposition headers could lead to cross-site scripting. Microsoft engineers discovered that incorrect memory handling in the interaction of browser plugins could lead to the execution of arbitrary code. Martin Barbella discovered that an integer overflow in XSLT node parsing could lead to the execution of arbitrary code. Olli Pettay, Martijn Wargers, Justin Lebar, Jesse Ruderman, Ben Turner, Jonathan Kew and David Humphrey discovered crashes in the layout engine, which might allow the execution of arbitrary code. "boardraider" and "stedenon" discovered crashes in the layout engine, which might allow the execution of arbitrary code. Bob Clary, Igor Bukanov, Gary Kwong and Andreas Gal discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2064 CVE-2010-0183 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11943 | |||
| Oval ID: | oval:org.mitre.oval:def:11943 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3175 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11960 | |||
| Oval ID: | oval:org.mitre.oval:def:11960 | ||
| Title: | Remote code execution vulnerability via crafted HTTP response in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11 | ||
| Description: | Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3773 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11961 | |||
| Oval ID: | oval:org.mitre.oval:def:11961 | ||
| Title: | Mozilla Firefox Plugin Parameter Reference Remote Code Execution Vulnerability | ||
| Description: | layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2755 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11969 | |||
| Oval ID: | oval:org.mitre.oval:def:11969 | ||
| Title: | Mozilla Multiple Products navigator.plugins DOM Plugin Array Destruction Navigator Object Dangling Pointer Arbitrary Code Execution | ||
| Description: | The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2767 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12001 | |||
| Oval ID: | oval:org.mitre.oval:def:12001 | ||
| Title: | Mozilla Multiple Products XUL Tree Removal Property Change Role Restriction Weakness DoS | ||
| Description: | Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3168 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12108 | |||
| Oval ID: | oval:org.mitre.oval:def:12108 | ||
| Title: | Arbitrary code execution vulnerability in Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10 | ||
| Description: | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3765 | Version: | 19 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12114 | |||
| Oval ID: | oval:org.mitre.oval:def:12114 | ||
| Title: | Mozilla Multiple Products SafeJSObjectWrapper XPCSafeJSObjectWrapper Class Same Origin Policy Bypass Crafted Function XSS | ||
| Description: | The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2763 | Version: | 22 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12118 | |||
| Oval ID: | oval:org.mitre.oval:def:12118 | ||
| Title: | Vulnerability in SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 | ||
| Description: | The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3173 | Version: | 25 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12120 | |||
| Oval ID: | oval:org.mitre.oval:def:12120 | ||
| Title: | Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 via crafted HTML document | ||
| Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3178 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12132 | |||
| Oval ID: | oval:org.mitre.oval:def:12132 | ||
| Title: | Denial of service in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3176 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12136 | |||
| Oval ID: | oval:org.mitre.oval:def:12136 | ||
| Title: | Mozilla Multiple Products nsTreeContentView Function XUL Tree Node Removal Deleted Memory Dangling Pointer Arbitrary Code Execution | ||
| Description: | The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3167 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12143 | |||
| Oval ID: | oval:org.mitre.oval:def:12143 | ||
| Title: | Mozilla Multiple Products Path Subversion Arbitrary DLL Injection Code Execution | ||
| Description: | Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3131 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12145 | |||
| Oval ID: | oval:org.mitre.oval:def:12145 | ||
| Title: | Mozilla Multiple Products Browser Engine Unspecified Memory Corruption | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3169 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12158 | |||
| Oval ID: | oval:org.mitre.oval:def:12158 | ||
| Title: | Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 | ||
| Description: | Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3180 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12186 | |||
| Oval ID: | oval:org.mitre.oval:def:12186 | ||
| Title: | Mozilla Multiple Products nsTextFrameUtils::TransformText Function Bidirectional Text Run Overflow | ||
| Description: | Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3166 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12192 | |||
| Oval ID: | oval:org.mitre.oval:def:12192 | ||
| Title: | Mozilla Multiple Products Document Selection Addition designMode Property XSS | ||
| Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-2769 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12202 | |||
| Oval ID: | oval:org.mitre.oval:def:12202 | ||
| Title: | Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9 | ||
| Description: | Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3177 | Version: | 18 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12251 | |||
| Oval ID: | oval:org.mitre.oval:def:12251 | ||
| Title: | Denial of service vulnerability in the WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 | ||
| Description: | The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-4508 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12254 | |||
| Oval ID: | oval:org.mitre.oval:def:12254 | ||
| Title: | SSL Server X.509 Certificate Spoofing Vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 | ||
| Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3170 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12324 | |||
| Oval ID: | oval:org.mitre.oval:def:12324 | ||
| Title: | Remote code execution vulnerability using incorrect indexes in XUA tree in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11 | ||
| Description: | Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3772 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12342 | |||
| Oval ID: | oval:org.mitre.oval:def:12342 | ||
| Title: | Buffer overflow vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7 and Mozilla SeaMonkey before 2.0.11 | ||
| Description: | The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3769 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12343 | |||
| Oval ID: | oval:org.mitre.oval:def:12343 | ||
| Title: | Privilege escalation vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11 | ||
| Description: | Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3771 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12348 | |||
| Oval ID: | oval:org.mitre.oval:def:12348 | ||
| Title: | Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11 | ||
| Description: | Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3770 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12389 | |||
| Oval ID: | oval:org.mitre.oval:def:12389 | ||
| Title: | Multiple unspecified vulnerabilities using unknown vectors in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7 and Mozilla SeaMonkey before 2.0.11 | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3776 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12468 | |||
| Oval ID: | oval:org.mitre.oval:def:12468 | ||
| Title: | Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Mozilla Thunderbird 3.1.x before 3.1.7 using unknown vectors | ||
| Description: | Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3777 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12512 | |||
| Oval ID: | oval:org.mitre.oval:def:12512 | ||
| Title: | SSL spoofing vulnerability using a crafted web site in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11 | ||
| Description: | The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3774 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12532 | |||
| Oval ID: | oval:org.mitre.oval:def:12532 | ||
| Title: | Remote code execution vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 through ParanoidFragmentSink protection mechanism | ||
| Description: | The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1585 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12533 | |||
| Oval ID: | oval:org.mitre.oval:def:12533 | ||
| Title: | Information disclosure vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Mozilla Thunderbird before 3.0.11 and 3.1.x before 3.1.7 and Mozilla SeaMonkey before 2.0.11 | ||
| Description: | Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3768 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12568 | |||
| Oval ID: | oval:org.mitre.oval:def:12568 | ||
| Title: | DSA-2123-1 nss -- several | ||
| Description: | Several vulnerabilities have been discovered in Mozilla's Network Security Services library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3170 NSS recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2010-3173 NSS does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. For the stable distribution, these problems have been fixed in version 3.12.3.1-0lenny2. For the unstable distribution and the upcoming stable distribution, these problems have been fixed in version 3.12.8-1. We recommend that you upgrade your NSS packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2123-1 CVE-2010-3170 CVE-2010-3173 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12586 | |||
| Oval ID: | oval:org.mitre.oval:def:12586 | ||
| Title: | Use after free vulnerability in nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 | ||
| Description: | Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0183 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12610 | |||
| Oval ID: | oval:org.mitre.oval:def:12610 | ||
| Title: | Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11 | ||
| Description: | Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3767 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12622 | |||
| Oval ID: | oval:org.mitre.oval:def:12622 | ||
| Title: | Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Mozilla Thunderbird before 3.0.11 and SeaMonkey before 2.0.11 | ||
| Description: | Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3778 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12649 | |||
| Oval ID: | oval:org.mitre.oval:def:12649 | ||
| Title: | Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11 | ||
| Description: | Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3766 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12665 | |||
| Oval ID: | oval:org.mitre.oval:def:12665 | ||
| Title: | Information disclosure vulnerability in Mozilla Firefox before 3.6 through HREF attribute of a stylesheet LINK element | ||
| Description: | Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0648 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12671 | |||
| Oval ID: | oval:org.mitre.oval:def:12671 | ||
| Title: | Denial of service vulnerability in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1201 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla SeaMonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12683 | |||
| Oval ID: | oval:org.mitre.oval:def:12683 | ||
| Title: | DSA-2228-1 iceweasel -- several | ||
| Description: | Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 "regenrecht" discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code. CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history. CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2228-1 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12717 | |||
| Oval ID: | oval:org.mitre.oval:def:12717 | ||
| Title: | DSA-2106-2 xulrunner -- several | ||
| Description: | DSA-2106-1 introduced a regression that could lead to an application crash. This update fixes this problem. For reference, the text of the original advisory is provided below. Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: - - Implementation errors in XUL processing allow the execution of arbitrary code - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy - - An integer overflow in frame handling allows the execution of arbitrary code - - An implementation error in DOM handling allows the execution of arbitrary code - - Incorrect pointer handling in the plugin code allow the execution of arbitrary code - - Incorrect handling of an object tag may lead to the bypass of cross site scripting filters - - Incorrect copy and paste handling could lead to cross site scripting - - Crashes in the layout engine may lead to the execution of arbitrary code For the stable distribution, the problem has been fixed in version 1.9.0.19-5. The packages for the mips architecture are not included in this update. They will be released as soon as they become available. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2106-2 CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12733 | |||
| Oval ID: | oval:org.mitre.oval:def:12733 | ||
| Title: | DSA-2106-1 xulrunner -- several | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: - - Implementation errors in XUL processing allow the execution of arbitrary code - - An implementation error in the XPCSafeJSObjectWrapper wrapper allows the bypass of the same origin policy - - An integer overflow in frame handling allows the execution of arbitrary code - - An implementation error in DOM handling allows the execution of arbitrary code - - Incorrect pointer handling in the plugin code allow the execution of arbitrary code - - Incorrect handling of an object tag may lead to the bypass of cross site scripting filters - - Incorrect copy and paste handling could lead to cross site scripting - - Crashes in the layout engine may lead to the execution of arbitrary code For the stable distribution, these problems have been fixed in version 1.9.0.19-4. For the unstable distribution, these problems have been fixed in version 3.5.12-1 of the iceweasel source package. For the experimental distribution, these problems have been fixed in version 3.6.9-1 of the iceweasel source package. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2106-1 CVE-2010-2760 CVE-2010-2763 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12781 | |||
| Oval ID: | oval:org.mitre.oval:def:12781 | ||
| Title: | DSA-2269-1 iceape -- several | ||
| Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated. CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code. The oldstable distribution is not affected. The iceape package only provides the XPCOM code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2269-1 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12797 | |||
| Oval ID: | oval:org.mitre.oval:def:12797 | ||
| Title: | DSA-2124-1 xulrunner -- several | ||
| Description: | Several vulnerabilities have been discovered in Xulrunner, the component that provides the core functionality of Iceweasel, Debian's variant of Mozilla's browser technology. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3765 Xulrunner allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption. CVE-2010-3174 CVE-2010-3176 Multiple unspecified vulnerabilities in the browser engine in Xulrunner allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. CVE-2010-3177 Multiple cross-site scripting vulnerabilities in the Gopher parser in Xulrunner allow remote attackers to inject arbitrary web script or HTML via a crafted name of a file or directory on a Gopher server. CVE-2010-3178 Xulrunner does not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. CVE-2010-3179 Stack-based buffer overflow in the text-rendering functionality in Xulrunner allows remote attackers to execute arbitrary code or cause a denial of service via a long argument to the document.write method. CVE-2010-3180 Use-after-free vulnerability in the nsBarProp function in Xulrunner allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. CVE-2010-3183 The LookupGetterOrSetter function in Xulrunner does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. In addition, this security update includes corrections for regressions caused by the fixes for CVE-2010-0654 and CVE-2010-2769 in DSA-2075-1 and DSA-2106-1. For the stable distribution, these problems have been fixed in version 1.9.0.19-6. For the unstable distribution and the upcoming stable distribution, these problems have been fixed in version 3.5.15-1 of the iceweasel package. We recommend that you upgrade your Xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2124-1 CVE-2010-3765 CVE-2010-3174 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3183 CVE-2010-0654 CVE-2010-2769 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12843 | |||
| Oval ID: | oval:org.mitre.oval:def:12843 | ||
| Title: | DSA-2180-1 iceape -- several | ||
| Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2010-1585 Roberto Suggi Liverani discovered that the sanitising performed by ParanoidFragmentSink was incomplete. CVE-2011-0051 Zach Hoffmann discovered that incorrect parsing of recursive eval calls could lead to attackers forcing acceptance of a confirmation dialogue. CVE-2011-0053 Crashes in the layout engine may lead to the execution of arbitrary code. CVE-2011-0054 Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. CVE-2010-0056 Christian Holler discovered buffer overflows in the Javascript engine, which could allow the execution of arbitrary code. CVE-2011-0055 "regenrecht" and Igor Bukanov discovered a use-after-free error in the JSON-Implementation, which could lead to the execution of arbitrary code. CVE-2011-0057 Daniel Kozlowski discovered that incorrect memory handling the web workers implementation could lead to the execution of arbitrary code. CVE-2011-0059 Peleus Uhley discovered a cross-site request forgery risk in the plugin code. The oldstable distribution is not affected. The iceape package only provides the XPCOM code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2180-1 CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12867 | |||
| Oval ID: | oval:org.mitre.oval:def:12867 | ||
| Title: | DSA-2235-1 icedove -- several | ||
| Description: | Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 "regenrecht" discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code. CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history. CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs. As indicated in the Lenny release notes, security support for the Icedove packages in the oldstable needed to be stopped before the end of the regular Lenny security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a different mail client. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2235-1 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:12897 | |||
| Oval ID: | oval:org.mitre.oval:def:12897 | ||
| Title: | DSA-1939-1 libvorbis -- several | ||
| Description: | Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered that libvorbis, a library for the Vorbis general-purpose compressed audio codec, did not correctly handle certain malformed ogg files. An attacher could cause a denial of service or possibly execute arbitrary code via a crafted .ogg file. For the oldstable distribution, these problems have been fixed in version 1.1.2.dfsg-1.4+etch1. For the stable distribution, these problems have been fixed in version 1.2.0.dfsg-3.1+lenny1. For the testing distribution and the unstable distribution, these problems have been fixed in version 1.2.3-1 We recommend that you upgrade your libvorbis packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1939-1 CVE-2009-2663 CVE-2009-3379 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libvorbis |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:12973 | |||
| Oval ID: | oval:org.mitre.oval:def:12973 | ||
| Title: | DSA-1696-1 icedove -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. CVE-2008-1380 It was discovered that crashes in the Javascript engine could potentially lead to the execution of arbitrary code. CVE-2008-3835 "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect could be bypassed. CVE-2008-4058 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4059 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4060 Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. CVE-2008-4067 It was discovered that a directory traversal allows attackers to read arbitrary files via a certain characters. CVE-2008-4068 It was discovered that a directory traversal allows attackers to bypass security restrictions and obtain sensitive information. CVE-2008-4070 It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. CVE-2008-4582 Liu Die Yu and Boris Zbarsky discovered an information leak through local shortcut files. CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. CVE-2008-5018 It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. CVE-2008-5022 "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners could be bypassed. CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. For the stable distribution these problems have been fixed in version 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1. Packages for s390 will be provided later. For the upcoming stable distribution these problems will be fixed soon. For the unstable distribution these problems have been fixed in version 2.0.0.19-1. We recommend that you upgrade your icedove packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1696-1 CVE-2008-0016 CVE-2008-1380 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4070 CVE-2008-4582 CVE-2008-5012 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13007 | |||
| Oval ID: | oval:org.mitre.oval:def:13007 | ||
| Title: | DSA-2227-1 iceape -- several | ||
| Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0069 CVE-2011-0070 CVE-2011-0072 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 "Scoobidiver", Ian Beer Bob Clary, Henri Sivonen, Marco Bonardo, Mats Palmgren, Jesse Ruderman, Aki Kelin and Martin Barbella discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 "regenrecht" discovered several dangling pointer vulnerabilities, which may lead to the execution of arbitrary code. CVE-2011-0067 Paul Stone discovered that Java applets could steal information from the autocompletion history. CVE-2011-0071 Soroush Dalili discovered a directory traversal vulnerability in handling resource URIs. The oldstable distribution is not affected. The iceape package only provides the XPCOM code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2227-1 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13034 | |||
| Oval ID: | oval:org.mitre.oval:def:13034 | ||
| Title: | DSA-2268-1 iceweasel -- several | ||
| Description: | Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated. CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2268-1 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13075 | |||
| Oval ID: | oval:org.mitre.oval:def:13075 | ||
| Title: | USN-1011-2 -- thunderbird vulnerability | ||
| Description: | USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird. Original advisory details: Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1011-2 CVE-2010-3765 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13085 | |||
| Oval ID: | oval:org.mitre.oval:def:13085 | ||
| Title: | USN-927-1 -- nss vulnerability | ||
| Description: | Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-927-1 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Ubuntu 9.10 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13110 | |||
| Oval ID: | oval:org.mitre.oval:def:13110 | ||
| Title: | USN-958-1 -- thunderbird vulnerabilities | ||
| Description: | Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Thunderbird processed CSS values. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Thunderbird interpreted the XUL element. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. If a user were tricked into viewing malicious content, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Thunderbird did not properly handle script error output. An attacker could use this to access URL parameters from other domains | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-958-1 CVE-2010-1211 CVE-2010-1212 CVE-2010-2752 CVE-2010-2753 CVE-2010-1205 CVE-2010-1213 CVE-2010-0654 CVE-2010-2754 | Version: | 5 |
| Platform(s): | Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13136 | |||
| Oval ID: | oval:org.mitre.oval:def:13136 | ||
| Title: | DSA-2075-1 xulrunner -- several | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0182 Wladimir Palant discovered that security checks in XML processing were insufficiently enforced. CVE-2010-0654 Chris Evans discovered that insecure CSS handling could lead to reading data across domain boundaries. CVE-2010-1205 Aki Helin discovered a buffer overflow in the internal copy of libpng, which could lead to the execution of arbitrary code. CVE-2010-1208 "regenrecht" discovered that incorrect memory handling in DOM parsing could lead to the execution of arbitrary code. CVE-2010-1211 Jesse Ruderman, Ehsan Akhgari, Mats Palmgren, Igor Bukanov, Gary Kwong, Tobias Markus and Daniel Holbert discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2010-1214 "JS3" discovered an integer overflow in the plugin code, which could lead to the execution of arbitrary code. CVE-2010-2751 Jordi Chancel discovered that the location could be spoofed to appear like a secured page. CVE-2010-2753 "regenrecht" discovered that incorrect memory handling in XUL parsing could lead to the execution of arbitrary code. CVE-2010-2754 Soroush Dalili discovered an information leak in script processing. For the stable distribution, these problems have been fixed in version 1.9.0.19-3. For the unstable distribution, these problems have been fixed in version 1.9.1.11-1. For the experimental distribution, these problems have been fixed in version 1.9.2.7-1. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2075-1 CVE-2010-0182 CVE-2010-0654 CVE-2010-1205 CVE-2010-1208 CVE-2010-1211 CVE-2010-1214 CVE-2010-2751 CVE-2010-2753 CVE-2010-2754 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13144 | |||
| Oval ID: | oval:org.mitre.oval:def:13144 | ||
| Title: | USN-930-4 -- firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities | ||
| Description: | USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-930-4 CVE-2010-1208 CVE-2010-1209 CVE-2010-1211 CVE-2010-1212 CVE-2010-1214 CVE-2010-1215 CVE-2010-2752 CVE-2010-2753 CVE-2010-1205 CVE-2010-1213 CVE-2010-1207 CVE-2010-1210 CVE-2010-1206 CVE-2010-2751 CVE-2010-0654 CVE-2010-2754 CVE-2010-1121 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1198 CVE-2010-1196 CVE-2010-1199 CVE-2010-1125 CVE-2010-1197 CVE-2008-5913 | Version: | 6 |
| Platform(s): | Ubuntu 9.04 Ubuntu 9.10 | Product(s): | firefox-3.0 firefox-3.5 xulrunner-1.9.2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13152 | |||
| Oval ID: | oval:org.mitre.oval:def:13152 | ||
| Title: | USN-943-1 -- thunderbird vulnerabilities | ||
| Description: | Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Thunderbird. If a user were tricked into viewing malicious content, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. If was discovered that Thunderbird could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-943-1 CVE-2010-1199 CVE-2010-1196 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1121 | Version: | 5 |
| Platform(s): | Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13156 | |||
| Oval ID: | oval:org.mitre.oval:def:13156 | ||
| Title: | DSA-1922-1 xulrunner -- several | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3380 Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler and Boris Zbarsky reported crashes in layout engine, which might allow the execution of arbitrary code. CVE-2009-3382 Carsten Book reported a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3376 Jesse Ruderman and Sid Stamm discovered spoofing vulnerability in the file download dialog. CVE-2009-3375 Gregory Fleischer discovered a bypass of the same-origin policy using the document.getSelection function. CVE-2009-3374 "moz_bug_r_a4" discovered a privilege escalation to Chrome status in the XPCOM utility XPCVariant::VariantDataToJS. CVE-2009-3373 "regenrecht" discovered a buffer overflow in the GIF parser, which might lead to the execution of arbitrary code. CVE-2009-3372 Marco C. discovered that a programming error in the proxy auto configuration code might lead to denial of service or the execution of arbitrary code. CVE-2009-3274 Jeremy Brown discovered that the filename of a downloaded file which is opened by the user is predictable, which might lead to tricking the user into a malicious file if the attacker has local access to the system. CVE-2009-3370 Paul Stone discovered that history information from web forms could be stolen. For the stable distribution, these problems have been fixed in version 1.9.0.15-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.1.4-1. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1922-1 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13194 | |||
| Oval ID: | oval:org.mitre.oval:def:13194 | ||
| Title: | USN-978-1 -- thunderbird vulnerabilities | ||
| Description: | Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. It was discovered that the XPCSafeJSObjectWrapper security wrapper did not always honor the same-origin policy. If JavaScript was enabled, an attacker could exploit this to run untrusted JavaScript from other domains. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. If JavaScript was enabled, an attacker could utilize this to perform cross-site scripting attacks. A buffer overflow was discovered in Thunderbird when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-978-1 CVE-2010-2760 CVE-2010-2767 CVE-2010-3167 CVE-2010-2763 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-3168 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3169 | Version: | 5 |
| Platform(s): | Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13213 | |||
| Oval ID: | oval:org.mitre.oval:def:13213 | ||
| Title: | USN-701-2 -- mozilla-thunderbird vulnerabilities | ||
| Description: | Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. If a user had Javascript enabled, an attacker could exploit this to read data from other domains. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. When Javascript is enabled, it�s possible that sensitive information could be revealed in the XMLHttpRequest response. Chris Evans discovered that Thunderbird did not properly protect a user�s data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker may be able to steal a limited amount of private data. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Several flaws were discovered in the Javascript engine. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker could exploit this to execute arbitrary Javascript code within the context of another website or with chrome privileges | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-701-2 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 | Version: | 5 |
| Platform(s): | Ubuntu 6.06 | Product(s): | mozilla-thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13233 | |||
| Oval ID: | oval:org.mitre.oval:def:13233 | ||
| Title: | USN-701-1 -- thunderbird vulnerabilities | ||
| Description: | Several flaws were discovered in the browser engine. If a user had Javascript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. If a user had Javascript enabled, an attacker could exploit this to read data from other domains. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. When Javascript is enabled, it�s possible that sensitive information could be revealed in the XMLHttpRequest response. Chris Evans discovered that Thunderbird did not properly protect a user�s data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker may be able to steal a limited amount of private data. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Kojima Hajime discovered that Thunderbird did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Several flaws were discovered in the Javascript engine. If a user were tricked into opening a malicious website and had Javascript enabled, an attacker could exploit this to execute arbitrary Javascript code within the context of another website or with chrome privileges | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-701-1 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5510 CVE-2008-5511 CVE-2008-5512 | Version: | 5 |
| Platform(s): | Ubuntu 7.10 Ubuntu 8.10 Ubuntu 8.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13236 | |||
| Oval ID: | oval:org.mitre.oval:def:13236 | ||
| Title: | USN-915-1 -- thunderbird vulnerabilities | ||
| Description: | Several flaws were discovered in the JavaScript engine of Thunderbird. If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Josh Soref discovered that the BinHex decoder used in Thunderbird contained a flaw. If a user were tricked into viewing malicious content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that Thunderbird did not properly manage memory when using XUL tree elements. If a user were tricked into viewing malicious content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Jesse Ruderman and Sid Stamm discovered that Thunderbird did not properly display filenames containing right-to-left override characters. If a user were tricked into opening a malicious file with a crafted filename, an attacker could exploit this to trick the user into opening a different file than the user expected. Takehiro Takahashi discovered flaws in the NTLM implementation in Thunderbird. If an NTLM authenticated user opened content containing links to a malicious website, a remote attacker could send requests to other applications, authenticated as the user. Ludovic Hirlimann discovered a flaw in the way Thunderbird indexed certain messages with attachments. A remote attacker could send specially crafted content and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-915-1 CVE-2009-0689 CVE-2009-2463 CVE-2009-3075 CVE-2009-3072 CVE-2009-3077 CVE-2009-3376 CVE-2009-3983 CVE-2010-0163 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 9.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13237 | |||
| Oval ID: | oval:org.mitre.oval:def:13237 | ||
| Title: | USN-930-3 -- firefox regression | ||
| Description: | USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging problem, the Firefox 3.6 update could not be installed when the firefox-2 package was also installed. This update fixes the problem and updates apturl for the change. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-930-3 CVE-2010-1121 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1198 CVE-2010-1196 CVE-2010-1199 CVE-2010-1125 CVE-2010-1197 CVE-2008-5913 | Version: | 7 |
| Platform(s): | Ubuntu 8.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13245 | |||
| Oval ID: | oval:org.mitre.oval:def:13245 | ||
| Title: | DSA-1697-1 iceape -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-0016 Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. CVE-2008-0304 It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code. CVE-2008-2785 It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. CVE-2008-2798 Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2008-2799 Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-2800 "moz_bug_r_a4" discovered several cross-site scripting vulnerabilities. CVE-2008-2801 Collin Jackson and Adam Barth discovered that Javascript code could be executed in the context or signed JAR archives. CVE-2008-2802 "moz_bug_r_a4" discovered that XUL documements can escalate privileges by accessing the pre-compiled "fastload" file. CVE-2008-2803 "moz_bug_r_a4" discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript function could lead to the execution of arbitrary code. Iceape itself is not affected, but some addons are. CVE-2008-2805 Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious web sites to force the browser to upload local files to the server, which could lead to information disclosure. CVE-2008-2807 Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. CVE-2008-2808 Masahiro Yamada discovered that file URLS in directory listings were insufficiently escaped. CVE-2008-2809 John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings of secure connections. CVE-2008-2810 It was discovered that URL shortcut files could be used to bypass the same-origin restrictions. This issue does not affect current Iceape, but might occur with additional extensions installed. CVE-2008-2811 Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. CVE-2008-2933 Billy Rios discovered that passing an URL containing a pipe symbol to Iceape can lead to Chrome privilege escalation. CVE-2008-3835 "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect could be bypassed. CVE-2008-3836 "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. CVE-2008-3837 Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. CVE-2008-4058 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4059 "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. CVE-2008-4060 Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. CVE-2008-4061 Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2008-4062 Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2008-4065 Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. CVE-2008-4067 Boris Zbarsky discovered that resource: URls allow directory traversal when using URL-encoded slashes. CVE-2008-4068 Georgi Guninski discovered that resource: URLs could bypass local access restrictions. CVE-2008-4069 Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. CVE-2008-4070 It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. CVE-2008-5012 Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. CVE-2008-5013 It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. CVE-2008-5014 Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. CVE-2008-5017 It was discovered that crashes in the layout engine could lead to arbitrary code execution. CVE-2008-0017 Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. CVE-2008-5021 It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. CVE-2008-5022 "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners could be bypassed. CVE-2008-5024 Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. CVE-2008-4582 Liu Die Yu discovered an information leak through local shortcut files. CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. For the stable distribution these problems have been fixed in version 1.0.13~pre080614i-0etch1. For the upcoming stable distribution distribution these problems will be fixed soon. For the unstable distribution these problems have been fixed in version 1.1.14-1. We recommend that you upgrade your iceape packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1697-1 CVE-2008-0016 CVE-2008-0304 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811 CVE-2008-2933 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4070 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-0017 CVE-2008-5021 CVE-2008-5024 CVE-2008-5022 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13256 | |||
| Oval ID: | oval:org.mitre.oval:def:13256 | ||
| Title: | USN-930-5 -- ant, apturl, epiphany-browser, gluezilla, gnome-python-extras, liferea, mozvoikko, openjdk-6, packagekit, ubufox, webfav, yelp update | ||
| Description: | USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox processed plugin parameters. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. A flaw was discovered in the Firefox JavaScript engine. If a user were tricked into viewing a malicious site, a remote attacker code execute arbitrary JavaScript with chrome privileges. An integer overflow was discovered in how Firefox processed CSS values. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program. An integer overflow was discovered in how Firefox interpreted the XUL <tree> element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. If a user were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Yosuke Hasegawa and Vladimir Vukicevic discovered that the same-origin check in Firefox could be bypassed by utilizing the importScripts Web Worker method. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. O. Andersen that Firefox did not properly map undefined positions within certain 8 bit encodings. An attacker could utilize this to perform cross-site scripting attacks. Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 code. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Jordi Chancel discovered that Firefox did not properly handle when a server responds to an HTTPS request with plaintext and then processes JavaScript history events. An attacker could exploit this to spoof the location bar, such as in a phishing attack. Chris Evans discovered that Firefox did not properly process improper CSS selectors. If a user were tricked into viewing a malicious website, an attacker could exploit this to read data from other domains. Soroush Dalili discovered that Firefox did not properly handle script error output. An attacker could use this to access URL parameters from other domains | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-930-5 CVE-2010-1121 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1198 CVE-2010-1196 CVE-2010-1199 CVE-2010-1125 CVE-2010-1197 CVE-2008-5913 CVE-2010-1208 CVE-2010-1209 CVE-2010-1211 CVE-2010-1212 CVE-2010-1214 CVE-2010-1215 CVE-2010-2752 CVE-2010-2753 CVE-2010-1205 CVE-2010-1213 CVE-2010-1207 CVE-2010-1210 CVE-2010-1206 CVE-2010-2751 CVE-2010-0654 CVE-2010-2754 | Version: | 7 |
| Platform(s): | Ubuntu 9.04 Ubuntu 9.10 | Product(s): | ant apturl epiphany-browser gluezilla gnome-python-extras liferea mozvoikko openjdk-6 packagekit ubufox webfav yelp |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13262 | |||
| Oval ID: | oval:org.mitre.oval:def:13262 | ||
| Title: | DSA-2025-1 icedove -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2408 Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a "\0" character in a domain name in the subject's Common Name field of an X.509 certificate. CVE-2009-2404 Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. CVE-2009-2463 monarch2020 discovered an integer overflow n a base64 decoding function. CVE-2009-3072 Josh Soref discovered a crash in the BinHex decoder. CVE-2009-3075 Carsten Book reported a crash in the JavaScript engine. CVE-2010-0163 Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 2.0.0.24-0lenny1. Due to a problem with the archive system it is not possible to release all architectures. The missing architectures will be installed into the archive once they become available. For the testing distribution squeeze and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your icedove packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2025-1 CVE-2009-2408 CVE-2009-2404 CVE-2009-2463 CVE-2009-3072 CVE-2009-3075 CVE-2010-0163 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13287 | |||
| Oval ID: | oval:org.mitre.oval:def:13287 | ||
| Title: | Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. | ||
| Description: | Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1199 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13318 | |||
| Oval ID: | oval:org.mitre.oval:def:13318 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2364 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13327 | |||
| Oval ID: | oval:org.mitre.oval:def:13327 | ||
| Title: | USN-1123-1 -- xulrunner-1.9.1 vulnerabilities | ||
| Description: | xulrunner-1.9.1: XUL + XPCOM application runner Multiple xulrunner-1.9.1 vulnerabilities | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1123-1 CVE-2010-1585 CVE-2010-3776 CVE-2010-3778 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0058 CVE-2011-0059 CVE-2011-0062 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-1202 | Version: | 5 |
| Platform(s): | Ubuntu 9.10 | Product(s): | xulrunner-1.9.1 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13333 | |||
| Oval ID: | oval:org.mitre.oval:def:13333 | ||
| Title: | DSA-2064-1 xulrunner -- several | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0183 "wushi" discovered that incorrect pointer handling in the frame processing code could lead to the execution of arbitrary code. CVE-2010-1196 "Nils" discovered that an integer overflow in DOM node parsing could lead to the execution of arbitrary code. CVE-2010-1197 Ilja von Sprundel discovered that incorrect parsing of Content-Disposition headers could lead to cross-site scripting. CVE-2010-1198 Microsoft engineers discovered that incorrect memory handling in the interaction of browser plugins could lead to the execution of arbitrary code. CVE-2010-1199 Martin Barbella discovered that an integer overflow in XSLT node parsing could lead to the execution of arbitrary code. CVE-2010-1200 Olli Pettay, Martijn Wargers, Justin Lebar, Jesse Ruderman, Ben Turner, Jonathan Kew and David Humphrey discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2010-1201 "boardraider" and "stedenon" discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2010-1202 Bob Clary, Igor Bukanov, Gary Kwong and Andreas Gal discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 1.9.0.19-2. For the unstable distribution, these problems have been fixed in version 1.9.1.10-1 For the experimental distribution, these problems have been fixed in version 1.9.2.4-1. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2064-1 CVE-2010-0183 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13347 | |||
| Oval ID: | oval:org.mitre.oval:def:13347 | ||
| Title: | DEPRECATED: Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures. | ||
| Description: | Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3653 | Version: | 14 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13349 | |||
| Oval ID: | oval:org.mitre.oval:def:13349 | ||
| Title: | DSA-1999-1 xulrunner -- several | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1571 Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. CVE-2009-3988 Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. CVE-2010-0159 Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. CVE-2010-0160 Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. CVE-2010-0162 Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. For the stable distribution, these problems have been fixed in version 1.9.0.18-1. For the unstable distribution, these problems have been fixed in version 1.9.1.8-1. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1999-1 CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13356 | |||
| Oval ID: | oval:org.mitre.oval:def:13356 | ||
| Title: | DSA-1756-1 xulrunner -- multiple | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1169 Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim’s computer. CVE-2009-1044 Security researcher Nils reported via TippingPoint’s Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim’s computer. Note that after installing these updates, you will need to restart any packages using xulrunner, typically iceweasel or epiphany. For the stable distribution, these problems have been fixed in version 1.9.0.7-0lenny2. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.0.8-1 We recommend that you upgrade your xulrunner package. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1756-1 CVE-2009-1169 CVE-2009-1044 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13378 | |||
| Oval ID: | oval:org.mitre.oval:def:13378 | ||
| Title: | DSA-1830-1 icedove -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0040 The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialised pointer in the png_read_png function, pCAL chunk handling, or setup of 16-bit gamma tables. CVE-2009-0352 It is possible to execute arbitrary code via vectors related to the layout engine. CVE-2009-0353 It is possible to execute arbitrary code via vectors related to the JavaScript engine. CVE-2009-0652 Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalised domain names. CVE-2009-0771 Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. CVE-2009-0772 The layout engine allows the execution of arbitrary code ia vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. CVE-2009-0773 The JavaScript engine is prone to the execution of arbitrary code via several vectors. CVE-2009-0774 The layout engine allows the execution of arbitrary code via vectors related to gczeal. CVE-2009-0776 Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. CVE-2009-1302 The browser engine is prone to a possible memory corruption via several vectors. CVE-2009-1303 The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. CVE-2009-1307 Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. CVE-2009-1832 The possible arbitrary execution of code was discovered via vectors involving "double frame construction." CVE-2009-1392 Several issues were discovered in the browser engine as used by icedove, which could lead to the possible execution of arbitrary code. CVE-2009-1836 Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. CVE-2009-1838 moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. CVE-2009-1841 moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. No CVE id yet Bernd Jendrissek discovered a potentially exploitable crash when viewing a multipart/alternative mail message with a text/enhanced part. For the stable distribution, these problems have been fixed in version 2.0.0.22-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported mail client. For the testing distribution these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 2.0.0.22-1. We recommend that you upgrade your icedove packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1830-1 CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1302 CVE-2009-1303 CVE-2009-1307 CVE-2009-1832 CVE-2009-1392 CVE-2009-1836 CVE-2009-1838 CVE-2009-1841 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13381 | |||
| Oval ID: | oval:org.mitre.oval:def:13381 | ||
| Title: | USN-978-2 -- thunderbird regression | ||
| Description: | USN-978-1 fixed vulnerabilities in Thunderbird. Some users reported stability problems under certain circumstances. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Several dangling pointer vulnerabilities were discovered in Thunderbird. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. It was discovered that the XPCSafeJSObjectWrapper security wrapper did not always honor the same-origin policy. If JavaScript was enabled, an attacker could exploit this to run untrusted JavaScript from other domains. Matt Haggard discovered that Thunderbird did not honor same-origin policy when processing the statusText property of an XMLHttpRequest object. If a user were tricked into viewing a malicious site, a remote attacker could use this to gather information about servers on internal private networks. Chris Rohlf discovered an integer overflow when Thunderbird processed the HTML frameset element. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Several issues were discovered in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. David Huang and Collin Jackson discovered that the <object> tag could override the charset of a framed HTML document in another origin. An attacker could utilize this to perform cross-site scripting attacks. Paul Stone discovered that with designMode enabled an HTML selection containing JavaScript could be copied and pasted into a document and have the JavaScript execute within the context of the site where the code was dropped. If JavaScript was enabled, an attacker could utilize this to perform cross-site scripting attacks. A buffer overflow was discovered in Thunderbird when processing text runs. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Peter Van der Beken, Jason Oster, Jesse Ruderman, Igor Bukanov, Jeff Walden, Gary Kwong and Olli Pettay discovered several flaws in the browser engine. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-978-2 CVE-2010-2760 CVE-2010-2767 CVE-2010-3167 CVE-2010-2763 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-3168 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3169 | Version: | 5 |
| Platform(s): | Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13414 | |||
| Oval ID: | oval:org.mitre.oval:def:13414 | ||
| Title: | ** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." | ||
| Description: | ** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3640 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13417 | |||
| Oval ID: | oval:org.mitre.oval:def:13417 | ||
| Title: | USN-1050-1 -- thunderbird vulnerabilities | ||
| Description: | Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. Roberto Suggi Liverani discovered a possible issue with unsafe JavaScript execution in chrome documents. A malicious extension could exploit this to execute arbitrary code with chrome privlieges. Jordi Chancel discovered a buffer overlow in the JPEG decoding engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the program | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1050-1 CVE-2011-0053 CVE-2011-0062 CVE-2010-1585 CVE-2011-0061 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13424 | |||
| Oval ID: | oval:org.mitre.oval:def:13424 | ||
| Title: | USN-990-1 -- openssl vulnerability | ||
| Description: | Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it. ATTENTION: After applying this update, a patched server will allow both patched and unpatched clients to connect, but unpatched clients will not be able to renegotiate | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-990-1 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | openssl |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13425 | |||
| Oval ID: | oval:org.mitre.oval:def:13425 | ||
| Title: | DSA-1820-1 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1392 Several issues in the browser engine have been discovered, which can result in the execution of arbitrary code. CVE-2009-1832 It is possible to execute arbitrary code via vectors involving "double frame construction." CVE-2009-1833 Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript engine, which could lead to the execution of arbitrary code. CVE-2009-1834 Pavel Cvrcek discovered a potential issue leading to a spoofing attack on the location bar related to certain invalid unicode characters. CVE-2009-1835 Gregory Fleischer discovered that it is possible to read arbitrary cookies via a crafted HTML document. CVE-2009-1836 Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. CVE-2009-1837 Jakob Balle and Carsten Eiram reported a race condition in the NPObjWrapper_NewResolve function that can be used to execute arbitrary code. CVE-2009-1838 moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. CVE-2009-1839 Adam Barth and Collin Jackson reported a potential privilege escalation when loading a file::resource via the location bar. CVE-2009-1840 Wladimir Palant discovered that it is possible to bypass access restrictions due to a lack of content policy check, when loading a script file into a XUL document. CVE-2009-1841 moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object’s chrome privileges. For the stable distribution, these problems have been fixed in version 1.9.0.11-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 1.9.0.11-1. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1820-1 CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13434 | |||
| Oval ID: | oval:org.mitre.oval:def:13434 | ||
| Title: | USN-1121-1 -- firefox vulnerabilities | ||
| Description: | firefox: Safe and easy web browser from Mozilla Multiple firefox vulnerabilities | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1121-1 CVE-2011-0079 CVE-2011-0081 CVE-2011-0069 CVE-2011-0070 CVE-2011-1202 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13435 | |||
| Oval ID: | oval:org.mitre.oval:def:13435 | ||
| Title: | DSA-1797-1 xulrunner -- several | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0652 Moxie Marlinspike discovered that Unicode box drawing characters inside of internationalised domain names could be used for phishing attacks. CVE-2009-1302 Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the in the layout engine, which might allow the execution of arbitrary code. CVE-2009-1303 Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the in the layout engine, which might allow the execution of arbitrary code. CVE-2009-1304 Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-1305 Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-1306 Daniel Veditz discovered that the Content-Disposition: header is ignored within the jar: URI scheme. CVE-2009-1307 Gregory Fleischer discovered that the same-origin policy for Flash files is inproperly enforced for files loaded through the view-source scheme, which may result in bypass of cross-domain policy restrictions. CVE-2009-1308 Cefn Hoile discovered that sites, which allow the embedding of third-party stylesheets are vulnerable to cross-site scripting attacks through XBL bindings. CVE-2009-1309 "moz_bug_r_a4" discovered bypasses of the same-origin policy in the XMLHttpRequest Javascript API and the XPCNativeWrapper. CVE-2009-1311 Paolo Amadini discovered that incorrect handling of POST data when saving a web site with an embedded frame may lead to information disclosure. CVE-2009-1312 It was discovered that Iceweasel allows Refresh: headers to redirect to Javascript URIs, resulting in cross-site scripting. For the stable distribution, these problems have been fixed in version 1.9.0.9-0lenny2. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.0.9-1. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1797-1 CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1311 CVE-2009-1312 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13440 | |||
| Oval ID: | oval:org.mitre.oval:def:13440 | ||
| Title: | USN-927-4 -- nss vulnerability | ||
| Description: | USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-927-4 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13508 | |||
| Oval ID: | oval:org.mitre.oval:def:13508 | ||
| Title: | USN-998-1 -- thunderbird vulnerabilities | ||
| Description: | Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Alexander Miller, Sergey Glazunov, and others discovered several flaws in the JavaScript engine. If JavaScript were enabled, an attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. Eduardo Vela Nava discovered that Thunderbird could be made to violate the same-origin policy by using modal calls with JavaScript. If JavaScript were enabled, an attacker could exploit this to steal information from another site. Dmitri GribenkoDmitri Gribenko discovered that Thunderbird did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-998-1 CVE-2010-3175 CVE-2010-3176 CVE-2010-3179 CVE-2010-3180 CVE-2010-3183 CVE-2010-3178 CVE-2010-3182 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13517 | |||
| Oval ID: | oval:org.mitre.oval:def:13517 | ||
| Title: | DSA-2027-1 xulrunner -- several | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0174 Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2010-0175 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. CVE-2010-0176 It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. CVE-2010-0177 It was discovered that incorrect memory handling in the plugin code might allow the execution of arbitrary code. CVE-2010-0178 Paul Stone discovered that forced drag-and-drop events could lead to Chrome privilege escalation. CVE-2010-0179 It was discovered that a programming error in the XMLHttpRequestSpy module could lead to the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 1.9.0.19-1. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2027-1 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13525 | |||
| Oval ID: | oval:org.mitre.oval:def:13525 | ||
| Title: | DSA-2045-1 libtheora -- integer overflow | ||
| Description: | Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a video library part of the Ogg project, several flaws allow allow context-dependent attackers via a large and specially crafted media file, to cause a denial of service, and possibly arbitrary code execution. For the stable distribution, this problem has been fixed in version 1.0~beta3-1+lenny1. For the testing distribution, this problem has been fixed in version 1.1.0-1. For the testing distribution, this problem has been fixed in version 1.1.0-1. We recommend that you upgrade your libtheora packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2045-1 CVE-2009-3389 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | libtheora |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13532 | |||
| Oval ID: | oval:org.mitre.oval:def:13532 | ||
| Title: | USN-927-6 -- nss vulnerability | ||
| Description: | USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user�s session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-927-6 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Ubuntu 9.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13543 | |||
| Oval ID: | oval:org.mitre.oval:def:13543 | ||
| Title: | Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. | ||
| Description: | Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0083 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13550 | |||
| Oval ID: | oval:org.mitre.oval:def:13550 | ||
| Title: | The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004. | ||
| Description: | The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3647 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13567 | |||
| Oval ID: | oval:org.mitre.oval:def:13567 | ||
| Title: | USN-930-2 -- apturl, epiphany-browser, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update | ||
| Description: | USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on Ubuntu 8.04 LTS. Original advisory details: If was discovered that Firefox could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the way plugin instances interacted. An attacker could potentially exploit this and use one plugin to access freed memory from a second plugin to execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Firefox. If a user were tricked into viewing a malicious site, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. If a user were tricked into viewing a malicious site, a remote attacker could use this to capture keystrokes. Ilja van Sprundel discovered that the "Content-Disposition: attachment" HTTP header was ignored when "Content-Type: multipart" was also present. Under certain circumstances, this could potentially lead to cross-site scripting attacks. Amit Klein discovered that Firefox did not seed its random number generator often enough. An attacker could exploit this to identify and track users across different web sites | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-930-2 CVE-2010-1121 CVE-2010-1200 CVE-2010-1201 CVE-2010-1202 CVE-2010-1203 CVE-2010-1198 CVE-2010-1196 CVE-2010-1199 CVE-2010-1125 CVE-2010-1197 CVE-2008-5913 | Version: | 7 |
| Platform(s): | Ubuntu 8.04 | Product(s): | apturl epiphany-browser gecko-sharp gnome-python-extras liferea rhythmbox totem ubufox yelp |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13598 | |||
| Oval ID: | oval:org.mitre.oval:def:13598 | ||
| Title: | DSA-1931-1 nspr -- several | ||
| Description: | Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1563 A programming error in the string handling code may lead to the execution of arbitrary code. CVE-2009-2463 An integer overflow in the Base64 decoding functions may lead to the execution of arbitrary code. The old stable distribution doesn’t contain nspr. For the stable distribution, these problems have been fixed in version 4.7.1-5. For the unstable distribution these problems have been fixed in version 4.8.2-1. We recommend that you upgrade your NSPR packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1931-1 CVE-2009-1563 CVE-2009-2463 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nspr |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13601 | |||
| Oval ID: | oval:org.mitre.oval:def:13601 | ||
| Title: | DSA-1886-1 iceweasel -- several | ||
| Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3079 "moz_bug_r_a4" discovered that a programming error in the FeedWriter module could lead to the execution of Javascript code with elevated privileges. CVE-2009-1310 Prateek Saxena discovered a cross-site scripting vulnerability in the MozSearch plugin interface. For the stable distribution, these problems have been fixed in version 3.0.6-3. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 3.0.14-1. For the experimental distribution, these problems have been fixed in version 3.5.3-1. We recommend that you upgrade your iceweasel packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1886-1 CVE-2009-1310 CVE-2009-3079 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13605 | |||
| Oval ID: | oval:org.mitre.oval:def:13605 | ||
| Title: | DSA-1707-1 iceweasel -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. CVE-2008-5503 Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. CVE-2008-5504 It was discovered that attackers could run arbitrary JavaScript with chrome privileges via vectors related to the feed preview. CVE-2008-5506 Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. CVE-2008-5507 Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. CVE-2008-5508 Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. CVE-2008-5510 Kojima Hajime and Jun Muto discovered that escaped null characters were ignored by the CSS parser and could lead to the bypass of protection mechanisms CVE-2008-5511 It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." CVE-2008-5512 It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. CVE-2008-5513 moz_bug_r_a4 discovered that the session-restore feature does not properly sanitise input leading to arbitrary injections. This issue could be used to perform an XSS attack or run arbitrary JavaScript with chrome privileges. For the stable distribution these problems have been fixed in version 2.0.0.19-0etch1. For the testing distribution and the unstable distribution these problems have been fixed in version 3.0.5-1. Please note iceweasel in Lenny links dynamically against xulrunner. We recommend that you upgrade your iceweasel package. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1707-1 CVE-2008-5500 CVE-2008-5503 CVE-2008-5504 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5510 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13610 | |||
| Oval ID: | oval:org.mitre.oval:def:13610 | ||
| Title: | DSA-1885-1 xulrunner -- several | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3070 Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3071 Daniel Holbert, Jesse Ruderman, Olli Pettay and "toshi" discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3072 Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3074 Jesse Ruderman discovered a crash in the Javascript engine, which might allow the execution of arbitrary code. CVE-2009-3075 Carsten Book and "Taral" discovered crashes in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3076 Jesse Ruderman discovered that the user interface for installing/ removing PCKS #11 securiy modules wasn’t informative enough, which might allow social engineering attacks. CVE-2009-3077 It was discovered that incorrect pointer handling in the XUL parser could lead to the execution of arbitrary code. CVE-2009-3078 Juan Pablo Lopez Yacubian discovered that incorrent rendering of some Unicode font characters could lead to spoofing attacks on the location bar. For the stable distribution, these problems have been fixed in version 1.9.0.14-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the unstable distribution, these problems have been fixed in version 1.9.0.14-1. For the experimental distribution, these problems have been fixed in version 1.9.1.3-1. We recommend that you upgrade your xulrunner package. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1885-1 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13623 | |||
| Oval ID: | oval:org.mitre.oval:def:13623 | ||
| Title: | DSA-1934-1 apache2 -- multiple issues | ||
| Description: | A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability. As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use. NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations: - - The "SSLVerifyClient" directive is used in a Directory or Location context. - - The "SSLCipherSuite" directive is used in a Directory or Location context. As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level. A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue. In addition, this update fixes the following issues in Apache's mod_proxy_ftp: CVE-2009-3094: Insufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service via a malformed reply to an EPSV command. CVE-2009-3095: Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server. For the stable distribution, these problems have been fixed in version 2.2.9-10+lenny6. This version also includes some non-security bug fixes that were scheduled for inclusion in the next stable point release. The oldstable distribution, these problems have been fixed in version 2.2.3-4+etch11. For the testing distribution and the unstable distribution, these problems will be fixed in version 2.2.14-2. This advisory also provides updated apache2-mpm-itk packages which have been recompiled against the new apache2 packages. Updated apache2-mpm-itk packages for the armel architecture are not included yet. They will be released as soon as they become available. We recommend that you upgrade your apache2 and apache2-mpm-itk packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1934-1 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13635 | |||
| Oval ID: | oval:org.mitre.oval:def:13635 | ||
| Title: | USN-1150-1 -- thunderbird vulnerabilities | ||
| Description: | thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1150-1 CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2376 CVE-2011-2373 CVE-2011-2377 CVE-2011-2371 CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 CVE-2011-2362 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13664 | |||
| Oval ID: | oval:org.mitre.oval:def:13664 | ||
| Title: | USN-741-1 -- mozilla-thunderbird, thunderbird vulnerabilities | ||
| Description: | Several flaws were discovered in the browser engine. If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird and possibly execute arbitrary code with user privileges. Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user had Javascript enabled, these problems could allow a remote attacker to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Thunderbird performed a cross-domain redirect. If a user had Javascript enabled, an attacker could bypass the same-origin policy in Thunderbird by utilizing nsIRDFService and steal private data from users authenticated to the redirected website | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-741-1 CVE-2009-0352 CVE-2009-0772 CVE-2009-0774 CVE-2009-0776 | Version: | 5 |
| Platform(s): | Ubuntu 7.10 Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | mozilla-thunderbird thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13666 | |||
| Oval ID: | oval:org.mitre.oval:def:13666 | ||
| Title: | DSA-1956-1 xulrunner -- several | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3986: David James discovered that the window.opener property allows Chrome privilege escalation. CVE-2009-3985: Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. CVE-2009-3984: Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. CVE-2009-3983: Takehiro Takahashi discovered that the NTLM implementaion is vulnerable to reflection attacks. CVE-2009-3981: Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. CVE-2009-3979: Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. For the stable distribution, these problems have been fixed in version 1.9.0.16-1. For the unstable distribution, these problems have been fixed in version 1.9.1.6-1. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1956-1 CVE-2009-3986 CVE-2009-3985 CVE-2009-3984 CVE-2009-3983 CVE-2009-3981 CVE-2009-3979 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13693 | |||
| Oval ID: | oval:org.mitre.oval:def:13693 | ||
| Title: | Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. | ||
| Description: | Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2362 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13742 | |||
| Oval ID: | oval:org.mitre.oval:def:13742 | ||
| Title: | USN-853-2 -- firefox-3.5, xulrunner-1.9.1 regression | ||
| Description: | USN-853-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced regressions that could lead to crashes when processing certain malformed GIF images, fonts and web pages. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Alin Rad Pop discovered a heap-based buffer overflow in Firefox when it converted strings to floating point numbers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Jeremy Brown discovered that the Firefox Download Manager was vulnerable to symlink attacks. A local attacker could exploit this to create or overwrite files with the privileges of the user invoking the program. Paul Stone discovered a flaw in the Firefox form history. If a user were tricked into viewing a malicious website, a remote attacker could access this data to steal confidential information. Orlando Berrera discovered that Firefox did not properly free memory when using web-workers. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.10. A flaw was discovered in the way Firefox processed Proxy Auto-configuration files. If a user configured the browser to use PAC files with certain regular expressions, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A heap-based buffer overflow was discovered in Mozilla�s GIF image parser. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. A flaw was discovered in the JavaScript engine of Firefox. An attacker could exploit this to execute scripts from page content with chrome privileges. Gregory Fleischer discovered that the same-origin check in Firefox could be bypassed by utilizing the document.getSelection function. An attacker could exploit this to read data from other domains. Jesse Ruderman and Sid Stamm discovered that Firefox did not properly display filenames containing right-to-left override characters. If a user were tricked into downloading a malicious file with a crafted filename, an attacker could exploit this to trick the user into opening a different file than the user expected. Several flaws were discovered in third party media libraries. If a user were tricked into opening a crafted media file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.10. Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler, Boris Zbarsky, Thomas Frederiksen, Marcia Knous, Carsten Book, Kevin Brosnan, David Anderson and Jeff Walden discovered various flaws in the browser and JavaScript engines of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-853-2 CVE-2009-1563 CVE-2009-3274 CVE-2009-3370 CVE-2009-3371 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3377 CVE-2009-3380 CVE-2009-3381 CVE-2009-3382 CVE-2009-3383 | Version: | 5 |
| Platform(s): | Ubuntu 9.10 | Product(s): | firefox-3.5 xulrunner-1.9.1 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13754 | |||
| Oval ID: | oval:org.mitre.oval:def:13754 | ||
| Title: | DSA-1704-2 netatalk -- arbitrary code execution | ||
| Description: | The update in DSA 1704-1 was incomplete as it missed to escape a few important characters which enabled an attacker to overwrite arbitrary files. It was discovered that netatalk, an implementation of the AppleTalk suite, is affected by a command injection vulnerability when processing PostScript streams via papd. This is leading to arbitrary remote code execution. Note that this only affects installations that are configured to use a pipe command in combination with wildcard symbols substituted with values of the printed job. For the stable distribution this problem has been fixed in version 2.0.3-4+etch2. For the unstable distribution this problem has been fixed in version 2.0.4~beta2-1.1. We recommend that you upgrade your netatalk package. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1704-2 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | netatalk |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13770 | |||
| Oval ID: | oval:org.mitre.oval:def:13770 | ||
| Title: | Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. | ||
| Description: | Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-4688 | Version: | 11 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13773 | |||
| Oval ID: | oval:org.mitre.oval:def:13773 | ||
| Title: | DSA-1840-1 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2462 Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay and Blake Kaplan disocvered several issues in the browser engine that could potentially lead to the execution of arbitrary code. CVE-2009-2463 monarch2020 reported an integer overflow in a base64 decoding function. CVE-2009-2464 Christophe Charron reported a possibly exploitable crash occuring when multiple RDF files were loaded in a XUL tree element. CVE-2009-2465 Yongqian Li reported that an unsafe memory condition could be created by specially crafted document. CVE-2009-2466 Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten Book discovered several issues in the JavaScript engine that could possibly lead to the execution of arbitrary JavaScript. CVE-2009-2467 Attila Suszter discovered an issue related to a specially crafted Flash object, which could be used to run arbitrary code. CVE-2009-2469 PenPal discovered that it is possible to execute arbitrary code via a specially crafted SVG element. CVE-2009-2471 Blake Kaplan discovered a flaw in the JavaScript engine that might allow an attacker to execute arbitrary JavaScript with chrome privileges. CVE-2009-2472 moz_bug_r_a4 discovered an issue in the JavaScript engine that could be used to perform cross-site scripting attacks. For the stable distribution, these problems have been fixed in version 1.9.0.12-0lenny1. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 1.9.0.12-1. We recommend that you upgrade your xulrunner packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1840-1 CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2471 CVE-2009-2472 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13830 | |||
| Oval ID: | oval:org.mitre.oval:def:13830 | ||
| Title: | The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Description: | The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3654 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13844 | |||
| Oval ID: | oval:org.mitre.oval:def:13844 | ||
| Title: | DEPRECATED: A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||
| Description: | A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3182 | Version: | 14 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13848 | |||
| Oval ID: | oval:org.mitre.oval:def:13848 | ||
| Title: | USN-728-3 -- firefox vulnerabilities | ||
| Description: | Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Firefox performed a cross-domain redirect. An attacker could bypass the same-origin policy in Firefox by utilizing nsIRDFService and steal private data from users authenticated to the redirected website | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-728-3 CVE-2009-0772 CVE-2009-0774 CVE-2009-0776 | Version: | 5 |
| Platform(s): | Ubuntu 6.06 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13854 | |||
| Oval ID: | oval:org.mitre.oval:def:13854 | ||
| Title: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | ||
| Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2372 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13866 | |||
| Oval ID: | oval:org.mitre.oval:def:13866 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0080 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13870 | |||
| Oval ID: | oval:org.mitre.oval:def:13870 | ||
| Title: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
| Description: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3650 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13872 | |||
| Oval ID: | oval:org.mitre.oval:def:13872 | ||
| Title: | Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. | ||
| Description: | Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2377 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13873 | |||
| Oval ID: | oval:org.mitre.oval:def:13873 | ||
| Title: | USN-717-2 -- firefox-3.0 vulnerabilities | ||
| Description: | A flaw was discovered in the browser engine when restoring closed tabs. If a user were tricked into restoring a tab to a malicious website with form input controls, an attacker could steal local files on the user�s system. Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were tricked into opening a malicious web page, a remote attacker could view sensitive information | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-717-2 CVE-2009-0355 CVE-2009-0357 | Version: | 5 |
| Platform(s): | Ubuntu 7.10 | Product(s): | firefox-3.0 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13894 | |||
| Oval ID: | oval:org.mitre.oval:def:13894 | ||
| Title: | USN-728-2 -- firefox vulnerabilities | ||
| Description: | Jesse Ruderman and Gary Kwong discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Georgi Guninski discovered a flaw when Firefox performed a cross-domain redirect. An attacker could bypass the same-origin policy in Firefox by utilizing nsIRDFService and steal private data from users authenticated to the redirected website | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-728-2 CVE-2009-0772 CVE-2009-0774 CVE-2009-0776 | Version: | 5 |
| Platform(s): | Ubuntu 7.10 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13911 | |||
| Oval ID: | oval:org.mitre.oval:def:13911 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2997 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13944 | |||
| Oval ID: | oval:org.mitre.oval:def:13944 | ||
| Title: | USN-861-1 -- libvorbis vulnerabilities | ||
| Description: | It was discovered that libvorbis did not correctly handle ogg files with underpopulated Huffman trees. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service. It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user�s privileges | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-861-1 CVE-2008-2009 CVE-2009-3379 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 9.04 | Product(s): | libvorbis |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13954 | |||
| Oval ID: | oval:org.mitre.oval:def:13954 | ||
| Title: | Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab. | ||
| Description: | Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3866 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13957 | |||
| Oval ID: | oval:org.mitre.oval:def:13957 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2995 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13962 | |||
| Oval ID: | oval:org.mitre.oval:def:13962 | ||
| Title: | The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. | ||
| Description: | The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1125 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13970 | |||
| Oval ID: | oval:org.mitre.oval:def:13970 | ||
| Title: | Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList. | ||
| Description: | Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0066 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13980 | |||
| Oval ID: | oval:org.mitre.oval:def:13980 | ||
| Title: | USN-1149-2 -- firefox regression | ||
| Description: | firefox: safe and easy web browser from Mozilla Details: USN-1149-1 fixed vulnerabilities in Firefox. Unfortunately, a regression was introduced that prevented cookies from being stored properly when the hostname was a single character. This update fixes the problem. We apologize for the inconvenience. Original advisory In rare instances, Firefox could have trouble accessing some websites. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1149-2 CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2376 CVE-2011-2373 CVE-2011-2377 CVE-2011-2371 CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 CVE-2011-2362 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13987 | |||
| Oval ID: | oval:org.mitre.oval:def:13987 | ||
| Title: | Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. | ||
| Description: | Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2371 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13991 | |||
| Oval ID: | oval:org.mitre.oval:def:13991 | ||
| Title: | USN-1122-1 -- thunderbird vulnerabilities | ||
| Description: | thunderbird: mail/news client with RSS and integrated spam filter support Thunderbird could be made to run programs as your login if it opened specially crafted mail. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1122-1 CVE-2011-0081 CVE-2011-0069 CVE-2011-0070 CVE-2011-0080 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0072 CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 CVE-2011-0067 CVE-2011-0071 CVE-2011-1202 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13993 | |||
| Oval ID: | oval:org.mitre.oval:def:13993 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0081 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13996 | |||
| Oval ID: | oval:org.mitre.oval:def:13996 | ||
| Title: | USN-1112-1 -- firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.2 vulnerabilities | ||
| Description: | firefox: safe and easy web browser from Mozilla - xulrunner-1.9.2: XUL + XPCOM application runner - firefox-3.5: safe and easy web browser from Mozilla - firefox-3.0: safe and easy web browser from Mozilla Multiple vulnerabilities in Firefox and Xulrunner | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1112-1 CVE-2011-0081 CVE-2011-0069 CVE-2011-0070 CVE-2011-0080 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0072 CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 CVE-2011-0067 CVE-2011-0071 CVE-2011-1202 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | firefox firefox-3.0 firefox-3.5 xulrunner-1.9.2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14001 | |||
| Oval ID: | oval:org.mitre.oval:def:14001 | ||
| Title: | USN-782-1 -- thunderbird vulnerabilities | ||
| Description: | Several flaws were discovered in the JavaScript engine of Thunderbird. If a user had JavaScript enabled and were tricked into viewing malicious web content, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the way Thunderbird processed malformed URI schemes. If a user were tricked into viewing a malicious website and had JavaScript and plugins enabled, a remote attacker could execute arbitrary JavaScript or steal private data. Cefn Hoile discovered Thunderbird did not adequately protect against embedded third-party stylesheets. If JavaScript were enabled, an attacker could exploit this to perform script injection attacks using XBL bindings. Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Thunderbird did not properly handle error responses when connecting to a proxy server. If a user had JavaScript enabled while using Thunderbird to view websites and a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. It was discovered that Thunderbird could be made to run scripts with elevated privileges. If a user had JavaScript enabled while having certain non-default add-ons installed and were tricked into viewing a malicious website, an attacker could cause a chrome privileged object, such as the browser sidebar, to run arbitrary code via interactions with the attacker controlled website | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-782-1 CVE-2009-1303 CVE-2009-1305 CVE-2009-1392 CVE-2009-1833 CVE-2009-1838 CVE-2009-1306 CVE-2009-1307 CVE-2009-1309 CVE-2009-1308 CVE-2009-1836 CVE-2009-1841 | Version: | 5 |
| Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14012 | |||
| Oval ID: | oval:org.mitre.oval:def:14012 | ||
| Title: | Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. | ||
| Description: | Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2998 | Version: | 11 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14013 | |||
| Oval ID: | oval:org.mitre.oval:def:14013 | ||
| Title: | Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue. | ||
| Description: | Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0056 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14017 | |||
| Oval ID: | oval:org.mitre.oval:def:14017 | ||
| Title: | Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. | ||
| Description: | Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1196 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14018 | |||
| Oval ID: | oval:org.mitre.oval:def:14018 | ||
| Title: | Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue. | ||
| Description: | Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0054 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14020 | |||
| Oval ID: | oval:org.mitre.oval:def:14020 | ||
| Title: | Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." | ||
| Description: | Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0073 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14025 | |||
| Oval ID: | oval:org.mitre.oval:def:14025 | ||
| Title: | Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression. | ||
| Description: | Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3649 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14038 | |||
| Oval ID: | oval:org.mitre.oval:def:14038 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0072 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14046 | |||
| Oval ID: | oval:org.mitre.oval:def:14046 | ||
| Title: | Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. | ||
| Description: | Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2363 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14048 | |||
| Oval ID: | oval:org.mitre.oval:def:14048 | ||
| Title: | USN-1157-2 -- mozvoikko, ubufox, webfav update | ||
| Description: | mozvoikko: Finnish spell-checker extension for Firefox - ubufox: Ubuntu Firefox specific configuration defaults and apt support - webfav: Firefox extension for saving web favorites Details: USN-1157-1 fixed vulnerabilities in Firefox. This update provides updated packages for use with Firefox 5. Original advisory This update provides provides packages compatible with Firefox 5. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1157-2 CVE-2011-2374 CVE-2011-2375 CVE-2011-2373 CVE-2011-2377 CVE-2011-2371 CVE-2011-2366 CVE-2011-2367 CVE-2011-2368 CVE-2011-2370 CVE-2011-2369 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 | Product(s): | mozvoikko ubufox webfav |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14054 | |||
| Oval ID: | oval:org.mitre.oval:def:14054 | ||
| Title: | Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. | ||
| Description: | Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3003 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14055 | |||
| Oval ID: | oval:org.mitre.oval:def:14055 | ||
| Title: | The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801. | ||
| Description: | The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2993 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14058 | |||
| Oval ID: | oval:org.mitre.oval:def:14058 | ||
| Title: | Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. | ||
| Description: | Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0071 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14064 | |||
| Oval ID: | oval:org.mitre.oval:def:14064 | ||
| Title: | Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2996 | Version: | 11 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14065 | |||
| Oval ID: | oval:org.mitre.oval:def:14065 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0069 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14068 | |||
| Oval ID: | oval:org.mitre.oval:def:14068 | ||
| Title: | USN-1157-1 -- firefox vulnerabilities | ||
| Description: | firefox: Safe and easy web browser from Mozilla Multiple Firefox vulnerabilities have been fixed | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1157-1 CVE-2011-2374 CVE-2011-2375 CVE-2011-2373 CVE-2011-2377 CVE-2011-2371 CVE-2011-2366 CVE-2011-2367 CVE-2011-2368 CVE-2011-2370 CVE-2011-2369 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14071 | |||
| Oval ID: | oval:org.mitre.oval:def:14071 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2375 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14084 | |||
| Oval ID: | oval:org.mitre.oval:def:14084 | ||
| Title: | USN-1122-3 -- thunderbird regression | ||
| Description: | thunderbird: mail/news client with RSS and integrated spam filter support Details: USN-1122-2 fixed vulnerabilities in Thunderbird on Ubuntu 11.04. A regression was introduced which caused Thunderbird to display an empty menu bar. This update fixes the problem. We apologize for the inconvenience. Original advisory An empty menu bar sometimes appeared after upgrade in USN-1122-2 | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1122-3 CVE-2011-0081 CVE-2011-0069 CVE-2011-0070 CVE-2011-0080 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0072 CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 CVE-2011-0067 CVE-2011-0071 CVE-2011-1202 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14086 | |||
| Oval ID: | oval:org.mitre.oval:def:14086 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0075 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14121 | |||
| Oval ID: | oval:org.mitre.oval:def:14121 | ||
| Title: | The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. | ||
| Description: | The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3004 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14123 | |||
| Oval ID: | oval:org.mitre.oval:def:14123 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2374 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14127 | |||
| Oval ID: | oval:org.mitre.oval:def:14127 | ||
| Title: | USN-1122-2 -- thunderbird vulnerabilities | ||
| Description: | thunderbird: mail/news client with RSS and integrated spam filter support Details: USN-1122-1 fixed vulnerabilities in Thunderbird for Lucid and Maverick. This update provides the corresponding fixes for Natty. Original advisory Thunderbird could be made to run programs as your login if it opened specially crafted mail. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1122-2 CVE-2011-0081 CVE-2011-0069 CVE-2011-0070 CVE-2011-0080 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0072 CVE-2011-0065 CVE-2011-0066 CVE-2011-0073 CVE-2011-0067 CVE-2011-0071 CVE-2011-1202 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14142 | |||
| Oval ID: | oval:org.mitre.oval:def:14142 | ||
| Title: | Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel. | ||
| Description: | Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0065 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14145 | |||
| Oval ID: | oval:org.mitre.oval:def:14145 | ||
| Title: | The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwanted local caching of documents from that server. | ||
| Description: | The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwanted local caching of documents from that server. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0082 | Version: | 11 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14152 | |||
| Oval ID: | oval:org.mitre.oval:def:14152 | ||
| Title: | USN-1149-1 -- firefox, xulrunner-1.9.2 vulnerabilities | ||
| Description: | firefox: safe and easy web browser from Mozilla - xulrunner-1.9.2: XUL + XPCOM application runner Multiple Vulnerabilities were fixed in Firefox and Xulrunner | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1149-1 CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2376 CVE-2011-2373 CVE-2011-2377 CVE-2011-2371 CVE-2011-0083 CVE-2011-0085 CVE-2011-2363 CVE-2011-2362 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | firefox xulrunner-1.9.2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14163 | |||
| Oval ID: | oval:org.mitre.oval:def:14163 | ||
| Title: | The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer." | ||
| Description: | The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2378 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14170 | |||
| Oval ID: | oval:org.mitre.oval:def:14170 | ||
| Title: | Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. | ||
| Description: | Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0464 | Version: | 23 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14176 | |||
| Oval ID: | oval:org.mitre.oval:def:14176 | ||
| Title: | Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances. | ||
| Description: | Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1198 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14178 | |||
| Oval ID: | oval:org.mitre.oval:def:14178 | ||
| Title: | Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. | ||
| Description: | Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2373 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14182 | |||
| Oval ID: | oval:org.mitre.oval:def:14182 | ||
| Title: | DEPRECATED: The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters. | ||
| Description: | The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0166 | Version: | 10 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14184 | |||
| Oval ID: | oval:org.mitre.oval:def:14184 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2365 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14186 | |||
| Oval ID: | oval:org.mitre.oval:def:14186 | ||
| Title: | Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document. | ||
| Description: | Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1197 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14193 | |||
| Oval ID: | oval:org.mitre.oval:def:14193 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0077 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14200 | |||
| Oval ID: | oval:org.mitre.oval:def:14200 | ||
| Title: | Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection. | ||
| Description: | Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0057 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14202 | |||
| Oval ID: | oval:org.mitre.oval:def:14202 | ||
| Title: | Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. | ||
| Description: | Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3655 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14211 | |||
| Oval ID: | oval:org.mitre.oval:def:14211 | ||
| Title: | Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. | ||
| Description: | Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0051 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14212 | |||
| Oval ID: | oval:org.mitre.oval:def:14212 | ||
| Title: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. | ||
| Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3648 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14226 | |||
| Oval ID: | oval:org.mitre.oval:def:14226 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3660 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14232 | |||
| Oval ID: | oval:org.mitre.oval:def:14232 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0079 | Version: | 11 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14239 | |||
| Oval ID: | oval:org.mitre.oval:def:14239 | ||
| Title: | The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Description: | The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3652 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14244 | |||
| Oval ID: | oval:org.mitre.oval:def:14244 | ||
| Title: | The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. | ||
| Description: | The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-1202 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14246 | |||
| Oval ID: | oval:org.mitre.oval:def:14246 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0078 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14252 | |||
| Oval ID: | oval:org.mitre.oval:def:14252 | ||
| Title: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
| Description: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2999 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14254 | |||
| Oval ID: | oval:org.mitre.oval:def:14254 | ||
| Title: | Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run. | ||
| Description: | Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0058 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14259 | |||
| Oval ID: | oval:org.mitre.oval:def:14259 | ||
| Title: | Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing. | ||
| Description: | Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0163 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14270 | |||
| Oval ID: | oval:org.mitre.oval:def:14270 | ||
| Title: | Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader. | ||
| Description: | Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2988 | Version: | 13 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14272 | |||
| Oval ID: | oval:org.mitre.oval:def:14272 | ||
| Title: | Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. | ||
| Description: | Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2983 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14278 | |||
| Oval ID: | oval:org.mitre.oval:def:14278 | ||
| Title: | Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors. | ||
| Description: | Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2370 | Version: | 11 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14285 | |||
| Oval ID: | oval:org.mitre.oval:def:14285 | ||
| Title: | Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors. | ||
| Description: | Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2987 | Version: | 13 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14286 | |||
| Oval ID: | oval:org.mitre.oval:def:14286 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0070 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14294 | |||
| Oval ID: | oval:org.mitre.oval:def:14294 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2982 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14303 | |||
| Oval ID: | oval:org.mitre.oval:def:14303 | ||
| Title: | The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Description: | The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2991 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14304 | |||
| Oval ID: | oval:org.mitre.oval:def:14304 | ||
| Title: | Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects. | ||
| Description: | Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0446 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14308 | |||
| Oval ID: | oval:org.mitre.oval:def:14308 | ||
| Title: | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1202 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14317 | |||
| Oval ID: | oval:org.mitre.oval:def:14317 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0074 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14326 | |||
| Oval ID: | oval:org.mitre.oval:def:14326 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1200 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14352 | |||
| Oval ID: | oval:org.mitre.oval:def:14352 | ||
| Title: | Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. | ||
| Description: | Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3005 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14358 | |||
| Oval ID: | oval:org.mitre.oval:def:14358 | ||
| Title: | Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events. | ||
| Description: | Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2984 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14361 | |||
| Oval ID: | oval:org.mitre.oval:def:14361 | ||
| Title: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
| Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3000 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14364 | |||
| Oval ID: | oval:org.mitre.oval:def:14364 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3651 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14369 | |||
| Oval ID: | oval:org.mitre.oval:def:14369 | ||
| Title: | Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." | ||
| Description: | Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-1187 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14379 | |||
| Oval ID: | oval:org.mitre.oval:def:14379 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0053 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14388 | |||
| Oval ID: | oval:org.mitre.oval:def:14388 | ||
| Title: | Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow. | ||
| Description: | Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3002 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14396 | |||
| Oval ID: | oval:org.mitre.oval:def:14396 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2376 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14401 | |||
| Oval ID: | oval:org.mitre.oval:def:14401 | ||
| Title: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
| Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2605 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14408 | |||
| Oval ID: | oval:org.mitre.oval:def:14408 | ||
| Title: | YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | ||
| Description: | YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3232 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14409 | |||
| Oval ID: | oval:org.mitre.oval:def:14409 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0062 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14424 | |||
| Oval ID: | oval:org.mitre.oval:def:14424 | ||
| Title: | YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | ||
| Description: | YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3661 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14426 | |||
| Oval ID: | oval:org.mitre.oval:def:14426 | ||
| Title: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity. | ||
| Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2369 | Version: | 11 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14432 | |||
| Oval ID: | oval:org.mitre.oval:def:14432 | ||
| Title: | Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater. | ||
| Description: | Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0085 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14436 | |||
| Oval ID: | oval:org.mitre.oval:def:14436 | ||
| Title: | Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process. | ||
| Description: | Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2980 | Version: | 17 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14440 | |||
| Oval ID: | oval:org.mitre.oval:def:14440 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2985 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14442 | |||
| Oval ID: | oval:org.mitre.oval:def:14442 | ||
| Title: | Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. | ||
| Description: | Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3001 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14444 | |||
| Oval ID: | oval:org.mitre.oval:def:14444 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0443 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14456 | |||
| Oval ID: | oval:org.mitre.oval:def:14456 | ||
| Title: | The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack. | ||
| Description: | The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-5074 | Version: | 15 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14458 | |||
| Oval ID: | oval:org.mitre.oval:def:14458 | ||
| Title: | The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects. | ||
| Description: | The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2990 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14464 | |||
| Oval ID: | oval:org.mitre.oval:def:14464 | ||
| Title: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. | ||
| Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0444 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14467 | |||
| Oval ID: | oval:org.mitre.oval:def:14467 | ||
| Title: | The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. | ||
| Description: | The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-1712 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14473 | |||
| Oval ID: | oval:org.mitre.oval:def:14473 | ||
| Title: | Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. | ||
| Description: | Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0059 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14476 | |||
| Oval ID: | oval:org.mitre.oval:def:14476 | ||
| Title: | Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection. | ||
| Description: | Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0055 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14486 | |||
| Oval ID: | oval:org.mitre.oval:def:14486 | ||
| Title: | Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. | ||
| Description: | Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0061 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14497 | |||
| Oval ID: | oval:org.mitre.oval:def:14497 | ||
| Title: | Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. | ||
| Description: | Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2986 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14498 | |||
| Oval ID: | oval:org.mitre.oval:def:14498 | ||
| Title: | DEPRECATED: Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors. | ||
| Description: | Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0076 | Version: | 10 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14502 | |||
| Oval ID: | oval:org.mitre.oval:def:14502 | ||
| Title: | The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." | ||
| Description: | The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0084 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14512 | |||
| Oval ID: | oval:org.mitre.oval:def:14512 | ||
| Title: | The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
| Description: | The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2981 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14523 | |||
| Oval ID: | oval:org.mitre.oval:def:14523 | ||
| Title: | Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. | ||
| Description: | Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-0067 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14525 | |||
| Oval ID: | oval:org.mitre.oval:def:14525 | ||
| Title: | USN-1355-1 -- Firefox vulnerabilities | ||
| Description: | firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1355-1 CVE-2012-0450 CVE-2012-0449 CVE-2012-0444 CVE-2012-0447 CVE-2012-0446 CVE-2011-3659 CVE-2012-0445 CVE-2012-0442 CVE-2012-0443 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14528 | |||
| Oval ID: | oval:org.mitre.oval:def:14528 | ||
| Title: | The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Description: | The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-2989 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14590 | |||
| Oval ID: | oval:org.mitre.oval:def:14590 | ||
| Title: | DSA-2433-1 iceweasel -- several | ||
| Description: | Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2012-0455 Soroush Dalili discovered that a cross-site scripting countermeasure related to Javascript URLs could be bypassed. CVE-2012-0456 Atte Kettunen discovered an out of bounds read in the SVG Filters, resulting in memory disclosure. CVE-2012-0458 Mariusz Mlynski discovered that privileges could be escalated through a Javascript URL as the home page. CVE-2012-0461 Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2433-1 CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14618 | |||
| Oval ID: | oval:org.mitre.oval:def:14618 | ||
| Title: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
| Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0449 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14640 | |||
| Oval ID: | oval:org.mitre.oval:def:14640 | ||
| Title: | Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling. | ||
| Description: | Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3665 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14664 | |||
| Oval ID: | oval:org.mitre.oval:def:14664 | ||
| Title: | The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. | ||
| Description: | The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3658 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14670 | |||
| Oval ID: | oval:org.mitre.oval:def:14670 | ||
| Title: | DEPRECATED: Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. | ||
| Description: | Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0450 | Version: | 14 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14678 | |||
| Oval ID: | oval:org.mitre.oval:def:14678 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0442 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14689 | |||
| Oval ID: | oval:org.mitre.oval:def:14689 | ||
| Title: | DSA-2339-1 nss -- several | ||
| Description: | This update to the NSS cryptographic libraries revokes the trust in the "DigiCert Sdn. Bhd" certificate authority | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2339-1 CVE-2011-3640 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14697 | |||
| Oval ID: | oval:org.mitre.oval:def:14697 | ||
| Title: | Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. | ||
| Description: | Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3659 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14709 | |||
| Oval ID: | oval:org.mitre.oval:def:14709 | ||
| Title: | DSA-2312-1 iceape -- several | ||
| Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. The oldstable distribution is not affected. The iceape package only provides the XPCOM code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2312-1 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14716 | |||
| Oval ID: | oval:org.mitre.oval:def:14716 | ||
| Title: | USN-1401-1 -- Xulrunner vulnerabilities | ||
| Description: | xulrunner-1.9.2: Mozilla Gecko runtime environment Several security issues were fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1401-1 CVE-2011-3658 CVE-2012-0457 CVE-2012-0456 CVE-2012-0455 CVE-2012-0458 CVE-2012-0461 CVE-2012-0464 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | Xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14739 | |||
| Oval ID: | oval:org.mitre.oval:def:14739 | ||
| Title: | Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page by using SVG animation accessKey events within that web page. | ||
| Description: | Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to capture keystrokes entered on a web page, even when JavaScript is disabled, by using SVG animation accessKey events within that web page. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3663 | Version: | 23 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14740 | |||
| Oval ID: | oval:org.mitre.oval:def:14740 | ||
| Title: | USN-1360-1 -- Firefox vulnerability | ||
| Description: | firefox: Mozilla Open Source web browser A security vulnerability has been fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1360-1 CVE-2012-0452 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14752 | |||
| Oval ID: | oval:org.mitre.oval:def:14752 | ||
| Title: | SSL and TLS Protocols Vulnerability | ||
| Description: | The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3389 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14775 | |||
| Oval ID: | oval:org.mitre.oval:def:14775 | ||
| Title: | Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation. | ||
| Description: | Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0457 | Version: | 23 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14796 | |||
| Oval ID: | oval:org.mitre.oval:def:14796 | ||
| Title: | USN-1254-1 -- Thunderbird vulnerabilities | ||
| Description: | thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities have been fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1254-1 CVE-2011-3004 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14814 | |||
| Oval ID: | oval:org.mitre.oval:def:14814 | ||
| Title: | Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. | ||
| Description: | Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3670 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14829 | |||
| Oval ID: | oval:org.mitre.oval:def:14829 | ||
| Title: | Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue. | ||
| Description: | Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0455 | Version: | 23 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14861 | |||
| Oval ID: | oval:org.mitre.oval:def:14861 | ||
| Title: | DSA-2296-1 iceweasel -- several | ||
| Description: | Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-0084 "regenrecht" discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code. CVE-2011-2378 "regenrecht" discovered that incorrect memory management in DOM processing could lead to the execution of arbitrary code. CVE-2011-2981 "moz_bug_r_a_4" discovered a Chrome privilege escalation vulnerability in the event handler code. CVE-2011-2982 Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2983 "shutdown" discovered an information leak in the handling of RegExp.input. CVE-2011-2984 "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2296-1 CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14907 | |||
| Oval ID: | oval:org.mitre.oval:def:14907 | ||
| Title: | Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. | ||
| Description: | Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0445 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14909 | |||
| Oval ID: | oval:org.mitre.oval:def:14909 | ||
| Title: | CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers. | ||
| Description: | CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0451 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14910 | |||
| Oval ID: | oval:org.mitre.oval:def:14910 | ||
| Title: | DSA-2317-1 icedove -- several | ||
| Description: | CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. As indicated in the Lenny release notes, security support for the Icedove packages in the oldstable needed to be stopped before the end of the regular Lenny security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a different mail client. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2317-1 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14912 | |||
| Oval ID: | oval:org.mitre.oval:def:14912 | ||
| Title: | Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. | ||
| Description: | Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0447 | Version: | 24 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14959 | |||
| Oval ID: | oval:org.mitre.oval:def:14959 | ||
| Title: | DSA-2406-1 icedove -- several | ||
| Description: | Several vulnerabilities have been discovered in Icedove, Debians variant of the Mozilla Thunderbird code base. CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. CVE-2012-0442 Memory corruption bugs could cause Icedove to crash or possibly execute arbitrary code. CVE-2012-0444 Icedove does not properly initialise nsChildView data structures, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted Ogg Vorbis file. CVE-2012-0449 Icedove allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2406-1 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14961 | |||
| Oval ID: | oval:org.mitre.oval:def:14961 | ||
| Title: | DSA-2295-1 iceape -- several | ||
| Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0084 "regenrecht" discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code. CVE-2011-2378 "regenrecht" discovered that incorrect memory management in DOM processing could lead to the execution of arbitrary code. CVE-2011-2981 "moz_bug_r_a_4" discovered a Chrome privilege escalation vulnerability in the event handler code. CVE-2011-2982 Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2983 "shutdown" discovered an information leak in the handling of RegExp.input. CVE-2011-2984 "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability. The oldstable distribution is not affected. The iceape package only provides the XPCOM code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2295-1 CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14977 | |||
| Oval ID: | oval:org.mitre.oval:def:14977 | ||
| Title: | USN-1401-2 -- Thunderbird vulnerabilities | ||
| Description: | thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1401-1 fixed vulnerabilities in Xulrunner. This update provides the corresponding fixes for Thunderbird. Original advisory Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1401-2 CVE-2011-3658 CVE-2012-0457 CVE-2012-0456 CVE-2012-0455 CVE-2012-0458 CVE-2012-0461 CVE-2012-0464 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:14980 | |||
| Oval ID: | oval:org.mitre.oval:def:14980 | ||
| Title: | DSA-2437-1 icedove -- several | ||
| Description: | Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2012-0455 Soroush Dalili discovered that a cross-site scripting countermeasure related to Javascript URLs could be bypassed. CVE-2012-0456 Atte Kettunen discovered an out of bounds read in the SVG Filters, resulting in memory disclosure. CVE-2012-0458 Mariusz Mlynski discovered that privileges could be escalated through a Javascript URL as the home page. CVE-2012-0461 Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2437-1 CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14983 | |||
| Oval ID: | oval:org.mitre.oval:def:14983 | ||
| Title: | DSA-2400-1 iceweasel -- several | ||
| Description: | Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0444 "regenrecht" discovered that missing input sanisiting in the Ogg Vorbis parser may lead to the execution of arbitrary code. CVE-2012-0449 Nicolas Gregoire and Aki Helin discovered that missing input sanisiting in XSLT processing may lead to the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2400-1 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:14990 | |||
| Oval ID: | oval:org.mitre.oval:def:14990 | ||
| Title: | USN-1367-2 -- Firefox vulnerability | ||
| Description: | firefox: Mozilla Open Source web browser Details: USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Firefox. Original advisory Firefox could be made to crash or run programs as your login if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1367-2 CVE-2011-3026 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15007 | |||
| Oval ID: | oval:org.mitre.oval:def:15007 | ||
| Title: | The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read. | ||
| Description: | The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0456 | Version: | 23 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15009 | |||
| Oval ID: | oval:org.mitre.oval:def:15009 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0461 | Version: | 23 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15012 | |||
| Oval ID: | oval:org.mitre.oval:def:15012 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0462 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15017 | |||
| Oval ID: | oval:org.mitre.oval:def:15017 | ||
| Title: | Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding. | ||
| Description: | Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0452 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15032 | |||
| Oval ID: | oval:org.mitre.oval:def:15032 | ||
| Title: | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | ||
| Description: | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3026 | Version: | 13 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15066 | |||
| Oval ID: | oval:org.mitre.oval:def:15066 | ||
| Title: | The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe. | ||
| Description: | The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0459 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15093 | |||
| Oval ID: | oval:org.mitre.oval:def:15093 | ||
| Title: | DSA-2297-1 icedove -- several | ||
| Description: | Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2011-0084 "regenrecht" discovered that incorrect pointer handling in the SVG processing code could lead to the execution of arbitrary code. CVE-2011-2378 "regenrecht" discovered that incorrect memory management in DOM processing could lead to the execution of arbitrary code. CVE-2011-2981 "moz_bug_r_a_4" discovered a Chrome privilege escalation vulnerability in the event handler code. CVE-2011-2982 Gary Kwong, Igor Bukanov, Nils and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2983 "shutdown" discovered an information leak in the handling of RegExp.input. CVE-2011-2984 "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability. As indicated in the Lenny release notes, security support for the Icedove packages in the oldstable needed to be stopped before the end of the regular Lenny security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a different mail client. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2297-1 CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15114 | |||
| Oval ID: | oval:org.mitre.oval:def:15114 | ||
| Title: | Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page. | ||
| Description: | Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0460 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15122 | |||
| Oval ID: | oval:org.mitre.oval:def:15122 | ||
| Title: | Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context. | ||
| Description: | Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0458 | Version: | 23 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15132 | |||
| Oval ID: | oval:org.mitre.oval:def:15132 | ||
| Title: | DSA-2313-1 iceweasel -- several | ||
| Description: | Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2313-1 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15139 | |||
| Oval ID: | oval:org.mitre.oval:def:15139 | ||
| Title: | USN-1306-1 -- Firefox vulnerabilities | ||
| Description: | firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1306-1 CVE-2011-3660 CVE-2011-3661 CVE-2011-3658 CVE-2011-3663 CVE-2011-3665 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 | Product(s): | Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15140 | |||
| Oval ID: | oval:org.mitre.oval:def:15140 | ||
| Title: | USN-1343-1 -- Thunderbird vulnerabilities | ||
| Description: | thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1343-1 CVE-2011-3660 CVE-2011-3661 CVE-2011-3658 CVE-2011-3663 CVE-2011-3665 | Version: | 5 |
| Platform(s): | Ubuntu 11.10 | Product(s): | Thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15143 | |||
| Oval ID: | oval:org.mitre.oval:def:15143 | ||
| Title: | The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android. | ||
| Description: | The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0463 | Version: | 23 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15154 | |||
| Oval ID: | oval:org.mitre.oval:def:15154 | ||
| Title: | DSA-2345-1 icedove -- several | ||
| Description: | Several vulnerabilities have been discovered in Icedove, a mail client based on Thunderbird. CVE-2011-3647 The JSSubScriptLoader does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. CVE-2011-3648 A cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. CVE-2011-3650 Iceweasel does not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2345-1 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15170 | |||
| Oval ID: | oval:org.mitre.oval:def:15170 | ||
| Title: | USN-1277-2 -- Mozvoikko and ubufox update | ||
| Description: | mozvoikko: Finnish spell-checker extension for Firefox - ubufox: Ubuntu Firefox specific configuration defaults and apt support Details: USN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8. Original advisory This update provides packages compatible with Firefox 8. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1277-2 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 | Product(s): | Mozvoikko |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15182 | |||
| Oval ID: | oval:org.mitre.oval:def:15182 | ||
| Title: | USN-1367-4 -- Xulrunner vulnerability | ||
| Description: | xulrunner-1.9.2: Mozilla Gecko runtime environment Details: USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Xulrunner. Original advisory Xulrunner based applications could be made to crash or run programs as your login if they opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1367-4 CVE-2011-3026 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | Xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15190 | |||
| Oval ID: | oval:org.mitre.oval:def:15190 | ||
| Title: | DSA-2412-1 libvorbis -- buffer overflow | ||
| Description: | It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2412-1 CVE-2012-0444 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libvorbis |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15231 | |||
| Oval ID: | oval:org.mitre.oval:def:15231 | ||
| Title: | USN-1350-1 -- Thunderbird vulnerabilities | ||
| Description: | thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1350-1 CVE-2012-0442 CVE-2011-3659 CVE-2012-0444 CVE-2012-0449 CVE-2011-3670 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15241 | |||
| Oval ID: | oval:org.mitre.oval:def:15241 | ||
| Title: | DSA-2368-1 lighttpd -- multiple | ||
| Description: | Several vulnerabilities have been discovered in lighttpd, a small and fast webserver with minimal memory footprint. CVE-2011-4362 Xi Wang discovered that the base64 decoding routine which is used to decode user input during an HTTP authentication, suffers of a signedness issue when processing user input. As a result it is possible to force lighttpd to perform an out-of-bounds read which results in Denial of Service conditions. CVE-2011-3389 When using CBC ciphers on an SSL enabled virtual host to communicate with certain client, a so called "BEAST" attack allows man-in-the-middle attackers to obtain plaintext HTTP traffic via a blockwise chosen-boundary attack on an HTTPS session. Technically this is no lighttpd vulnerability. However, lighttpd offers a workaround to mitigate this problem by providing a possibility to disable CBC ciphers. This updates includes this option by default. System administrators are advised to read the NEWS file of this update. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2368-1 CVE-2011-4362 CVE-2011-3389 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | lighttpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15242 | |||
| Oval ID: | oval:org.mitre.oval:def:15242 | ||
| Title: | USN-1184-1 -- Firefox and Xulrunner vulnerabilities | ||
| Description: | firefox: Mozilla Open Source web browser - xulrunner-1.9.2: Mozilla Gecko runtime environment Multiple vulnerabilities have been fixed in Firefox and Xulrunner. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1184-1 CVE-2011-2982 CVE-2011-2981 CVE-2011-0084 CVE-2011-2984 CVE-2011-2378 CVE-2011-2983 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15260 | |||
| Oval ID: | oval:org.mitre.oval:def:15260 | ||
| Title: | USN-1400-2 -- ubufox update | ||
| Description: | ubufox: Finnish spell-checker extension for Firefox Details: USN-1400-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Original advisory This update provides compatible ubufox packages for the latest Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1400-2 CVE-2012-0455 CVE-2012-0457 CVE-2012-0456 CVE-2012-0451 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | ubufox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15283 | |||
| Oval ID: | oval:org.mitre.oval:def:15283 | ||
| Title: | DSA-2402-1 iceape -- several | ||
| Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. CVE-2012-0442 Jesse Ruderman and Bob Clary discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0444 "regenrecht" discovered that missing input sanisiting in the Ogg Vorbis parser may lead to the execution of arbitrary code. CVE-2012-0449 Nicolas Gregoire and Aki Helin discovered that missing input sanisiting in XSLT processing may lead to the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2402-1 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15302 | |||
| Oval ID: | oval:org.mitre.oval:def:15302 | ||
| Title: | USN-1306-2 -- Mozvoikko and ubufox update | ||
| Description: | mozvoikko: Finnish spell-checker extension for Firefox | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1306-2 CVE-2011-3660 CVE-2011-3661 CVE-2011-3658 CVE-2011-3663 CVE-2011-3665 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 | Product(s): | Mozvoikko |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15321 | |||
| Oval ID: | oval:org.mitre.oval:def:15321 | ||
| Title: | USN-1400-1 -- Firefox vulnerabilities | ||
| Description: | firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1400-1 CVE-2012-0455 CVE-2012-0457 CVE-2012-0456 CVE-2012-0451 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15332 | |||
| Oval ID: | oval:org.mitre.oval:def:15332 | ||
| Title: | DSA-2342-1 iceape -- several | ||
| Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3647 "moz_bug_r_a4" discovered a privilege escalation vulnerability in addon handling. CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting. CVE-2011-3650 Marc Schoenefeld discovered that profiling the Javascript code could lead to memory corruption. The oldstable distribution is not affected. The iceape package only provides the XPCOM code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2342-1 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15352 | |||
| Oval ID: | oval:org.mitre.oval:def:15352 | ||
| Title: | USN-1192-2 -- Mozvoikko update | ||
| Description: | mozvoikko: Finnish spell-checker extension for Firefox Details: USN-1192-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko for use with Firefox 6. Original advisory This update provides a compatible Mozvoikko for Firefox 6. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1192-2 CVE-2011-2989 CVE-2011-2991 CVE-2011-2985 CVE-2011-2993 CVE-2011-2988 CVE-2011-2987 CVE-2011-0084 CVE-2011-2990 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 | Product(s): | Mozvoikko |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15362 | |||
| Oval ID: | oval:org.mitre.oval:def:15362 | ||
| Title: | DSA-2341-1 iceweasel -- several | ||
| Description: | Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. CVE-2011-3647 "moz_bug_r_a4" discovered a privilege escalation vulnerability in addon handling. CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting. CVE-2011-3650 Marc Schoenefeld discovered that profiling the Javascript code could lead to memory corruption. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2341-1 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15371 | |||
| Oval ID: | oval:org.mitre.oval:def:15371 | ||
| Title: | USN-1251-1 -- Firefox and Xulrunner vulnerabilities | ||
| Description: | firefox: Mozilla Open Source web browser - xulrunner-1.9.2: Mozilla Gecko runtime environment Multiple vulnerabilities have been fixed in Firefox and Xulrunner. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1251-1 CVE-2011-3004 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15380 | |||
| Oval ID: | oval:org.mitre.oval:def:15380 | ||
| Title: | USN-1282-1 -- Thunderbird vulnerabilities | ||
| Description: | thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities have been fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1282-1 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 | Version: | 5 |
| Platform(s): | Ubuntu 11.10 | Product(s): | Thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15383 | |||
| Oval ID: | oval:org.mitre.oval:def:15383 | ||
| Title: | USN-1277-1 -- Firefox vulnerabilities | ||
| Description: | firefox: Mozilla Open Source web browser Multiple vulnerabilities have been fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1277-1 CVE-2011-3648 CVE-2011-3650 CVE-2011-3651 CVE-2011-3652 CVE-2011-3654 CVE-2011-3655 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 | Product(s): | Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15385 | |||
| Oval ID: | oval:org.mitre.oval:def:15385 | ||
| Title: | USN-1185-1 -- Thunderbird vulnerabilities | ||
| Description: | thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities have been fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1185-1 CVE-2011-2982 CVE-2011-2981 CVE-2011-0084 CVE-2011-2984 CVE-2011-2378 CVE-2011-2983 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15389 | |||
| Oval ID: | oval:org.mitre.oval:def:15389 | ||
| Title: | USN-1355-2 -- Mozvoikko update | ||
| Description: | mozvoikko: Finnish spell-checker extension for Firefox Details: USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. Original advisory This update provides compatible Mozvoikko packages for the latest Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1355-2 CVE-2012-0450 CVE-2012-0449 CVE-2012-0444 CVE-2012-0447 CVE-2012-0446 CVE-2011-3659 CVE-2012-0445 CVE-2012-0442 CVE-2012-0443 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Mozvoikko |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15402 | |||
| Oval ID: | oval:org.mitre.oval:def:15402 | ||
| Title: | USN-1370-1 -- libvorbis vulnerability | ||
| Description: | libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1370-1 CVE-2012-0444 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | libvorbis |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15410 | |||
| Oval ID: | oval:org.mitre.oval:def:15410 | ||
| Title: | DSA-2410-1 libpng -- integer overflow | ||
| Description: | Jueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2410-1 CVE-2011-3026 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | libpng |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15429 | |||
| Oval ID: | oval:org.mitre.oval:def:15429 | ||
| Title: | USN-1355-3 -- ubufox and webfav update | ||
| Description: | ubufox: Ubuntu Firefox specific configuration defaults and apt support - webfav: Firefox extension for saving web favorites Details: USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. Original advisory This update provides compatible ubufox and webfav packages for the latest Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1355-3 CVE-2012-0450 CVE-2012-0449 CVE-2012-0444 CVE-2012-0447 CVE-2012-0446 CVE-2011-3659 CVE-2012-0445 CVE-2012-0442 CVE-2012-0443 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | ubufox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15431 | |||
| Oval ID: | oval:org.mitre.oval:def:15431 | ||
| Title: | USN-1367-1 -- libpng vulnerabilities | ||
| Description: | libpng: PNG file library libpng could be made to crash or run programs as your login if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1367-1 CVE-2009-5063 CVE-2011-3026 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 8.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | libpng |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15451 | |||
| Oval ID: | oval:org.mitre.oval:def:15451 | ||
| Title: | USN-1353-1 -- Xulrunnner vulnerabilities | ||
| Description: | xulrunner-1.9.2: Mozilla Gecko runtime environment Several security issues were fixed in Xulrunner. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1353-1 CVE-2012-0442 CVE-2011-3659 CVE-2012-0444 CVE-2012-0449 CVE-2011-3670 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | Xulrunnner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15457 | |||
| Oval ID: | oval:org.mitre.oval:def:15457 | ||
| Title: | USN-1400-3 -- Thunderbird vulnerabilities | ||
| Description: | thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1400-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Original advisory Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1400-3 CVE-2012-0455 CVE-2012-0457 CVE-2012-0456 CVE-2012-0451 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 | Version: | 5 |
| Platform(s): | Ubuntu 11.10 | Product(s): | Thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15481 | |||
| Oval ID: | oval:org.mitre.oval:def:15481 | ||
| Title: | USN-1367-3 -- Thunderbird vulnerability | ||
| Description: | thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Thunderbird. Original advisory Thunderbird could be made to crash or run programs as your login if it opened a specially crafted file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1367-3 CVE-2011-3026 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15485 | |||
| Oval ID: | oval:org.mitre.oval:def:15485 | ||
| Title: | USN-1369-1 -- Thunderbird vulnerabilities | ||
| Description: | thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1369-1 CVE-2012-0449 CVE-2012-0444 CVE-2012-0447 CVE-2012-0446 CVE-2011-3659 CVE-2012-0445 CVE-2012-0442 CVE-2012-0443 CVE-2012-0452 CVE-2011-3026 | Version: | 5 |
| Platform(s): | Ubuntu 11.10 | Product(s): | Thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15488 | |||
| Oval ID: | oval:org.mitre.oval:def:15488 | ||
| Title: | Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 | ||
| Description: | Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2011-3062 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:15993 | |||
| Oval ID: | oval:org.mitre.oval:def:15993 | ||
| Title: | Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4212 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15995 | |||
| Oval ID: | oval:org.mitre.oval:def:15995 | ||
| Title: | The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. | ||
| Description: | The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4201 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16009 | |||
| Oval ID: | oval:org.mitre.oval:def:16009 | ||
| Title: | Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4185 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16060 | |||
| Oval ID: | oval:org.mitre.oval:def:16060 | ||
| Title: | Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. | ||
| Description: | Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3976 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16062 | |||
| Oval ID: | oval:org.mitre.oval:def:16062 | ||
| Title: | Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. | ||
| Description: | Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3971 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16077 | |||
| Oval ID: | oval:org.mitre.oval:def:16077 | ||
| Title: | Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing. | ||
| Description: | Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1951 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16107 | |||
| Oval ID: | oval:org.mitre.oval:def:16107 | ||
| Title: | Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." | ||
| Description: | Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0474 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16108 | |||
| Oval ID: | oval:org.mitre.oval:def:16108 | ||
| Title: | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set. | ||
| Description: | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3985 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16113 | |||
| Oval ID: | oval:org.mitre.oval:def:16113 | ||
| Title: | The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. | ||
| Description: | The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0473 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16184 | |||
| Oval ID: | oval:org.mitre.oval:def:16184 | ||
| Title: | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. | ||
| Description: | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3984 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16191 | |||
| Oval ID: | oval:org.mitre.oval:def:16191 | ||
| Title: | Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4182 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16193 | |||
| Oval ID: | oval:org.mitre.oval:def:16193 | ||
| Title: | Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Description: | Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4186 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16234 | |||
| Oval ID: | oval:org.mitre.oval:def:16234 | ||
| Title: | The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. | ||
| Description: | The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3972 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16246 | |||
| Oval ID: | oval:org.mitre.oval:def:16246 | ||
| Title: | Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component. | ||
| Description: | Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3966 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16279 | |||
| Oval ID: | oval:org.mitre.oval:def:16279 | ||
| Title: | Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. | ||
| Description: | Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0475 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16280 | |||
| Oval ID: | oval:org.mitre.oval:def:16280 | ||
| Title: | Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. | ||
| Description: | Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3968 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16334 | |||
| Oval ID: | oval:org.mitre.oval:def:16334 | ||
| Title: | Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation. | ||
| Description: | Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3988 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16336 | |||
| Oval ID: | oval:org.mitre.oval:def:16336 | ||
| Title: | Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. | ||
| Description: | Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5836 | Version: | 20 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16367 | |||
| Oval ID: | oval:org.mitre.oval:def:16367 | ||
| Title: | Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. | ||
| Description: | Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1956 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16425 | |||
| Oval ID: | oval:org.mitre.oval:def:16425 | ||
| Title: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors. | ||
| Description: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4187 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16428 | |||
| Oval ID: | oval:org.mitre.oval:def:16428 | ||
| Title: | Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Description: | Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4180 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16434 | |||
| Oval ID: | oval:org.mitre.oval:def:16434 | ||
| Title: | Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. | ||
| Description: | Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1958 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16437 | |||
| Oval ID: | oval:org.mitre.oval:def:16437 | ||
| Title: | Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3963 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16442 | |||
| Oval ID: | oval:org.mitre.oval:def:16442 | ||
| Title: | Mozilla Firefox before 15.0 does not properly restrict navigation to the aboutges via a crafted web site that triggers creation of a new tab and then a new window. | ||
| Description: | Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3965 | Version: | 9 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16494 | |||
| Oval ID: | oval:org.mitre.oval:def:16494 | ||
| Title: | Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document. | ||
| Description: | Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3962 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16514 | |||
| Oval ID: | oval:org.mitre.oval:def:16514 | ||
| Title: | Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3961 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16523 | |||
| Oval ID: | oval:org.mitre.oval:def:16523 | ||
| Title: | Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4181 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16573 | |||
| Oval ID: | oval:org.mitre.oval:def:16573 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5842 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16590 | |||
| Oval ID: | oval:org.mitre.oval:def:16590 | ||
| Title: | Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. | ||
| Description: | Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 implement cross-origin wrappers with a filtering behavior that does not properly restrict write actions, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5841 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16603 | |||
| Oval ID: | oval:org.mitre.oval:def:16603 | ||
| Title: | Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data. | ||
| Description: | Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5835 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16612 | |||
| Oval ID: | oval:org.mitre.oval:def:16612 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3982 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16635 | |||
| Oval ID: | oval:org.mitre.oval:def:16635 | ||
| Title: | Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. | ||
| Description: | Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3969 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16642 | |||
| Oval ID: | oval:org.mitre.oval:def:16642 | ||
| Title: | Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. | ||
| Description: | Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3990 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16646 | |||
| Oval ID: | oval:org.mitre.oval:def:16646 | ||
| Title: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. | ||
| Description: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3991 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16690 | |||
| Oval ID: | oval:org.mitre.oval:def:16690 | ||
| Title: | Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4215 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16695 | |||
| Oval ID: | oval:org.mitre.oval:def:16695 | ||
| Title: | The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. | ||
| Description: | The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4208 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16701 | |||
| Oval ID: | oval:org.mitre.oval:def:16701 | ||
| Title: | The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. | ||
| Description: | The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0441 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16718 | |||
| Oval ID: | oval:org.mitre.oval:def:16718 | ||
| Title: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. | ||
| Description: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3993 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16719 | |||
| Oval ID: | oval:org.mitre.oval:def:16719 | ||
| Title: | The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Description: | The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4191 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16729 | |||
| Oval ID: | oval:org.mitre.oval:def:16729 | ||
| Title: | Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. | ||
| Description: | Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1962 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16734 | |||
| Oval ID: | oval:org.mitre.oval:def:16734 | ||
| Title: | Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. | ||
| Description: | Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0469 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16735 | |||
| Oval ID: | oval:org.mitre.oval:def:16735 | ||
| Title: | The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. | ||
| Description: | The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1960 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16739 | |||
| Oval ID: | oval:org.mitre.oval:def:16739 | ||
| Title: | Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. | ||
| Description: | Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4202 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16743 | |||
| Oval ID: | oval:org.mitre.oval:def:16743 | ||
| Title: | Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. | ||
| Description: | Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1945 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16744 | |||
| Oval ID: | oval:org.mitre.oval:def:16744 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1948 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16748 | |||
| Oval ID: | oval:org.mitre.oval:def:16748 | ||
| Title: | The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter. | ||
| Description: | The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via function calls involving certain values of the level parameter. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5833 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16766 | |||
| Oval ID: | oval:org.mitre.oval:def:16766 | ||
| Title: | The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | ||
| Description: | The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4204 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16771 | |||
| Oval ID: | oval:org.mitre.oval:def:16771 | ||
| Title: | The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. | ||
| Description: | The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0468 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16777 | |||
| Oval ID: | oval:org.mitre.oval:def:16777 | ||
| Title: | DEPRECATED: The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. | ||
| Description: | The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3967 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16782 | |||
| Oval ID: | oval:org.mitre.oval:def:16782 | ||
| Title: | Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3958 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16783 | |||
| Oval ID: | oval:org.mitre.oval:def:16783 | ||
| Title: | The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element. | ||
| Description: | The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1964 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16786 | |||
| Oval ID: | oval:org.mitre.oval:def:16786 | ||
| Title: | Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. | ||
| Description: | Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4193 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16798 | |||
| Oval ID: | oval:org.mitre.oval:def:16798 | ||
| Title: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property. | ||
| Description: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3994 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16805 | |||
| Oval ID: | oval:org.mitre.oval:def:16805 | ||
| Title: | Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3959 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16808 | |||
| Oval ID: | oval:org.mitre.oval:def:16808 | ||
| Title: | The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Description: | The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3995 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16814 | |||
| Oval ID: | oval:org.mitre.oval:def:16814 | ||
| Title: | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site. | ||
| Description: | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3989 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16818 | |||
| Oval ID: | oval:org.mitre.oval:def:16818 | ||
| Title: | Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1976 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16833 | |||
| Oval ID: | oval:org.mitre.oval:def:16833 | ||
| Title: | The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet. | ||
| Description: | The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4210 | Version: | 8 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Firefox ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16834 | |||
| Oval ID: | oval:org.mitre.oval:def:16834 | ||
| Title: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. | ||
| Description: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3986 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16839 | |||
| Oval ID: | oval:org.mitre.oval:def:16839 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5843 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16841 | |||
| Oval ID: | oval:org.mitre.oval:def:16841 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1971 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16844 | |||
| Oval ID: | oval:org.mitre.oval:def:16844 | ||
| Title: | An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed. | ||
| Description: | An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1957 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16849 | |||
| Oval ID: | oval:org.mitre.oval:def:16849 | ||
| Title: | Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Description: | Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5829 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16850 | |||
| Oval ID: | oval:org.mitre.oval:def:16850 | ||
| Title: | Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4183 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16853 | |||
| Oval ID: | oval:org.mitre.oval:def:16853 | ||
| Title: | Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3960 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16855 | |||
| Oval ID: | oval:org.mitre.oval:def:16855 | ||
| Title: | The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code. | ||
| Description: | The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3975 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16856 | |||
| Oval ID: | oval:org.mitre.oval:def:16856 | ||
| Title: | The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. | ||
| Description: | The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4195 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16857 | |||
| Oval ID: | oval:org.mitre.oval:def:16857 | ||
| Title: | Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3964 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16869 | |||
| Oval ID: | oval:org.mitre.oval:def:16869 | ||
| Title: | DEPRECATED: The FT2FontEntry1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Description: | The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4190 | Version: | 6 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16876 | |||
| Oval ID: | oval:org.mitre.oval:def:16876 | ||
| Title: | Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. | ||
| Description: | Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3970 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16880 | |||
| Oval ID: | oval:org.mitre.oval:def:16880 | ||
| Title: | Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin. | ||
| Description: | Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4209 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16882 | |||
| Oval ID: | oval:org.mitre.oval:def:16882 | ||
| Title: | Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4179 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16889 | |||
| Oval ID: | oval:org.mitre.oval:def:16889 | ||
| Title: | Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set. | ||
| Description: | Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0477 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16893 | |||
| Oval ID: | oval:org.mitre.oval:def:16893 | ||
| Title: | The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. | ||
| Description: | The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0478 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16894 | |||
| Oval ID: | oval:org.mitre.oval:def:16894 | ||
| Title: | The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. | ||
| Description: | The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1953 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16896 | |||
| Oval ID: | oval:org.mitre.oval:def:16896 | ||
| Title: | The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions. | ||
| Description: | The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5838 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16902 | |||
| Oval ID: | oval:org.mitre.oval:def:16902 | ||
| Title: | Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4216 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16904 | |||
| Oval ID: | oval:org.mitre.oval:def:16904 | ||
| Title: | Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214. | ||
| Description: | Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5840 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16905 | |||
| Oval ID: | oval:org.mitre.oval:def:16905 | ||
| Title: | DEPRECATED: Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. | ||
| Description: | Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5830 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16910 | |||
| Oval ID: | oval:org.mitre.oval:def:16910 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1970 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16911 | |||
| Oval ID: | oval:org.mitre.oval:def:16911 | ||
| Title: | Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. | ||
| Description: | Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1947 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16918 | |||
| Oval ID: | oval:org.mitre.oval:def:16918 | ||
| Title: | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. | ||
| Description: | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4194 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16920 | |||
| Oval ID: | oval:org.mitre.oval:def:16920 | ||
| Title: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content. | ||
| Description: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1959 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16923 | |||
| Oval ID: | oval:org.mitre.oval:def:16923 | ||
| Title: | The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. | ||
| Description: | The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3978 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16935 | |||
| Oval ID: | oval:org.mitre.oval:def:16935 | ||
| Title: | The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. | ||
| Description: | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4930. Reason: This candidate is a duplicate of CVE-2012-4930. Notes: All CVE users should reference CVE-2012-4930 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3977 | Version: | 9 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16940 | |||
| Oval ID: | oval:org.mitre.oval:def:16940 | ||
| Title: | Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Description: | Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3957 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16942 | |||
| Oval ID: | oval:org.mitre.oval:def:16942 | ||
| Title: | The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. | ||
| Description: | The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1952 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16946 | |||
| Oval ID: | oval:org.mitre.oval:def:16946 | ||
| Title: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
| Description: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4184 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16955 | |||
| Oval ID: | oval:org.mitre.oval:def:16955 | ||
| Title: | The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. | ||
| Description: | The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4207 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16961 | |||
| Oval ID: | oval:org.mitre.oval:def:16961 | ||
| Title: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set. | ||
| Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0471 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16962 | |||
| Oval ID: | oval:org.mitre.oval:def:16962 | ||
| Title: | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. | ||
| Description: | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4196 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16964 | |||
| Oval ID: | oval:org.mitre.oval:def:16964 | ||
| Title: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4188 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16965 | |||
| Oval ID: | oval:org.mitre.oval:def:16965 | ||
| Title: | Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. | ||
| Description: | Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4205 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16968 | |||
| Oval ID: | oval:org.mitre.oval:def:16968 | ||
| Title: | Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Description: | Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5839 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16970 | |||
| Oval ID: | oval:org.mitre.oval:def:16970 | ||
| Title: | The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. | ||
| Description: | The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1950 | Version: | 8 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Firefox ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16972 | |||
| Oval ID: | oval:org.mitre.oval:def:16972 | ||
| Title: | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984. | ||
| Description: | Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-5354 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16973 | |||
| Oval ID: | oval:org.mitre.oval:def:16973 | ||
| Title: | USN-690-3 -- firefox vulnerabilities | ||
| Description: | Several flaws were discovered in the browser engine. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-690-3 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5511 CVE-2008-5512 | Version: | 7 |
| Platform(s): | Ubuntu 6.06 | Product(s): | firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16984 | |||
| Oval ID: | oval:org.mitre.oval:def:16984 | ||
| Title: | Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. | ||
| Description: | Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1954 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16985 | |||
| Oval ID: | oval:org.mitre.oval:def:16985 | ||
| Title: | Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. | ||
| Description: | Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1941 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16987 | |||
| Oval ID: | oval:org.mitre.oval:def:16987 | ||
| Title: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. | ||
| Description: | Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3992 | Version: | 18 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16989 | |||
| Oval ID: | oval:org.mitre.oval:def:16989 | ||
| Title: | Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems." | ||
| Description: | Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0470 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16991 | |||
| Oval ID: | oval:org.mitre.oval:def:16991 | ||
| Title: | Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. | ||
| Description: | Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4206 | Version: | 8 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Firefox ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16993 | |||
| Oval ID: | oval:org.mitre.oval:def:16993 | ||
| Title: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. | ||
| Description: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1961 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16997 | |||
| Oval ID: | oval:org.mitre.oval:def:16997 | ||
| Title: | Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3956 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17000 | |||
| Oval ID: | oval:org.mitre.oval:def:17000 | ||
| Title: | The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. | ||
| Description: | The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3980 | Version: | 16 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17001 | |||
| Oval ID: | oval:org.mitre.oval:def:17001 | ||
| Title: | Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feedhanisms via a feed:javascript: URL. | ||
| Description: | Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1965 | Version: | 9 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Firefox ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17004 | |||
| Oval ID: | oval:org.mitre.oval:def:17004 | ||
| Title: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. | ||
| Description: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1955 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17010 | |||
| Oval ID: | oval:org.mitre.oval:def:17010 | ||
| Title: | Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node. | ||
| Description: | Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1946 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17011 | |||
| Oval ID: | oval:org.mitre.oval:def:17011 | ||
| Title: | Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. | ||
| Description: | Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0479 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17015 | |||
| Oval ID: | oval:org.mitre.oval:def:17015 | ||
| Title: | Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1974 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17017 | |||
| Oval ID: | oval:org.mitre.oval:def:17017 | ||
| Title: | Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1972 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17025 | |||
| Oval ID: | oval:org.mitre.oval:def:17025 | ||
| Title: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. | ||
| Description: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1967 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17027 | |||
| Oval ID: | oval:org.mitre.oval:def:17027 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1949 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17037 | |||
| Oval ID: | oval:org.mitre.oval:def:17037 | ||
| Title: | Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for dataattacks via a crafted URL. | ||
| Description: | Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1966 | Version: | 9 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Firefox ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17039 | |||
| Oval ID: | oval:org.mitre.oval:def:17039 | ||
| Title: | The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. | ||
| Description: | The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-3973 | Version: | 8 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17040 | |||
| Oval ID: | oval:org.mitre.oval:def:17040 | ||
| Title: | Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1975 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17045 | |||
| Oval ID: | oval:org.mitre.oval:def:17045 | ||
| Title: | Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Description: | Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1973 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17054 | |||
| Oval ID: | oval:org.mitre.oval:def:17054 | ||
| Title: | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. | ||
| Description: | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1940 | Version: | 22 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17055 | |||
| Oval ID: | oval:org.mitre.oval:def:17055 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1937 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17056 | |||
| Oval ID: | oval:org.mitre.oval:def:17056 | ||
| Title: | The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation. | ||
| Description: | The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1963 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17058 | |||
| Oval ID: | oval:org.mitre.oval:def:17058 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-1938 | Version: | 19 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17074 | |||
| Oval ID: | oval:org.mitre.oval:def:17074 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-0467 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17095 | |||
| Oval ID: | oval:org.mitre.oval:def:17095 | ||
| Title: | Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193. | ||
| Description: | Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2012-4192 | Version: | 21 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17137 | |||
| Oval ID: | oval:org.mitre.oval:def:17137 | ||
| Title: | USN-1551-1 -- thunderbird vulnerabilities | ||
| Description: | Multiple security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1551-1 CVE-2012-1970 CVE-2012-1971 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-1956 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3975 CVE-2012-3978 CVE-2012-3980 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17283 | |||
| Oval ID: | oval:org.mitre.oval:def:17283 | ||
| Title: | USN-1548-1 -- firefox vulnerabilities | ||
| Description: | Multiple security issues were fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1548-1 CVE-2012-1970 CVE-2012-1971 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-1956 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17321 | |||
| Oval ID: | oval:org.mitre.oval:def:17321 | ||
| Title: | USN-1430-1 -- Firefox vulnerabilities | ||
| Description: | Several security issues were fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | usn-1430-1 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2011-3062 CVE-2011-1187 CVE-2012-0479 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17479 | |||
| Oval ID: | oval:org.mitre.oval:def:17479 | ||
| Title: | USN-1540-1 -- nss vulnerability | ||
| Description: | NSS could be made to crash if it opened a specially crafted certificate. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1540-1 CVE-2012-0441 | Version: | 7 |
| Platform(s): | Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17592 | |||
| Oval ID: | oval:org.mitre.oval:def:17592 | ||
| Title: | USN-1551-2 -- thunderbird regressions | ||
| Description: | USN-1551-1 introduced regressions in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1551-2 CVE-2012-1970 CVE-2012-1971 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-1956 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3975 CVE-2012-3978 CVE-2012-3980 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17602 | |||
| Oval ID: | oval:org.mitre.oval:def:17602 | ||
| Title: | USN-1636-1 -- thunderbird vulnerabilities | ||
| Description: | Multiple security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1636-1 CVE-2012-5842 CVE-2012-5843 CVE-2012-4202 CVE-2012-4201 CVE-2012-5836 CVE-2012-4204 CVE-2012-4205 CVE-2012-4208 CVE-2012-5841 CVE-2012-4207 CVE-2012-4209 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5839 CVE-2012-5840 CVE-2012-4212 CVE-2012-4213 CVE-2012-4217 CVE-2012-4218 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5838 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17610 | |||
| Oval ID: | oval:org.mitre.oval:def:17610 | ||
| Title: | USN-647-1 -- mozilla-thunderbird, thunderbird vulnerabilities | ||
| Description: | It was discovered that the same-origin check in Thunderbird could be bypassed. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-647-1 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 CVE-2008-4064 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4070 | Version: | 7 |
| Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | mozilla-thunderbird thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17616 | |||
| Oval ID: | oval:org.mitre.oval:def:17616 | ||
| Title: | USN-667-1 -- firefox, firefox-3.0, xulrunner-1.9 vulnerabilities | ||
| Description: | Liu Die Yu discovered an information disclosure vulnerability in Firefox when using saved .url shortcut files. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-667-1 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5015 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5019 CVE-2008-0017 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 | Version: | 7 |
| Platform(s): | Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | firefox firefox-3.0 xulrunner-1.9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17626 | |||
| Oval ID: | oval:org.mitre.oval:def:17626 | ||
| Title: | USN-645-1 -- firefox, firefox-3.0, xulrunner-1.9 vulnerabilities | ||
| Description: | Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-645-1 CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 CVE-2008-4064 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 | Version: | 7 |
| Platform(s): | Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | firefox firefox-3.0 xulrunner-1.9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17661 | |||
| Oval ID: | oval:org.mitre.oval:def:17661 | ||
| Title: | USN-645-3 -- firefox-3.0, xulrunner-1.9 regression | ||
| Description: | USN-645-1 fixed vulnerabilities in Firefox and xulrunner. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-645-3 CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 CVE-2008-4064 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 | Version: | 7 |
| Platform(s): | Ubuntu 8.04 | Product(s): | firefox-3.0 xulrunner-1.9 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17662 | |||
| Oval ID: | oval:org.mitre.oval:def:17662 | ||
| Title: | USN-690-1 -- firefox-3.0, xulrunner-1.9 vulnerabilities | ||
| Description: | Several flaws were discovered in the browser engine. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-690-1 CVE-2008-5500 CVE-2008-5501 CVE-2008-5502 CVE-2008-5505 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5510 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513 | Version: | 7 |
| Platform(s): | Ubuntu 8.04 Ubuntu 8.10 | Product(s): | firefox-3.0 xulrunner-1.9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17769 | |||
| Oval ID: | oval:org.mitre.oval:def:17769 | ||
| Title: | USN-645-2 -- firefox vulnerabilities | ||
| Description: | USN-645-1 fixed vulnerabilities in Firefox and xulrunner for Ubuntu 7.04, 7.10 and 8.04 LTS. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-645-2 CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 CVE-2008-4064 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 | Version: | 7 |
| Platform(s): | Ubuntu 6.06 | Product(s): | firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17786 | |||
| Oval ID: | oval:org.mitre.oval:def:17786 | ||
| Title: | USN-1638-3 -- firefox regressions | ||
| Description: | Regressions were introduced in the last Firefox update. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1638-3 CVE-2012-5842 CVE-2012-5843 CVE-2012-4202 CVE-2012-4201 CVE-2012-5836 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4208 CVE-2012-5841 CVE-2012-4207 CVE-2012-5837 CVE-2012-4209 CVE-2012-4210 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5839 CVE-2012-5840 CVE-2012-4212 CVE-2012-4213 CVE-2012-4217 CVE-2012-4218 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5838 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17791 | |||
| Oval ID: | oval:org.mitre.oval:def:17791 | ||
| Title: | DSA-1704-1 xulrunner - several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1704-1 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17819 | |||
| Oval ID: | oval:org.mitre.oval:def:17819 | ||
| Title: | USN-1509-2 -- ubufox update | ||
| Description: | This update provides compatible ubufox packages for the latest Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1509-2 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | ubufox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17824 | |||
| Oval ID: | oval:org.mitre.oval:def:17824 | ||
| Title: | USN-1638-1 -- firefox vulnerabilities | ||
| Description: | Several security issues were fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1638-1 CVE-2012-5842 CVE-2012-5843 CVE-2012-4202 CVE-2012-4201 CVE-2012-5836 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4208 CVE-2012-5841 CVE-2012-4207 CVE-2012-5837 CVE-2012-4209 CVE-2012-4210 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5839 CVE-2012-5840 CVE-2012-4212 CVE-2012-4213 CVE-2012-4217 CVE-2012-4218 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5838 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17833 | |||
| Oval ID: | oval:org.mitre.oval:def:17833 | ||
| Title: | USN-1430-2 -- ubufox update | ||
| Description: | This update provides compatible ubufox packages for the latest Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1430-2 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2011-3062 CVE-2011-1187 CVE-2012-0479 | Version: | 7 |
| Platform(s): | Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | ubufox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17846 | |||
| Oval ID: | oval:org.mitre.oval:def:17846 | ||
| Title: | USN-1430-3 -- thunderbird vulnerabilities | ||
| Description: | Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1430-3 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0473 CVE-2012-0474 CVE-2012-0475 CVE-2012-0477 CVE-2012-0478 CVE-2011-3062 CVE-2011-1187 CVE-2012-0479 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17848 | |||
| Oval ID: | oval:org.mitre.oval:def:17848 | ||
| Title: | USN-668-1 -- mozilla-thunderbird, thunderbird vulnerabilities | ||
| Description: | Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-668-1 CVE-2008-5012 CVE-2008-5014 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 | Version: | 7 |
| Platform(s): | Ubuntu 6.06 Ubuntu 7.10 Ubuntu 8.04 Ubuntu 8.10 | Product(s): | mozilla-thunderbird thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17872 | |||
| Oval ID: | oval:org.mitre.oval:def:17872 | ||
| Title: | USN-1463-4 -- thunderbird vulnerabilities | ||
| Description: | Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1463-4 CVE-2012-1937 CVE-2012-1938 CVE-2011-3101 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-0441 CVE-2012-1940 CVE-2012-1941 CVE-2012-1947 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17873 | |||
| Oval ID: | oval:org.mitre.oval:def:17873 | ||
| Title: | USN-1463-6 -- thunderbird vulnerabilities | ||
| Description: | Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1463-6 CVE-2012-1937 CVE-2012-1938 CVE-2011-3101 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-0441 CVE-2012-1940 CVE-2012-1941 CVE-2012-1947 | Version: | 7 |
| Platform(s): | Ubuntu 11.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17874 | |||
| Oval ID: | oval:org.mitre.oval:def:17874 | ||
| Title: | USN-1509-1 -- firefox vulnerabilities | ||
| Description: | Several security issues were fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1509-1 CVE-2012-1948 CVE-2012-1949 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17891 | |||
| Oval ID: | oval:org.mitre.oval:def:17891 | ||
| Title: | USN-1463-3 -- firefox regressions | ||
| Description: | USN-1463-1 introduced regressions in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1463-3 CVE-2012-1937 CVE-2012-1938 CVE-2011-3101 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-0441 CVE-2012-1940 CVE-2012-1941 CVE-2012-1947 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17937 | |||
| Oval ID: | oval:org.mitre.oval:def:17937 | ||
| Title: | USN-690-2 -- firefox vulnerabilities | ||
| Description: | Several flaws were discovered in the browser engine. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-690-2 CVE-2008-5500 CVE-2008-5503 CVE-2008-5504 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5510 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513 | Version: | 7 |
| Platform(s): | Ubuntu 7.10 | Product(s): | firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17939 | |||
| Oval ID: | oval:org.mitre.oval:def:17939 | ||
| Title: | USN-1463-1 -- firefox vulnerabilities | ||
| Description: | Several security issues were fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1463-1 CVE-2012-1937 CVE-2012-1938 CVE-2011-3101 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-0441 CVE-2012-1940 CVE-2012-1941 CVE-2012-1947 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17944 | |||
| Oval ID: | oval:org.mitre.oval:def:17944 | ||
| Title: | USN-1400-4 -- thunderbird regressions | ||
| Description: | USN-1400-3 introduced regressions in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1400-4 CVE-2012-0455 CVE-2012-0457 CVE-2012-0456 CVE-2012-0451 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 | Version: | 7 |
| Platform(s): | Ubuntu 11.10 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17946 | |||
| Oval ID: | oval:org.mitre.oval:def:17946 | ||
| Title: | USN-1400-5 -- gsettings-desktop-schemas regression | ||
| Description: | Firefox's ability to use system proxy settings regressed. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1400-5 CVE-2012-0455 CVE-2012-0457 CVE-2012-0456 CVE-2012-0451 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 | Version: | 7 |
| Platform(s): | Ubuntu 11.04 | Product(s): | gsettings-desktop-schemas |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:17966 | |||
| Oval ID: | oval:org.mitre.oval:def:17966 | ||
| Title: | USN-1638-2 -- ubufox update | ||
| Description: | This update provides compatible ubufox packages for the latest Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1638-2 CVE-2012-5842 CVE-2012-5843 CVE-2012-4202 CVE-2012-4201 CVE-2012-5836 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4208 CVE-2012-5841 CVE-2012-4207 CVE-2012-4209 CVE-2012-4210 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5839 CVE-2012-5840 CVE-2012-4212 CVE-2012-4213 CVE-2012-4217 CVE-2012-4218 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5838 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | ubufox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17979 | |||
| Oval ID: | oval:org.mitre.oval:def:17979 | ||
| Title: | USN-1548-2 -- firefox regression | ||
| Description: | USN-1548-1 introduced a regression in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1548-2 CVE-2012-1970 CVE-2012-1971 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-1956 CVE-2012-3965 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3971 CVE-2012-3972 CVE-2012-3973 CVE-2012-3975 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:17984 | |||
| Oval ID: | oval:org.mitre.oval:def:17984 | ||
| Title: | USN-1540-2 -- nss vulnerability | ||
| Description: | NSS could be made to crash if it opened a specially crafted certificate. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1540-2 CVE-2012-0441 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 | Product(s): | nss |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:18018 | |||
| Oval ID: | oval:org.mitre.oval:def:18018 | ||
| Title: | USN-1510-1 -- thunderbird vulnerabilities | ||
| Description: | Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1510-1 CVE-2012-1948 CVE-2012-1949 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1960 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1967 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18095 | |||
| Oval ID: | oval:org.mitre.oval:def:18095 | ||
| Title: | USN-1620-1 -- firefox vulnerabilities | ||
| Description: | Several security issues were fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1620-1 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18099 | |||
| Oval ID: | oval:org.mitre.oval:def:18099 | ||
| Title: | DSA-2569-1 icedove - several | ||
| Description: | Multiple vulnerabilities have been discovered in Icedove, Debian's version of the Mozilla Thunderbird mail client. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2569-1 CVE-2012-3982 CVE-2012-3986 CVE-2012-3990 CVE-2012-3991 CVE-2012-4179 CVE-2012-4180 CVE-2012-4182 CVE-2012-4186 CVE-2012-4188 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18116 | |||
| Oval ID: | oval:org.mitre.oval:def:18116 | ||
| Title: | USN-1611-1 -- thunderbird vulnerabilities | ||
| Description: | Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1611-1 CVE-2012-3982 CVE-2012-3983 CVE-2012-3988 CVE-2012-3989 CVE-2012-4191 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-4184 CVE-2012-3990 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 CVE-2012-4192 CVE-2012-4193 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18153 | |||
| Oval ID: | oval:org.mitre.oval:def:18153 | ||
| Title: | USN-1620-2 -- thunderbird vulnerabilities | ||
| Description: | Several security issues were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1620-2 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 | Version: | 7 |
| Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18189 | |||
| Oval ID: | oval:org.mitre.oval:def:18189 | ||
| Title: | USN-1608-1 -- firefox vulnerabilities | ||
| Description: | Several security issues were fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1608-1 CVE-2012-4191 CVE-2012-4192 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18202 | |||
| Oval ID: | oval:org.mitre.oval:def:18202 | ||
| Title: | USN-1600-1 -- firefox vulnerabilities | ||
| Description: | Multiple security issues were fixed in Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1600-1 CVE-2012-3982 CVE-2012-3983 CVE-2012-3988 CVE-2012-3989 CVE-2012-3984 CVE-2012-3985 CVE-2012-3986 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-4184 CVE-2012-3990 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18494 | |||
| Oval ID: | oval:org.mitre.oval:def:18494 | ||
| Title: | DSA-2458-1 iceape - several | ||
| Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2458-1 CVE-2012-0455 CVE-2012-0456 CVE-2012-0458 CVE-2012-0461 CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18498 | |||
| Oval ID: | oval:org.mitre.oval:def:18498 | ||
| Title: | DSA-2565-1 iceweasel - several | ||
| Description: | Multiple vulnerabilities have been discovered in Iceweasel, Debian's version of the Mozilla Firefox web browser. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2565-1 CVE-2012-3982 CVE-2012-3986 CVE-2012-3990 CVE-2012-3991 CVE-2012-4179 CVE-2012-4180 CVE-2012-4182 CVE-2012-4186 CVE-2012-4188 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18528 | |||
| Oval ID: | oval:org.mitre.oval:def:18528 | ||
| Title: | DSA-2513-1 iceape - several vulnerabilities | ||
| Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2513-1 CVE-2012-1948 CVE-2012-1954 CVE-2012-1967 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18563 | |||
| Oval ID: | oval:org.mitre.oval:def:18563 | ||
| Title: | DSA-2499-1 icedove - several | ||
| Description: | Several vulnerabilities have been discovered in Icedove, the Debian version of the Mozilla Thunderbird mail/news client. There were miscellaneous memory safety hazards (<a href="http://security-tracker.debian.org/tracker/CVE-2012-1937">CVE-2012-1937</a>, <a href="http://security-tracker.debian.org/tracker/CVE-2012-1939">CVE-2012-1939</a>) and a use-after-free issue (<a href="http://security-tracker.debian.org/tracker/CVE-2012-1940">CVE-2012-1940</a>). | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2499-1 CVE-2012-1937 CVE-2012-1939 CVE-2012-1940 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18575 | |||
| Oval ID: | oval:org.mitre.oval:def:18575 | ||
| Title: | DSA-2583-1 iceweasel - several | ||
| Description: | Multiple vulnerabilities have been found in Iceweasel, the Debian web browser based on Mozilla Firefox: | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2583-1 CVE-2012-4201 CVE-2012-4207 CVE-2012-4216 CVE-2012-5829 CVE-2012-5842 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18582 | |||
| Oval ID: | oval:org.mitre.oval:def:18582 | ||
| Title: | DSA-2553-1 iceweasel - several | ||
| Description: | Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2553-1 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3959 CVE-2012-3962 CVE-2012-3969 CVE-2012-3972 CVE-2012-3978 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18598 | |||
| Oval ID: | oval:org.mitre.oval:def:18598 | ||
| Title: | DSA-2528-1 icedove - several | ||
| Description: | Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2528-1 CVE-2012-1948 CVE-2012-1950 CVE-2012-1954 CVE-2012-1967 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18648 | |||
| Oval ID: | oval:org.mitre.oval:def:18648 | ||
| Title: | DSA-2489-1 iceape - several vulnerabilities | ||
| Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2489-1 CVE-2012-1937 CVE-2012-1940 CVE-2012-1947 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19176 | |||
| Oval ID: | oval:org.mitre.oval:def:19176 | ||
| Title: | DSA-2572-1 iceape - several | ||
| Description: | Several vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2572-1 CVE-2012-3982 CVE-2012-3986 CVE-2012-3990 CVE-2012-3991 CVE-2012-4179 CVE-2012-4180 CVE-2012-4182 CVE-2012-4186 CVE-2012-4188 CVE-2012-3959 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19603 | |||
| Oval ID: | oval:org.mitre.oval:def:19603 | ||
| Title: | DSA-2490-1 nss - denial of service | ||
| Description: | Kaspar Brand discovered that Mozilla's Network Security Services (NSS) libraries did insufficient length checking in the QuickDER decoder, allowing to crash a program using the libraries. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2490-1 CVE-2012-0441 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19768 | |||
| Oval ID: | oval:org.mitre.oval:def:19768 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3173 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19823 | |||
| Oval ID: | oval:org.mitre.oval:def:19823 | ||
| Title: | DSA-2464-2 icedove - regression | ||
| Description: | Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2464-2 CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19855 | |||
| Oval ID: | oval:org.mitre.oval:def:19855 | ||
| Title: | DSA-2588-1 icedove - several | ||
| Description: | Multiple vulnerabilities have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2588-1 CVE-2012-4201 CVE-2012-4207 CVE-2012-4216 CVE-2012-5829 CVE-2012-5842 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19874 | |||
| Oval ID: | oval:org.mitre.oval:def:19874 | ||
| Title: | DSA-1669-1 xulrunner - several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1669-1 CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-0017 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:19884 | |||
| Oval ID: | oval:org.mitre.oval:def:19884 | ||
| Title: | DSA-1649-1 iceweasel - several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1649-1 CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:19951 | |||
| Oval ID: | oval:org.mitre.oval:def:19951 | ||
| Title: | DSA-2556-1 icedove - several | ||
| Description: | Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2556-1 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3959 CVE-2012-3962 CVE-2012-3969 CVE-2012-3972 CVE-2012-3978 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:19963 | |||
| Oval ID: | oval:org.mitre.oval:def:19963 | ||
| Title: | DSA-2514-1 iceweasel - several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2514-1 CVE-2012-1948 CVE-2012-1950 CVE-2012-1954 CVE-2012-1966 CVE-2012-1967 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20034 | |||
| Oval ID: | oval:org.mitre.oval:def:20034 | ||
| Title: | DSA-2464-1 icedove - several | ||
| Description: | Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2464-1 CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20082 | |||
| Oval ID: | oval:org.mitre.oval:def:20082 | ||
| Title: | DSA-2488-1 iceweasel - several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2488-1 CVE-2012-1937 CVE-2012-1940 CVE-2012-1947 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20112 | |||
| Oval ID: | oval:org.mitre.oval:def:20112 | ||
| Title: | DSA-2584-1 iceape - several | ||
| Description: | Multiple vulnerabilities have been found in Iceape, the Debian Internet suite based on Mozilla Seamonkey. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2584-1 CVE-2012-4201 CVE-2012-4207 CVE-2012-4216 CVE-2012-5829 CVE-2012-5842 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20143 | |||
| Oval ID: | oval:org.mitre.oval:def:20143 | ||
| Title: | DSA-2457-1 iceweasel - several | ||
| Description: | Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2457-1 CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20145 | |||
| Oval ID: | oval:org.mitre.oval:def:20145 | ||
| Title: | DSA-2554-1 iceape - several | ||
| Description: | Several vulnerabilities have been discovered in Iceape, an internet suite based on Seamonkey. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2554-1 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3959 CVE-2012-3962 CVE-2012-3969 CVE-2012-3972 CVE-2012-3978 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20161 | |||
| Oval ID: | oval:org.mitre.oval:def:20161 | ||
| Title: | DSA-1671-1 iceweasel - several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1671-1 CVE-2008-0017 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20220 | |||
| Oval ID: | oval:org.mitre.oval:def:20220 | ||
| Title: | DSA-2273-3 icedove - multiple issues | ||
| Description: | Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2273-3 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20226 | |||
| Oval ID: | oval:org.mitre.oval:def:20226 | ||
| Title: | VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-3170 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20238 | |||
| Oval ID: | oval:org.mitre.oval:def:20238 | ||
| Title: | DSA-1751-1 xulrunner - several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1751-1 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20357 | |||
| Oval ID: | oval:org.mitre.oval:def:20357 | ||
| Title: | Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20669 | |||
| Oval ID: | oval:org.mitre.oval:def:20669 | ||
| Title: | VMware security updates for vSphere API and ESX Service Console | ||
| Description: | The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0441 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20680 | |||
| Oval ID: | oval:org.mitre.oval:def:20680 | ||
| Title: | USN-1210-1 -- firefox, xulrunner-1.9.2 vulnerabilities | ||
| Description: | Multiple vulnerabilities have been fixed in Firefox and Xulrunner. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1210-1 CVE-2011-2995 CVE-2011-2996 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 | Version: | 5 |
| Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | firefox xulrunner-1.9.2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20689 | |||
| Oval ID: | oval:org.mitre.oval:def:20689 | ||
| Title: | RHSA-2012:1407: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1407-01 CESA-2012:1407 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 | Version: | 42 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20719 | |||
| Oval ID: | oval:org.mitre.oval:def:20719 | ||
| Title: | RHSA-2012:0079: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0079-01 CESA-2012:0079 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 | Version: | 68 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20764 | |||
| Oval ID: | oval:org.mitre.oval:def:20764 | ||
| Title: | VMware vSphere security updates for the authentication service and third party libraries | ||
| Description: | The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-1202 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20823 | |||
| Oval ID: | oval:org.mitre.oval:def:20823 | ||
| Title: | RHSA-2012:1413: thunderbird security update (Important) | ||
| Description: | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1413-01 CESA-2012:1413 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 | Version: | 42 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20845 | |||
| Oval ID: | oval:org.mitre.oval:def:20845 | ||
| Title: | RHSA-2012:0080: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0080-01 CESA-2012:0080 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0449 | Version: | 55 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21071 | |||
| Oval ID: | oval:org.mitre.oval:def:21071 | ||
| Title: | RHSA-2012:1482: firefox security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1482-01 CESA-2012:1482 CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4210 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 | Version: | 211 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21087 | |||
| Oval ID: | oval:org.mitre.oval:def:21087 | ||
| Title: | RHSA-2012:0387: firefox security and bug fix update (Critical) | ||
| Description: | Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0387-01 CESA-2012:0387 CVE-2012-0451 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 | Version: | 133 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21120 | |||
| Oval ID: | oval:org.mitre.oval:def:21120 | ||
| Title: | USN-1213-1 -- thunderbird vulnerabilities | ||
| Description: | Multiple vulnerabilities were fixed in Thunderbird. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1213-1 CVE-2011-2995 CVE-2011-2996 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 10.10 Ubuntu 10.04 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21123 | |||
| Oval ID: | oval:org.mitre.oval:def:21123 | ||
| Title: | RHSA-2011:0474: thunderbird security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0474-01 CESA-2011:0474 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 | Version: | 81 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21128 | |||
| Oval ID: | oval:org.mitre.oval:def:21128 | ||
| Title: | RHSA-2012:0140: thunderbird security update (Critical) | ||
| Description: | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0140-01 CESA-2012:0140 CVE-2011-3026 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21187 | |||
| Oval ID: | oval:org.mitre.oval:def:21187 | ||
| Title: | RHSA-2012:0143: xulrunner security update (Critical) | ||
| Description: | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0143-01 CESA-2012:0143 CVE-2011-3026 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21214 | |||
| Oval ID: | oval:org.mitre.oval:def:21214 | ||
| Title: | RHSA-2011:0310: firefox security and bug fix update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0310-01 CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0058 CVE-2011-0059 CVE-2011-0061 CVE-2011-0062 | Version: | 148 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21218 | |||
| Oval ID: | oval:org.mitre.oval:def:21218 | ||
| Title: | USN-1222-2 -- mozvoikko, ubufox, webfav update | ||
| Description: | This update provides packages compatible with Firefox 7. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1222-2 CVE-2011-2995 CVE-2011-2997 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3005 CVE-2011-3232 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 | Product(s): | mozvoikko ubufox webfav |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21220 | |||
| Oval ID: | oval:org.mitre.oval:def:21220 | ||
| Title: | RHSA-2012:0516: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0516-02 CESA-2012:0516 CVE-2011-3062 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 | Version: | 159 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21221 | |||
| Oval ID: | oval:org.mitre.oval:def:21221 | ||
| Title: | USN-1222-1 -- Firefox vulnerabilities | ||
| Description: | Firefox could be made to crash or possibly run programs as your login if it opened a malicious website. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1222-1 CVE-2011-2995 CVE-2011-2997 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 CVE-2011-3001 CVE-2011-3002 CVE-2011-3003 CVE-2011-3005 CVE-2011-3232 CVE-2011-3004 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 | Product(s): | firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21230 | |||
| Oval ID: | oval:org.mitre.oval:def:21230 | ||
| Title: | RHSA-2012:0085: thunderbird security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0085-01 CESA-2012:0085 CVE-2011-3670 CVE-2012-0442 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21249 | |||
| Oval ID: | oval:org.mitre.oval:def:21249 | ||
| Title: | RHSA-2012:1091: nss, nspr, and nss-util security, bug fix, and enhancement update (Moderate) | ||
| Description: | The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1091-01 CESA-2012:1091 CVE-2012-0441 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | nspr nss nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21255 | |||
| Oval ID: | oval:org.mitre.oval:def:21255 | ||
| Title: | RHSA-2010:0155: java-1.4.2-ibm security and bug fix update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0155-01 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21268 | |||
| Oval ID: | oval:org.mitre.oval:def:21268 | ||
| Title: | RHSA-2012:1211: thunderbird security update (Critical) | ||
| Description: | The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1211-01 CESA-2012:1211 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3978 CVE-2012-3980 | Version: | 302 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21282 | |||
| Oval ID: | oval:org.mitre.oval:def:21282 | ||
| Title: | RHSA-2012:1089: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1089-01 CESA-2012:1089 CVE-2012-1948 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1967 | Version: | 185 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21310 | |||
| Oval ID: | oval:org.mitre.oval:def:21310 | ||
| Title: | RHSA-2012:1351: thunderbird security update (Critical) | ||
| Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1351-01 CESA-2012:1351 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 263 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21329 | |||
| Oval ID: | oval:org.mitre.oval:def:21329 | ||
| Title: | USN-1192-3 -- libvoikko regression | ||
| Description: | A regression caused Firefox to crash while spell checking in Finnish. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1192-3 CVE-2011-2989 CVE-2011-2991 CVE-2011-2985 CVE-2011-2993 CVE-2011-2988 CVE-2011-2987 CVE-2011-0084 CVE-2011-2990 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 | Product(s): | libvoikko |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21333 | |||
| Oval ID: | oval:org.mitre.oval:def:21333 | ||
| Title: | RHSA-2012:0515: firefox security update (Critical) | ||
| Description: | Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0515-02 CESA-2012:0515 CVE-2011-3062 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 | Version: | 159 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21341 | |||
| Oval ID: | oval:org.mitre.oval:def:21341 | ||
| Title: | RHSA-2012:1361: xulrunner security update (Critical) | ||
| Description: | Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1361-01 CESA-2012:1361 CVE-2012-4193 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21349 | |||
| Oval ID: | oval:org.mitre.oval:def:21349 | ||
| Title: | RHSA-2012:0317: libpng security update (Important) | ||
| Description: | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0317-01 CESA-2012:0317 CVE-2011-3026 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | libpng libpng10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21392 | |||
| Oval ID: | oval:org.mitre.oval:def:21392 | ||
| Title: | RHSA-2012:0388: thunderbird security update (Critical) | ||
| Description: | Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0388-01 CESA-2012:0388 CVE-2012-0451 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 | Version: | 133 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21408 | |||
| Oval ID: | oval:org.mitre.oval:def:21408 | ||
| Title: | RHSA-2012:0136: libvorbis security update (Important) | ||
| Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0136-01 CESA-2012:0136 CVE-2012-0444 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | libvorbis |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21417 | |||
| Oval ID: | oval:org.mitre.oval:def:21417 | ||
| Title: | RHSA-2012:0715: thunderbird security update (Critical) | ||
| Description: | Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0715-01 CESA-2012:0715 CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 | Version: | 133 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21427 | |||
| Oval ID: | oval:org.mitre.oval:def:21427 | ||
| Title: | RHSA-2012:0710: firefox security update (Critical) | ||
| Description: | Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0710-01 CESA-2012:0710 CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 | Version: | 133 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21434 | |||
| Oval ID: | oval:org.mitre.oval:def:21434 | ||
| Title: | RHSA-2012:1210: firefox security update (Critical) | ||
| Description: | The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1210-01 CESA-2012:1210 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 | Version: | 315 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21435 | |||
| Oval ID: | oval:org.mitre.oval:def:21435 | ||
| Title: | RHSA-2011:0885: firefox security and bug fix update (Critical) | ||
| Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0885-01 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 CESA-2011:0885-CentOS 5 | Version: | 174 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21457 | |||
| Oval ID: | oval:org.mitre.oval:def:21457 | ||
| Title: | RHSA-2010:0682: thunderbird security update (Moderate) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0682-01 CESA-2010:0682 CVE-2010-2760 CVE-2010-2765 CVE-2010-2767 CVE-2010-2768 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 94 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21486 | |||
| Oval ID: | oval:org.mitre.oval:def:21486 | ||
| Title: | RHSA-2010:0153: thunderbird security update (Moderate) | ||
| Description: | Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0153-02 CESA-2010:0153 CVE-2009-0689 CVE-2009-1571 CVE-2009-2462 CVE-2009-2463 CVE-2009-2466 CVE-2009-2470 CVE-2009-3072 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3274 CVE-2009-3376 CVE-2009-3380 CVE-2009-3384 CVE-2009-3979 CVE-2010-0159 CVE-2010-0163 CVE-2010-0169 CVE-2010-0171 | Version: | 250 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21520 | |||
| Oval ID: | oval:org.mitre.oval:def:21520 | ||
| Title: | RHSA-2012:1088: firefox security update (Critical) | ||
| Description: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1088-01 CESA-2012:1088 CVE-2012-1948 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 | Version: | 224 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21522 | |||
| Oval ID: | oval:org.mitre.oval:def:21522 | ||
| Title: | RHSA-2011:0311: thunderbird security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0311-01 CVE-2010-1585 CVE-2011-0053 CVE-2011-0061 CVE-2011-0062 | Version: | 55 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21541 | |||
| Oval ID: | oval:org.mitre.oval:def:21541 | ||
| Title: | RHSA-2012:1350: firefox security and bug fix update (Critical) | ||
| Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1350-01 CESA-2012:1350 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 263 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21545 | |||
| Oval ID: | oval:org.mitre.oval:def:21545 | ||
| Title: | RHSA-2012:1362: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1362-01 CESA-2012:1362 CVE-2012-4193 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21561 | |||
| Oval ID: | oval:org.mitre.oval:def:21561 | ||
| Title: | RHSA-2012:1090: nss and nspr security, bug fix, and enhancement update (Moderate) | ||
| Description: | The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1090-00 CESA-2012:1090 CVE-2012-0441 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21587 | |||
| Oval ID: | oval:org.mitre.oval:def:21587 | ||
| Title: | RHSA-2010:0165: nss security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0165-01 CESA-2010:0165 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21620 | |||
| Oval ID: | oval:org.mitre.oval:def:21620 | ||
| Title: | RHSA-2011:1439: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:1439-01 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 42 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21630 | |||
| Oval ID: | oval:org.mitre.oval:def:21630 | ||
| Title: | RHSA-2012:1483: thunderbird security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1483-01 CESA-2012:1483 CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 | Version: | 198 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21701 | |||
| Oval ID: | oval:org.mitre.oval:def:21701 | ||
| Title: | RHSA-2011:0475: thunderbird security update (Critical) | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0475-01 CVE-2011-0070 CVE-2011-0071 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 | Version: | 120 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21724 | |||
| Oval ID: | oval:org.mitre.oval:def:21724 | ||
| Title: | RHSA-2011:1165: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:1165-01 CESA-2011:1165 CVE-2011-2982 CVE-2011-2983 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21741 | |||
| Oval ID: | oval:org.mitre.oval:def:21741 | ||
| Title: | RHSA-2010:0968: thunderbird security update (Moderate) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0968-01 CVE-2010-3767 CVE-2010-3772 CVE-2010-3776 | Version: | 42 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21758 | |||
| Oval ID: | oval:org.mitre.oval:def:21758 | ||
| Title: | RHSA-2011:0471: firefox security update (Critical) | ||
| Description: | The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0471-01 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-1202 CESA-2011:0471-CentOS 5 | Version: | 200 |
| Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21765 | |||
| Oval ID: | oval:org.mitre.oval:def:21765 | ||
| Title: | RHSA-2011:1437: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:1437-01 CESA-2011:1437 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 42 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21772 | |||
| Oval ID: | oval:org.mitre.oval:def:21772 | ||
| Title: | RHSA-2011:0886: thunderbird security update (Critical) | ||
| Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0886-01 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 | Version: | 146 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21816 | |||
| Oval ID: | oval:org.mitre.oval:def:21816 | ||
| Title: | RHSA-2011:0312: thunderbird security update (Moderate) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0312-01 CVE-2011-0051 CVE-2011-0053 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21828 | |||
| Oval ID: | oval:org.mitre.oval:def:21828 | ||
| Title: | RHSA-2010:0166: gnutls security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0166-01 CESA-2010:0166 CVE-2009-2409 CVE-2009-3555 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | gnutls |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21848 | |||
| Oval ID: | oval:org.mitre.oval:def:21848 | ||
| Title: | RHSA-2010:0862: nss security update (Low) | ||
| Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0862-02 CVE-2010-3170 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | nss nss-softokn nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21861 | |||
| Oval ID: | oval:org.mitre.oval:def:21861 | ||
| Title: | ELSA-2009:0436: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:0436-02 CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 | Version: | 53 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21877 | |||
| Oval ID: | oval:org.mitre.oval:def:21877 | ||
| Title: | RHSA-2010:0164: openssl097a security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0164-01 CESA-2010:0164 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openssl097a |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:21884 | |||
| Oval ID: | oval:org.mitre.oval:def:21884 | ||
| Title: | RHSA-2011:1164: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:1164-01 CESA-2011:1164 CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 | Version: | 81 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21947 | |||
| Oval ID: | oval:org.mitre.oval:def:21947 | ||
| Title: | RHSA-2010:0966: firefox security update (Critical) | ||
| Description: | Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0966-01 CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3774 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777 | Version: | 146 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22013 | |||
| Oval ID: | oval:org.mitre.oval:def:22013 | ||
| Title: | RHSA-2011:1438: thunderbird security update (Moderate) | ||
| Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:1438-01 CESA-2011:1438 CVE-2011-3648 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22014 | |||
| Oval ID: | oval:org.mitre.oval:def:22014 | ||
| Title: | RHSA-2011:1343: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:1343-01 CESA-2011:1343 CVE-2011-2998 CVE-2011-2999 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22026 | |||
| Oval ID: | oval:org.mitre.oval:def:22026 | ||
| Title: | RHSA-2011:0887: thunderbird security update (Critical) | ||
| Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:0887-01 CESA-2011:0887 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 | Version: | 172 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22044 | |||
| Oval ID: | oval:org.mitre.oval:def:22044 | ||
| Title: | ELSA-2008:0976: thunderbird security update (Moderate) | ||
| Description: | The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0976-01 CVE-2008-5014 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5012 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052 | Version: | 41 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22070 | |||
| Oval ID: | oval:org.mitre.oval:def:22070 | ||
| Title: | RHSA-2010:0896: thunderbird security update (Moderate) | ||
| Description: | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0896-01 CVE-2010-3175 CVE-2010-3176 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 | Version: | 107 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22072 | |||
| Oval ID: | oval:org.mitre.oval:def:22072 | ||
| Title: | RHSA-2011:1342: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:1342-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 68 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22112 | |||
| Oval ID: | oval:org.mitre.oval:def:22112 | ||
| Title: | ELSA-2010:0153: thunderbird security update (Moderate) | ||
| Description: | Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0153-02 CVE-2009-0689 CVE-2009-1571 CVE-2009-2462 CVE-2009-2463 CVE-2009-2466 CVE-2009-2470 CVE-2009-3072 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3274 CVE-2009-3376 CVE-2009-3380 CVE-2009-3384 CVE-2009-3979 CVE-2010-0159 CVE-2010-0163 CVE-2010-0169 CVE-2010-0171 | Version: | 81 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22128 | |||
| Oval ID: | oval:org.mitre.oval:def:22128 | ||
| Title: | RHSA-2011:1166: thunderbird security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:1166-01 CVE-2011-0084 CVE-2011-2378 CVE-2011-2982 | Version: | 42 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22144 | |||
| Oval ID: | oval:org.mitre.oval:def:22144 | ||
| Title: | RHSA-2010:0332: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0332-01 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 | Version: | 81 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22145 | |||
| Oval ID: | oval:org.mitre.oval:def:22145 | ||
| Title: | RHSA-2010:0112: firefox security update (Critical) | ||
| Description: | Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0112-01 CESA-2010:0112 CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 CVE-2010-0167 CVE-2010-0169 CVE-2010-0171 | Version: | 107 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22187 | |||
| Oval ID: | oval:org.mitre.oval:def:22187 | ||
| Title: | ELSA-2010:0809: xulrunner security update (Critical) | ||
| Description: | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0809-01 CVE-2010-3765 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22193 | |||
| Oval ID: | oval:org.mitre.oval:def:22193 | ||
| Title: | RHSA-2011:1341: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:1341-01 CESA-2011:1341 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 68 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22242 | |||
| Oval ID: | oval:org.mitre.oval:def:22242 | ||
| Title: | RHSA-2010:0545: thunderbird security update (Critical) | ||
| Description: | dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0545-01 CESA-2010:0545 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1205 CVE-2010-1211 CVE-2010-1214 CVE-2010-2753 CVE-2010-2754 | Version: | 172 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22273 | |||
| Oval ID: | oval:org.mitre.oval:def:22273 | ||
| Title: | RHSA-2010:0861: firefox security update (Critical) | ||
| Description: | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0861-02 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 | Version: | 120 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22295 | |||
| Oval ID: | oval:org.mitre.oval:def:22295 | ||
| Title: | RHSA-2010:0969: thunderbird security update (Moderate) | ||
| Description: | Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0969-02 CVE-2010-3768 CVE-2010-3776 CVE-2010-3777 | Version: | 42 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22324 | |||
| Oval ID: | oval:org.mitre.oval:def:22324 | ||
| Title: | RHSA-2010:0780: thunderbird security update (Moderate) | ||
| Description: | A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0780-01 CESA-2010:0780 CVE-2010-3176 CVE-2010-3180 CVE-2010-3182 | Version: | 42 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22344 | |||
| Oval ID: | oval:org.mitre.oval:def:22344 | ||
| Title: | RHSA-2010:0547: firefox security update (Critical) | ||
| Description: | dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0547-01 CESA-2010:0547 CVE-2010-0654 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 | Version: | 211 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22353 | |||
| Oval ID: | oval:org.mitre.oval:def:22353 | ||
| Title: | RHSA-2010:0556: firefox security update (Critical) | ||
| Description: | layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0556-01 CESA-2010:0556 CVE-2010-2755 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22355 | |||
| Oval ID: | oval:org.mitre.oval:def:22355 | ||
| Title: | RHSA-2010:0681: firefox security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0681-01 CESA-2010:0681 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 159 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | firefox nspr nss xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22356 | |||
| Oval ID: | oval:org.mitre.oval:def:22356 | ||
| Title: | RHSA-2010:0812: thunderbird security update (Moderate) | ||
| Description: | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0812-01 CESA-2010:0812 CVE-2010-3765 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22374 | |||
| Oval ID: | oval:org.mitre.oval:def:22374 | ||
| Title: | RHSA-2010:0782: firefox security update (Critical) | ||
| Description: | The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0782-01 CESA-2010:0782 CVE-2010-3170 CVE-2010-3173 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 | Version: | 133 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | firefox nss xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22375 | |||
| Oval ID: | oval:org.mitre.oval:def:22375 | ||
| Title: | RHSA-2010:0809: xulrunner security update (Critical) | ||
| Description: | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2010:0809-01 CESA-2010:0809 CVE-2010-3765 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22503 | |||
| Oval ID: | oval:org.mitre.oval:def:22503 | ||
| Title: | ELSA-2009:1561: libvorbis security update (Important) | ||
| Description: | Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1561-01 CVE-2009-3379 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | libvorbis |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22504 | |||
| Oval ID: | oval:org.mitre.oval:def:22504 | ||
| Title: | ELSA-2009:0315: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:0315-01 CVE-2009-0040 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 | Version: | 37 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22544 | |||
| Oval ID: | oval:org.mitre.oval:def:22544 | ||
| Title: | ELSA-2009:0002: thunderbird security update (Moderate) | ||
| Description: | Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:0002-01 CVE-2008-5500 CVE-2008-5501 CVE-2008-5502 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513 | Version: | 45 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22628 | |||
| Oval ID: | oval:org.mitre.oval:def:22628 | ||
| Title: | ELSA-2009:1126: thunderbird security update (Moderate) | ||
| Description: | Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1126-01 CVE-2009-1303 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1392 CVE-2009-1833 CVE-2009-1836 CVE-2009-1838 CVE-2009-2210 | Version: | 49 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22664 | |||
| Oval ID: | oval:org.mitre.oval:def:22664 | ||
| Title: | ELSA-2008:0908: thunderbird security update (Moderate) | ||
| Description: | Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0908-01 CVE-2008-0016 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4070 | Version: | 53 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22694 | |||
| Oval ID: | oval:org.mitre.oval:def:22694 | ||
| Title: | DEPRECATED: ELSA-2011:1437: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1437-01 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 18 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22729 | |||
| Oval ID: | oval:org.mitre.oval:def:22729 | ||
| Title: | DEPRECATED: ELSA-2012:0387: firefox security and bug fix update (Critical) | ||
| Description: | Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0387-01 CVE-2012-0451 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 | Version: | 46 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22766 | |||
| Oval ID: | oval:org.mitre.oval:def:22766 | ||
| Title: | ELSA-2009:0397: firefox security update (Critical) | ||
| Description: | The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:0397-01 CVE-2009-1044 CVE-2009-1169 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22767 | |||
| Oval ID: | oval:org.mitre.oval:def:22767 | ||
| Title: | ELSA-2010:0332: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0332-01 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 | Version: | 29 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22773 | |||
| Oval ID: | oval:org.mitre.oval:def:22773 | ||
| Title: | ELSA-2009:0256: firefox security update (Critical) | ||
| Description: | Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:0256-01 CVE-2009-0352 CVE-2009-0353 CVE-2009-0354 CVE-2009-0355 CVE-2009-0356 CVE-2009-0357 CVE-2009-0358 | Version: | 33 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox nss xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22775 | |||
| Oval ID: | oval:org.mitre.oval:def:22775 | ||
| Title: | ELSA-2009:1430: firefox security update (Critical) | ||
| Description: | Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1430-01 CVE-2009-2654 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 | Version: | 45 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox nspr xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22778 | |||
| Oval ID: | oval:org.mitre.oval:def:22778 | ||
| Title: | ELSA-2009:0258: thunderbird security update (Moderate) | ||
| Description: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:0258-01 CVE-2009-0352 CVE-2009-0353 CVE-2009-0355 CVE-2009-0772 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 | Version: | 33 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22781 | |||
| Oval ID: | oval:org.mitre.oval:def:22781 | ||
| Title: | ELSA-2009:0449: firefox security update (Critical) | ||
| Description: | The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:0449-01 CVE-2009-1313 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22791 | |||
| Oval ID: | oval:org.mitre.oval:def:22791 | ||
| Title: | ELSA-2011:1342: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1342-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 25 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22806 | |||
| Oval ID: | oval:org.mitre.oval:def:22806 | ||
| Title: | ELSA-2009:1162: firefox security update (Critical) | ||
| Description: | The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1162-01 CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2470 CVE-2009-2471 CVE-2009-2472 CVE-2009-2664 | Version: | 49 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22817 | |||
| Oval ID: | oval:org.mitre.oval:def:22817 | ||
| Title: | ELSA-2009:1095: firefox security update (Critical) | ||
| Description: | js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1095-01 CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 | Version: | 49 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22820 | |||
| Oval ID: | oval:org.mitre.oval:def:22820 | ||
| Title: | ELSA-2009:1579: httpd security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1579-02 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 | Version: | 17 |
| Platform(s): | Oracle Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22838 | |||
| Oval ID: | oval:org.mitre.oval:def:22838 | ||
| Title: | ELSA-2009:1674: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2009:1674-01 CVE-2009-3979 CVE-2009-3981 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 | Version: | 29 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22843 | |||
| Oval ID: | oval:org.mitre.oval:def:22843 | ||
| Title: | ELSA-2012:0136: libvorbis security update (Important) | ||
| Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0136-01 CVE-2012-0444 | Version: | 6 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | libvorbis |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22847 | |||
| Oval ID: | oval:org.mitre.oval:def:22847 | ||
| Title: | ELSA-2010:0812: thunderbird security update (Moderate) | ||
| Description: | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0812-01 CVE-2010-3765 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22851 | |||
| Oval ID: | oval:org.mitre.oval:def:22851 | ||
| Title: | ELSA-2012:0085: thunderbird security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0085-01 CVE-2011-3670 CVE-2012-0442 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22852 | |||
| Oval ID: | oval:org.mitre.oval:def:22852 | ||
| Title: | ELSA-2010:0681: firefox security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0681-01 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 53 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox nspr nss xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22887 | |||
| Oval ID: | oval:org.mitre.oval:def:22887 | ||
| Title: | ELSA-2011:1343: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1343-01 CVE-2011-2998 CVE-2011-2999 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22890 | |||
| Oval ID: | oval:org.mitre.oval:def:22890 | ||
| Title: | DEPRECATED: ELSA-2012:1089: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1089-01 CVE-2012-1948 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1967 | Version: | 62 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22903 | |||
| Oval ID: | oval:org.mitre.oval:def:22903 | ||
| Title: | ELSA-2010:0112: firefox security update (Critical) | ||
| Description: | Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0112-01 CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 CVE-2010-0167 CVE-2010-0169 CVE-2010-0171 | Version: | 37 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22913 | |||
| Oval ID: | oval:org.mitre.oval:def:22913 | ||
| Title: | ELSA-2010:0155: java-1.4.2-ibm security and bug fix update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0155-01 CVE-2009-3555 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22923 | |||
| Oval ID: | oval:org.mitre.oval:def:22923 | ||
| Title: | DEPRECATED: ELSA-2012:0388: thunderbird security update (Critical) | ||
| Description: | Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0388-01 CVE-2012-0451 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 | Version: | 46 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22925 | |||
| Oval ID: | oval:org.mitre.oval:def:22925 | ||
| Title: | ELSA-2010:0556: firefox security update (Critical) | ||
| Description: | layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0556-01 CVE-2010-2755 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22973 | |||
| Oval ID: | oval:org.mitre.oval:def:22973 | ||
| Title: | DEPRECATED: ELSA-2011:1341: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1341-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 26 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22984 | |||
| Oval ID: | oval:org.mitre.oval:def:22984 | ||
| Title: | DEPRECATED: ELSA-2012:0317: libpng security update (Important) | ||
| Description: | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0317-01 CVE-2011-3026 | Version: | 7 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libpng libpng10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22993 | |||
| Oval ID: | oval:org.mitre.oval:def:22993 | ||
| Title: | ELSA-2010:0165: nss security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0165-01 CVE-2009-3555 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23000 | |||
| Oval ID: | oval:org.mitre.oval:def:23000 | ||
| Title: | ELSA-2010:0166: gnutls security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0166-01 CVE-2009-2409 CVE-2009-3555 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | gnutls |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23004 | |||
| Oval ID: | oval:org.mitre.oval:def:23004 | ||
| Title: | DEPRECATED: ELSA-2012:1361: xulrunner security update (Critical) | ||
| Description: | Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1361-01 CVE-2012-4193 | Version: | 7 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23019 | |||
| Oval ID: | oval:org.mitre.oval:def:23019 | ||
| Title: | DEPRECATED: ELSA-2012:0515: firefox security update (Critical) | ||
| Description: | Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0515-02 CVE-2011-3062 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 | Version: | 54 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23023 | |||
| Oval ID: | oval:org.mitre.oval:def:23023 | ||
| Title: | ELSA-2010:0547: firefox security update (Critical) | ||
| Description: | dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0547-01 CVE-2010-0654 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754 | Version: | 69 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23031 | |||
| Oval ID: | oval:org.mitre.oval:def:23031 | ||
| Title: | ELSA-2011:0474: thunderbird security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0474-01 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 | Version: | 29 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23041 | |||
| Oval ID: | oval:org.mitre.oval:def:23041 | ||
| Title: | ELSA-2010:0545: thunderbird security update (Critical) | ||
| Description: | dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0545-01 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1205 CVE-2010-1211 CVE-2010-1214 CVE-2010-2753 CVE-2010-2754 | Version: | 57 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23050 | |||
| Oval ID: | oval:org.mitre.oval:def:23050 | ||
| Title: | DEPRECATED: ELSA-2012:1413: thunderbird security update (Important) | ||
| Description: | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1413-01 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 | Version: | 18 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23090 | |||
| Oval ID: | oval:org.mitre.oval:def:23090 | ||
| Title: | ELSA-2010:0164: openssl097a security update (Moderate) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0164-01 CVE-2009-3555 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl097a |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23093 | |||
| Oval ID: | oval:org.mitre.oval:def:23093 | ||
| Title: | ELSA-2012:0387: firefox security and bug fix update (Critical) | ||
| Description: | Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0387-01 CVE-2012-0451 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 | Version: | 45 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23099 | |||
| Oval ID: | oval:org.mitre.oval:def:23099 | ||
| Title: | ELSA-2012:1361: xulrunner security update (Critical) | ||
| Description: | Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1361-01 CVE-2012-4193 | Version: | 6 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23105 | |||
| Oval ID: | oval:org.mitre.oval:def:23105 | ||
| Title: | DEPRECATED: ELSA-2012:1362: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1362-01 CVE-2012-4193 | Version: | 7 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23121 | |||
| Oval ID: | oval:org.mitre.oval:def:23121 | ||
| Title: | ELSA-2010:0682: thunderbird security update (Moderate) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0682-01 CVE-2010-2760 CVE-2010-2765 CVE-2010-2767 CVE-2010-2768 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169 | Version: | 33 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23133 | |||
| Oval ID: | oval:org.mitre.oval:def:23133 | ||
| Title: | ELSA-2010:0969: thunderbird security update (Moderate) | ||
| Description: | Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0969-02 CVE-2010-3768 CVE-2010-3776 CVE-2010-3777 | Version: | 17 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23142 | |||
| Oval ID: | oval:org.mitre.oval:def:23142 | ||
| Title: | DEPRECATED: ELSA-2012:1088: firefox security update (Critical) | ||
| Description: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1088-01 CVE-2012-1948 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 | Version: | 74 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23148 | |||
| Oval ID: | oval:org.mitre.oval:def:23148 | ||
| Title: | DEPRECATED: ELSA-2012:1483: thunderbird security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1483-01 CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 | Version: | 66 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23154 | |||
| Oval ID: | oval:org.mitre.oval:def:23154 | ||
| Title: | ELSA-2010:0782: firefox security update (Critical) | ||
| Description: | The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0782-01 CVE-2010-3170 CVE-2010-3173 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 | Version: | 45 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox nss xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23160 | |||
| Oval ID: | oval:org.mitre.oval:def:23160 | ||
| Title: | ELSA-2010:0780: thunderbird security update (Moderate) | ||
| Description: | A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0780-01 CVE-2010-3176 CVE-2010-3180 CVE-2010-3182 | Version: | 17 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23162 | |||
| Oval ID: | oval:org.mitre.oval:def:23162 | ||
| Title: | DEPRECATED: ELSA-2012:1350: firefox security and bug fix update (Critical) | ||
| Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1350-01 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 86 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23181 | |||
| Oval ID: | oval:org.mitre.oval:def:23181 | ||
| Title: | ELSA-2011:0475: thunderbird security update (Critical) | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0475-01 CVE-2011-0070 CVE-2011-0071 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 | Version: | 41 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23212 | |||
| Oval ID: | oval:org.mitre.oval:def:23212 | ||
| Title: | ELSA-2012:0715: thunderbird security update (Critical) | ||
| Description: | Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0715-01 CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 | Version: | 45 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23224 | |||
| Oval ID: | oval:org.mitre.oval:def:23224 | ||
| Title: | ELSA-2010:0968: thunderbird security update (Moderate) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0968-01 CVE-2010-3767 CVE-2010-3772 CVE-2010-3776 | Version: | 17 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23226 | |||
| Oval ID: | oval:org.mitre.oval:def:23226 | ||
| Title: | ELSA-2011:1438: thunderbird security update (Moderate) | ||
| Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1438-01 CVE-2011-3648 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23230 | |||
| Oval ID: | oval:org.mitre.oval:def:23230 | ||
| Title: | DEPRECATED: ELSA-2012:1211: thunderbird security update (Critical) | ||
| Description: | The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1211-01 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3978 CVE-2012-3980 | Version: | 98 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23235 | |||
| Oval ID: | oval:org.mitre.oval:def:23235 | ||
| Title: | DEPRECATED: ELSA-2012:0143: xulrunner security update (Critical) | ||
| Description: | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0143-01 CVE-2011-3026 | Version: | 7 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23236 | |||
| Oval ID: | oval:org.mitre.oval:def:23236 | ||
| Title: | DEPRECATED: ELSA-2012:0516: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0516-02 CVE-2011-3062 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 | Version: | 54 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23238 | |||
| Oval ID: | oval:org.mitre.oval:def:23238 | ||
| Title: | ELSA-2011:0312: thunderbird security update (Moderate) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0312-01 CVE-2011-0051 CVE-2011-0053 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23251 | |||
| Oval ID: | oval:org.mitre.oval:def:23251 | ||
| Title: | DEPRECATED: ELSA-2012:1210: firefox security update (Critical) | ||
| Description: | The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1210-01 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 | Version: | 102 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23254 | |||
| Oval ID: | oval:org.mitre.oval:def:23254 | ||
| Title: | DEPRECATED: ELSA-2010:0966: firefox security update (Critical) | ||
| Description: | Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0966-01 CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3774 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777 | Version: | 50 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23256 | |||
| Oval ID: | oval:org.mitre.oval:def:23256 | ||
| Title: | DEPRECATED: ELSA-2011:1164: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1164-01 CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 | Version: | 30 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23271 | |||
| Oval ID: | oval:org.mitre.oval:def:23271 | ||
| Title: | ELSA-2011:0887: thunderbird security update (Critical) | ||
| Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0887-01 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 | Version: | 57 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23274 | |||
| Oval ID: | oval:org.mitre.oval:def:23274 | ||
| Title: | DEPRECATED: ELSA-2012:1407: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1407-01 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 | Version: | 18 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23275 | |||
| Oval ID: | oval:org.mitre.oval:def:23275 | ||
| Title: | ELSA-2010:0862: nss security update (Low) | ||
| Description: | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0862-02 CVE-2010-3170 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | nss nss-softokn nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23279 | |||
| Oval ID: | oval:org.mitre.oval:def:23279 | ||
| Title: | DEPRECATED: ELSA-2012:1351: thunderbird security update (Critical) | ||
| Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1351-01 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 86 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23314 | |||
| Oval ID: | oval:org.mitre.oval:def:23314 | ||
| Title: | ELSA-2012:1483: thunderbird security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1483-01 CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 | Version: | 65 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23317 | |||
| Oval ID: | oval:org.mitre.oval:def:23317 | ||
| Title: | ELSA-2012:1350: firefox security and bug fix update (Critical) | ||
| Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1350-01 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 85 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23334 | |||
| Oval ID: | oval:org.mitre.oval:def:23334 | ||
| Title: | DEPRECATED: ELSA-2012:0710: firefox security update (Critical) | ||
| Description: | Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0710-01 CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 | Version: | 46 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23338 | |||
| Oval ID: | oval:org.mitre.oval:def:23338 | ||
| Title: | DEPRECATED: ELSA-2012:0079: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0079-01 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 | Version: | 26 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23351 | |||
| Oval ID: | oval:org.mitre.oval:def:23351 | ||
| Title: | ELSA-2012:1090: nss and nspr security, bug fix, and enhancement update (Moderate) | ||
| Description: | The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1090-00 CVE-2012-0441 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23363 | |||
| Oval ID: | oval:org.mitre.oval:def:23363 | ||
| Title: | ELSA-2011:1165: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1165-01 CVE-2011-2982 CVE-2011-2983 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23382 | |||
| Oval ID: | oval:org.mitre.oval:def:23382 | ||
| Title: | ELSA-2012:0388: thunderbird security update (Critical) | ||
| Description: | Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0388-01 CVE-2012-0451 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 | Version: | 45 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23391 | |||
| Oval ID: | oval:org.mitre.oval:def:23391 | ||
| Title: | ELSA-2010:0861: firefox security update (Critical) | ||
| Description: | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0861-02 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 | Version: | 41 |
| Platform(s): | Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23409 | |||
| Oval ID: | oval:org.mitre.oval:def:23409 | ||
| Title: | ELSA-2012:1407: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1407-01 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 | Version: | 17 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23410 | |||
| Oval ID: | oval:org.mitre.oval:def:23410 | ||
| Title: | ELSA-2011:1439: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1439-01 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 17 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23411 | |||
| Oval ID: | oval:org.mitre.oval:def:23411 | ||
| Title: | ELSA-2011:0885: firefox security and bug fix update (Critical) | ||
| Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0885-01 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 | Version: | 57 |
| Platform(s): | Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23474 | |||
| Oval ID: | oval:org.mitre.oval:def:23474 | ||
| Title: | DEPRECATED: ELSA-2012:1482: firefox security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1482-01 CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4210 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 | Version: | 70 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23475 | |||
| Oval ID: | oval:org.mitre.oval:def:23475 | ||
| Title: | ELSA-2012:1351: thunderbird security update (Critical) | ||
| Description: | Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1351-01 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 85 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23500 | |||
| Oval ID: | oval:org.mitre.oval:def:23500 | ||
| Title: | ELSA-2011:1341: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1341-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 25 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23504 | |||
| Oval ID: | oval:org.mitre.oval:def:23504 | ||
| Title: | ELSA-2012:0079: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0079-01 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 | Version: | 25 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23532 | |||
| Oval ID: | oval:org.mitre.oval:def:23532 | ||
| Title: | ELSA-2010:0966: firefox security update (Critical) | ||
| Description: | Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0966-01 CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3774 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777 | Version: | 49 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23573 | |||
| Oval ID: | oval:org.mitre.oval:def:23573 | ||
| Title: | ELSA-2011:0310: firefox security and bug fix update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0310-01 CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0058 CVE-2011-0059 CVE-2011-0061 CVE-2011-0062 | Version: | 49 |
| Platform(s): | Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23599 | |||
| Oval ID: | oval:org.mitre.oval:def:23599 | ||
| Title: | ELSA-2010:0896: thunderbird security update (Moderate) | ||
| Description: | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010:0896-01 CVE-2010-3175 CVE-2010-3176 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765 | Version: | 37 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23640 | |||
| Oval ID: | oval:org.mitre.oval:def:23640 | ||
| Title: | ELSA-2011:0311: thunderbird security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0311-01 CVE-2010-1585 CVE-2011-0053 CVE-2011-0061 CVE-2011-0062 | Version: | 21 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23660 | |||
| Oval ID: | oval:org.mitre.oval:def:23660 | ||
| Title: | ELSA-2012:0516: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0516-02 CVE-2011-3062 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 | Version: | 53 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23686 | |||
| Oval ID: | oval:org.mitre.oval:def:23686 | ||
| Title: | ELSA-2011:1164: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1164-01 CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984 | Version: | 29 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23702 | |||
| Oval ID: | oval:org.mitre.oval:def:23702 | ||
| Title: | ELSA-2011:0471: firefox security update (Critical) | ||
| Description: | The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0471-01 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-1202 | Version: | 65 |
| Platform(s): | Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23711 | |||
| Oval ID: | oval:org.mitre.oval:def:23711 | ||
| Title: | ELSA-2012:0317: libpng security update (Important) | ||
| Description: | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0317-01 CVE-2011-3026 | Version: | 6 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | libpng libpng10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23717 | |||
| Oval ID: | oval:org.mitre.oval:def:23717 | ||
| Title: | ELSA-2011:1437: firefox security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1437-01 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 17 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23741 | |||
| Oval ID: | oval:org.mitre.oval:def:23741 | ||
| Title: | ELSA-2011:0886: thunderbird security update (Critical) | ||
| Description: | CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:0886-01 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 | Version: | 49 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23743 | |||
| Oval ID: | oval:org.mitre.oval:def:23743 | ||
| Title: | ELSA-2011:1166: thunderbird security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011:1166-01 CVE-2011-0084 CVE-2011-2378 CVE-2011-2982 | Version: | 17 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23757 | |||
| Oval ID: | oval:org.mitre.oval:def:23757 | ||
| Title: | ELSA-2012:1089: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1089-01 CVE-2012-1948 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1967 | Version: | 61 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23762 | |||
| Oval ID: | oval:org.mitre.oval:def:23762 | ||
| Title: | DEPRECATED: ELSA-2012:0136: libvorbis security update (Important) | ||
| Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0136-01 CVE-2012-0444 | Version: | 6 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 Oracle Linux 4 | Product(s): | libvorbis |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23783 | |||
| Oval ID: | oval:org.mitre.oval:def:23783 | ||
| Title: | ELSA-2012:0515: firefox security update (Critical) | ||
| Description: | Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0515-02 CVE-2011-3062 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 | Version: | 53 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23786 | |||
| Oval ID: | oval:org.mitre.oval:def:23786 | ||
| Title: | ELSA-2012:0143: xulrunner security update (Critical) | ||
| Description: | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0143-01 CVE-2011-3026 | Version: | 6 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23792 | |||
| Oval ID: | oval:org.mitre.oval:def:23792 | ||
| Title: | ELSA-2012:0080: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0080-01 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0449 | Version: | 21 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23793 | |||
| Oval ID: | oval:org.mitre.oval:def:23793 | ||
| Title: | ELSA-2012:0710: firefox security update (Critical) | ||
| Description: | Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0710-01 CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 | Version: | 45 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23800 | |||
| Oval ID: | oval:org.mitre.oval:def:23800 | ||
| Title: | ELSA-2012:1091: nss, nspr, and nss-util security, bug fix, and enhancement update (Moderate) | ||
| Description: | The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1091-01 CVE-2012-0441 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | nspr nss nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23820 | |||
| Oval ID: | oval:org.mitre.oval:def:23820 | ||
| Title: | ELSA-2012:1482: firefox security update (Critical) | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1482-01 CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4210 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 | Version: | 69 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23826 | |||
| Oval ID: | oval:org.mitre.oval:def:23826 | ||
| Title: | DEPRECATED: ELSA-2012:0715: thunderbird security update (Critical) | ||
| Description: | Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0715-01 CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 | Version: | 45 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23849 | |||
| Oval ID: | oval:org.mitre.oval:def:23849 | ||
| Title: | ELSA-2012:0140: thunderbird security update (Critical) | ||
| Description: | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0140-01 CVE-2011-3026 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23862 | |||
| Oval ID: | oval:org.mitre.oval:def:23862 | ||
| Title: | ELSA-2012:1211: thunderbird security update (Critical) | ||
| Description: | The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1211-01 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3978 CVE-2012-3980 | Version: | 97 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23937 | |||
| Oval ID: | oval:org.mitre.oval:def:23937 | ||
| Title: | ELSA-2012:1088: firefox security update (Critical) | ||
| Description: | Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1088-01 CVE-2012-1948 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 | Version: | 73 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23952 | |||
| Oval ID: | oval:org.mitre.oval:def:23952 | ||
| Title: | ELSA-2012:1362: thunderbird security update (Critical) | ||
| Description: | Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1362-01 CVE-2012-4193 | Version: | 6 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23959 | |||
| Oval ID: | oval:org.mitre.oval:def:23959 | ||
| Title: | ELSA-2012:1413: thunderbird security update (Important) | ||
| Description: | Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1413-01 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 | Version: | 17 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23971 | |||
| Oval ID: | oval:org.mitre.oval:def:23971 | ||
| Title: | ELSA-2012:1210: firefox security update (Critical) | ||
| Description: | The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1210-01 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 | Version: | 101 |
| Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25097 | |||
| Oval ID: | oval:org.mitre.oval:def:25097 | ||
| Title: | Vulnerability in OpenSSL before 0.9.8i, allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26852 | |||
| Oval ID: | oval:org.mitre.oval:def:26852 | ||
| Title: | DEPRECATED: ELSA-2012-1483 -- thunderbird security update (critical) | ||
| Description: | [10.0.11-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [10.0.11-1] - Update to 10.0.11 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1483 CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26871 | |||
| Oval ID: | oval:org.mitre.oval:def:26871 | ||
| Title: | DEPRECATED: ELSA-2012-1362 -- thunderbird security update (critical) | ||
| Description: | [10.0.8-2.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.8-2] - Added patches from 10.0.9 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1362 CVE-2012-4193 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26887 | |||
| Oval ID: | oval:org.mitre.oval:def:26887 | ||
| Title: | DEPRECATED: ELSA-2012-1210 -- firefox security update (critical) | ||
| Description: | firefox [10.0.7-1.0.1.el6_3] - Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js [10.0.7-1] - Update to 10.0.7 ESR xulrunner [10.0.7-1.0.1.el6_3] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.7-1] - Update to 10.0.7 ESR [10.0.6-2] - Added fix for rhbz#770276 - Firefox segfaults, should have a font dependency | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1210 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26986 | |||
| Oval ID: | oval:org.mitre.oval:def:26986 | ||
| Title: | DEPRECATED: ELSA-2012-1090 -- nss and nspr security, bug fix, and enhancement update (moderate) | ||
| Description: | nspr [4.9.1-4] - Resolves: rhbz#834219 - Fix postinstall scriptlet failures - Fix %post and %postun lines per packaging guidelines - Updated License: to MPLv2.0 per upstream [4.9.1-3] - Resolves: rhbz#834219 - Ensure nspr-config.in changes get applied [4.9.1-2] - Resolves: rhbz#834219 - restore top section of nspr-config-pc.patch - Needed to prevent multilib regressions nss [3.13.5-4.0.1.el5_8 ] - Update clean.gif in the tarball [3.13.5-4] - Related: rhbz#834219 - Fix ia64 / i386 multilib nss install failure - Remove no longer needed %pre and %preun scriplets meant for nss updates from RHEL-5.0 [3.13.5-3] - Resolves: rhbz#834219 - Fix the changes to the %post line - Having multiple commands requires that /sbin/lconfig be the beginning of the scriptlet [3.13.5-2] - Resolves: rhbz#834219 - Fix multilib and scriptlet problems - Fix %post and %postun lines per packaging guildelines - Add %{?_isa} to tools Requires: per packaging guidelines - Fix explicit-lib-dependency zlib error reported by rpmlint [3.13.5-1] - Resolves: rhbz#834219 - Update RHEL 5.x to NSS 3.13.5 and NSPR 4.9.1 for Mozilla 10.0.6 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1090 CVE-2012-0441 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | nspr nss |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27077 | |||
| Oval ID: | oval:org.mitre.oval:def:27077 | ||
| Title: | DEPRECATED: ELSA-2012-1361 -- xulrunner security update (critical) | ||
| Description: | [10.0.8-2.0.1.el6_3] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.8-2] - Added patches from 10.0.9 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1361 CVE-2012-4193 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27116 | |||
| Oval ID: | oval:org.mitre.oval:def:27116 | ||
| Title: | DEPRECATED: ELSA-2012-1089 -- thunderbird security update (critical) | ||
| Description: | [10.0.6-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.6-1] - Update to 10.0.6 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1089 CVE-2012-1948 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1967 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27126 | |||
| Oval ID: | oval:org.mitre.oval:def:27126 | ||
| Title: | DEPRECATED: ELSA-2012-1407 -- firefox security update (critical) | ||
| Description: | firefox [10.0.10-1.0.1.el6_3] - Replaced firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js [10.0.10-1] - Update to 10.0.10 ESR [10.0.8-2] - Fixed rhbz#865284 - add the storage.nfs_filesystem config key to property list - disable OOP for wrapped plugins (nspluginwrapper) xulrunner [10.0.10-1.0.1.el6_3] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.10-1] - Added patches from 10.0.10 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1407 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27161 | |||
| Oval ID: | oval:org.mitre.oval:def:27161 | ||
| Title: | DEPRECATED: ELSA-2012-0387 -- firefox security and bug fix update (critical) | ||
| Description: | firefox: [10.0.3-1.0.1.el6_2] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [10.0.3-1] - Update to 10.0.3 ESR xulrunner: [10.0.3-1.0.1.el6_2] - Replace xulrunner-redhat-default-prefs.js with - xulrunner-oracle-default-prefs.js [10.0.3-1] - Update to 10.0.3 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0387 CVE-2012-0451 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27295 | |||
| Oval ID: | oval:org.mitre.oval:def:27295 | ||
| Title: | DEPRECATED: ELSA-2010-0164 -- openssl097a security update (moderate) | ||
| Description: | [0.9.7a-9.2] - CVE-2009-3555 - support the secure renegotiation RFC (#533125) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0164 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl097a |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27448 | |||
| Oval ID: | oval:org.mitre.oval:def:27448 | ||
| Title: | DEPRECATED: ELSA-2012-0710 -- firefox security update (critical) | ||
| Description: | firefox: [10.0.5-1.0.1.el6_2] - Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js [10.0.5-1] - Update to 10.0.5 ESR xulrunner: [10.0.5-1.0.1.el6_2] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.5-1] - Update to 10.0.5 ESR [10.0.4-2] - Added patch for mozbz#703633 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0710 CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27459 | |||
| Oval ID: | oval:org.mitre.oval:def:27459 | ||
| Title: | DEPRECATED: ELSA-2012-1351 -- thunderbird security update (critical) | ||
| Description: | [10.0.8-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.8-1] - Update to 10.0.8 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1351 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27497 | |||
| Oval ID: | oval:org.mitre.oval:def:27497 | ||
| Title: | DEPRECATED: ELSA-2011-0475 -- thunderbird security update (critical) | ||
| Description: | [3.1.10-1.0.1.el6_0] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.10-1] - Update to 3.1.10 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0475 CVE-2011-0070 CVE-2011-0071 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27597 | |||
| Oval ID: | oval:org.mitre.oval:def:27597 | ||
| Title: | DEPRECATED: ELSA-2012-0080 -- thunderbird security update (critical) | ||
| Description: | [3.1.18-1.0.1.el6_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.18-1] - Update to 3.1.18 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0080 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0449 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27649 | |||
| Oval ID: | oval:org.mitre.oval:def:27649 | ||
| Title: | DEPRECATED: ELSA-2012-0140 -- thunderbird security update (critical) | ||
| Description: | [3.1.18-2.0.1.el6_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.18-2] - added fix for mozbz#727401 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0140 CVE-2011-3026 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27686 | |||
| Oval ID: | oval:org.mitre.oval:def:27686 | ||
| Title: | DEPRECATED: ELSA-2012-1091 -- nss, nspr, and nss-util security, bug fix, and enhancement update (moderate) | ||
| Description: | nspr [4.9.1-2] - Related: rhbz#833762 - Update License to MPLv2.0 [4.9.1-1] - Resolves: rhbz#833762 - Update to NSPR_4_9_1_RTM nss [3.13.5-1.0.1.el6_3 ] - Added nss-vendor.patch to change vendor - Use blank image instead of clean.gif in tar ball [3.13.5-1] - Resolves: rhbz#834100 - Update to 3.13.5 for mozilla 10.0.6 nss-util [3.13.5-1] - Resolves: rhbz#833763 - Update to 3.13.5 for Mozilla 10.0.6 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1091 CVE-2012-0441 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | nspr nss nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27697 | |||
| Oval ID: | oval:org.mitre.oval:def:27697 | ||
| Title: | DEPRECATED: ELSA-2012-1350 -- firefox security and bug fix update (critical) | ||
| Description: | firefox [10.0.8-1.0.2.el6_3] - Updated firefox-oracle-default-prefs.js based on latest firefox-redhat-default-prefs.js [10.0.8-1.0.1.el6_3] - Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js [10.0.8-1] - Update to 10.0.8 ESR xulrunner [10.0.8-1.0.1.el6_3] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.8-1] - Update to 10.0.8 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1350 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27714 | |||
| Oval ID: | oval:org.mitre.oval:def:27714 | ||
| Title: | DEPRECATED: ELSA-2012-0388 -- thunderbird security update (critical) | ||
| Description: | [10.0.3-1.0.1.el6_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.3-1] - Update to 10.0.3 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0388 CVE-2012-0451 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27740 | |||
| Oval ID: | oval:org.mitre.oval:def:27740 | ||
| Title: | DEPRECATED: ELSA-2012-1211 -- thunderbird security update (critical) | ||
| Description: | [10.0.7-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.7-1] - Update to 10.0.7 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1211 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3978 CVE-2012-3980 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27748 | |||
| Oval ID: | oval:org.mitre.oval:def:27748 | ||
| Title: | DEPRECATED: ELSA-2010-0162 -- openssl security update (important) | ||
| Description: | [0.9.8e-12.6] - fix CVE-2009-3245 - add missing bn_wexpand return checks (#570924) [0.9.8e-12.5] - fix CVE-2010-0433 - do not pass NULL princ to krb5_kt_get_entry which in the RHEL-5 and newer versions will crash in such case (#569774) [0.9.8e-12.4] - do not disable SSLv2 in the renegotiation patch - SSLv2 does not support renegotiation - allow unsafe renegotiation on clients with SSL_OP_LEGACY_SERVER_CONNECT [0.9.8e-12.3] - mention the RFC5746 in the CVE-2009-3555 doc [0.9.8e-12.2] - fix CVE-2009-3555 - support the safe renegotiation extension and do not allow legacy renegotiation on the server by default (#533125) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0162 CVE-2010-0433 CVE-2009-3245 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | openssl |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27771 | |||
| Oval ID: | oval:org.mitre.oval:def:27771 | ||
| Title: | DEPRECATED: ELSA-2012-1413 -- thunderbird security update (important) | ||
| Description: | [10.0.10-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [10.0.10-1] - Update to 10.0.10 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1413 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27809 | |||
| Oval ID: | oval:org.mitre.oval:def:27809 | ||
| Title: | DEPRECATED: ELSA-2012-0515 -- firefox security update (critical) | ||
| Description: | firefox: [10.0.4-1.0.1.el6_2] - Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js [10.0.4-1] - Update to 10.0.4 ESR xulrunner: [10.0.4-1.0.1.el6_2] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.4-1] - Update to 10.0.4 ESR [10.0.3-3] - Fixed mozbz#746112 - ppc(64) freeze [10.0.3-2] - Fixed mozbz#681937 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0515 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2011-3062 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27815 | |||
| Oval ID: | oval:org.mitre.oval:def:27815 | ||
| Title: | DEPRECATED: ELSA-2012-0143 -- xulrunner security update (critical) | ||
| Description: | [1.9.2.26-2.0.1.el6_2] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [1.9.2.26-2] - added fix for mozbz#727401 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0143 CVE-2011-3026 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27829 | |||
| Oval ID: | oval:org.mitre.oval:def:27829 | ||
| Title: | DEPRECATED: ELSA-2012-1482 -- firefox security update (critical) | ||
| Description: | firefox [10.0.11-1.0.1.el6_3] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [10.0.11-1] - Update to 10.0.11 ESR xulrunner [10.0.11-1.0.1.el6_3] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.11-1] - Update to 10.0.11 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1482 CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4210 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27863 | |||
| Oval ID: | oval:org.mitre.oval:def:27863 | ||
| Title: | DEPRECATED: ELSA-2012-1088 -- firefox security update (critical) | ||
| Description: | firefox [10.0.6-1.0.1.el6_3] - Replace firefox-redhat-default-prefs.js with firefox-oracle-default-prefs.js [10.0.6-1] - Update to 10.0.6 ESR [10.0.5-3] - Enabled WebM [10.0.5-2] - Added fix for mozbz#703633, rhbz#818341 xulrunner [10.0.6-1.0.1.el6_3] - Replace xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.6-1] - Update to 10.0.6 ESR [10.0.5-3] - Added fix for rhbz#808136 (mozbz#762301) [10.0.5-2] - Enabled WebM (rhbz#798880) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1088 CVE-2012-1948 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967 | Version: | 4 |
| Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27864 | |||
| Oval ID: | oval:org.mitre.oval:def:27864 | ||
| Title: | DEPRECATED: ELSA-2012-0715 -- thunderbird security update (critical) | ||
| Description: | [10.0.5-2.0.1.el6_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.5-2] - Update to 10.0.5 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0715 CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27868 | |||
| Oval ID: | oval:org.mitre.oval:def:27868 | ||
| Title: | DEPRECATED: ELSA-2011-0311 -- thunderbird security update (critical) | ||
| Description: | [3.1.8-4.0.2.el6_0] - Replace clean.gif in tarball [3.1.8-4.0.1.el6_0] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [3.1.8-4] - Update to build3 [3.1.8-3] - Update to build2 [3.1.8-2] - Update to 3.1.8 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0311 CVE-2010-1585 CVE-2011-0053 CVE-2011-0061 CVE-2011-0062 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27881 | |||
| Oval ID: | oval:org.mitre.oval:def:27881 | ||
| Title: | DEPRECATED: ELSA-2010-0166 -- gnutls security update (moderate) | ||
| Description: | [1.4.1-3.8] - fix safe renegotiation on SSL3 protocol [1.4.1-3.7] - implement safe renegotiation - CVE-2009-3555 (#533125) - do not allow MD2 in certificate signatures by default - CVE-2009-2409 (#510197) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0166 CVE-2009-2409 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | gnutls |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27890 | |||
| Oval ID: | oval:org.mitre.oval:def:27890 | ||
| Title: | DEPRECATED: ELSA-2012-0516 -- thunderbird security update (critical) | ||
| Description: | [10.0.4-1.0.1.el6_2] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [10.0.4-1] - Update to 10.0.4 ESR | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0516 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479 CVE-2011-3062 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27902 | |||
| Oval ID: | oval:org.mitre.oval:def:27902 | ||
| Title: | DEPRECATED: ELSA-2010-0501 -- firefox security, bug fix, and enhancement update (critical) | ||
| Description: | Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. A website that allows arbitrary uploads and relies on the "Content-Disposition: attachment" HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0501 CVE-2009-5017 CVE-2010-0182 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1202 CVE-2010-1203 CVE-2008-5913 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | devhelp esc firefox gnome-python2-extras totem xulrunner yelp |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27951 | |||
| Oval ID: | oval:org.mitre.oval:def:27951 | ||
| Title: | DEPRECATED: ELSA-2010-0862 -- nss security update (low) | ||
| Description: | nss: [3.12.8-1.0.1.el6] - Update expired PayPalEE.cert to fix build failure - Use blank image instead of clean.gif in nss-3.12.8-stripped.tar.bz2 [3.12.8-1] - Update to 3.12.8 nss-softokn: [3.12.8-1] - Update to 3.12.8 nss-util: [3.12.7-1] - Update to 3.12.7 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0862 CVE-2010-3170 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | nss nss-softokn nss-util |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27971 | |||
| Oval ID: | oval:org.mitre.oval:def:27971 | ||
| Title: | DEPRECATED: ELSA-2011-1342 -- thunderbird security update (critical) | ||
| Description: | [3.1.15-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.15-1] - Update to 3.1.15 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-1342 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28020 | |||
| Oval ID: | oval:org.mitre.oval:def:28020 | ||
| Title: | DEPRECATED: ELSA-2011-0886 -- thunderbird security update (critical) | ||
| Description: | [3.1.11-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.11-2] - Update to 3.1.11 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-0886 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28033 | |||
| Oval ID: | oval:org.mitre.oval:def:28033 | ||
| Title: | DEPRECATED: ELSA-2011-1166 -- thunderbird security update (critical) | ||
| Description: | [3.1.12-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.12-1] - Update to 3.1.12 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-1166 CVE-2011-0084 CVE-2011-2378 CVE-2011-2982 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28051 | |||
| Oval ID: | oval:org.mitre.oval:def:28051 | ||
| Title: | DEPRECATED: ELSA-2010-0969 -- thunderbird security update (moderate) | ||
| Description: | [3.1.7-3.0.1.el6] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [3.1.7-3] - Update to 3.1.7 build3 [3.1.7-2] - Update to 3.1.7 build2 [3.1.7-1] - Update to 3.1.7 [3.1.6-1] - Update to 3.1.6 [3.1.5-1] - Update to 3.1.5 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0969 CVE-2010-3768 CVE-2010-3776 CVE-2010-3777 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28076 | |||
| Oval ID: | oval:org.mitre.oval:def:28076 | ||
| Title: | DEPRECATED: ELSA-2010-0809 -- xulrunner security update (critical) | ||
| Description: | [1.9.2.11-4.0.1.el5_5] - Added xulrunner-oracle-default-prefs.js and removed the corresponding RedHat one. [1.9.2.11-4.el5_5] - Add upstream patch for CVE-2010-3765 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0809 CVE-2010-3765 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28130 | |||
| Oval ID: | oval:org.mitre.oval:def:28130 | ||
| Title: | DEPRECATED: ELSA-2011-1439 -- thunderbird security update (critical) | ||
| Description: | [3.1.16-2.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.16-2] - Update to 3.1.16 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-1439 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28140 | |||
| Oval ID: | oval:org.mitre.oval:def:28140 | ||
| Title: | DEPRECATED: ELSA-2010-0556 -- firefox security update (critical) | ||
| Description: | firefox: [3.6.7-3.0.1.el5] - Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html and remove the corresponding Red Hat ones [3.6.7-3] - Rebuild xulrunner: [1.9.2.7-3.0.1.el5] - Added xulrunner-oracle-default-prefs.js and removed the corresponding RedHat one. [1.9.2.7-3] - Include fix for 575836 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0556 CVE-2010-2755 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28188 | |||
| Oval ID: | oval:org.mitre.oval:def:28188 | ||
| Title: | DEPRECATED: ELSA-2010-0768 -- java-1.6.0-openjdk security and bug fix update (important) | ||
| Description: | [1.6.0.0-1.16.b17.0.1.el5] - Add oracle-enterprise.patch [1.6.0.0-1.16.b17.el5] - Updated 1.7.5 tarball (contains additional security fixes) - Resolves: bz639951 [1.6.0.0-1.15.b17.el5] - Rebuild - Resolves: bz639951 [1.6.0.0-1.14.b17.el5] - Synched with el6 branch - Updated to IcedTea 1.7.5 - Resolves: bz639951 - Also resolves 619800 and 621303 | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0768 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28269 | |||
| Oval ID: | oval:org.mitre.oval:def:28269 | ||
| Title: | DEPRECATED: ELSA-2010-0339 -- java-1.6.0-openjdk security update (important) | ||
| Description: | [1:1.6.0.0-1.11.b16.0.1.el5] - Add oracle-enterprise.patch [1:1.6.0.0-1.11.b16.el5] - Remove javaws alternative due to conflict with java-1.6.0-sun's alternatives [1:1.6.0-1.10.b16] - Update to openjdk build b16 - Update to icedtea6-1.6 - Added tzdata-java requirement - Added autoconf and automake build requirement - Added tzdata-java requirement - Added java-1.6.0-openjdk-gcc-stack-markings.patch - Added java-1.6.0-openjdk-memory-barriers.patch - Added java-1.6.0-openjdk-jar-misc.patch - Added java-1.6.0-openjdk-linux-separate-debuginfo.patch - Added java-1.6.0-openjdk-securitypatches-20100323.patch - Added STRIP_KEEP_SYMTAB=libjvm* to install section, fix bz530402 - Resolves: rhbz#576124 [1:1.6.0-1.8.b09] - Added java-1.6.0-openjdk-debuginfo.patch - Added java-1.6.0-openjdk-elf-debuginfo.patch | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2010-0339 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0088 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0840 CVE-2010-0845 CVE-2010-0847 CVE-2010-0848 CVE-2009-3555 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28282 | |||
| Oval ID: | oval:org.mitre.oval:def:28282 | ||
| Title: | DSA-2186-2 -- iceweasel -- several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2186-2 CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28693 | |||
| Oval ID: | oval:org.mitre.oval:def:28693 | ||
| Title: | RHSA-2008:0908 -- thunderbird security update (Moderate) | ||
| Description: | Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2008:0908 CESA-2008:0908-CentOS 5 CVE-2008-0016 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4070 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28736 | |||
| Oval ID: | oval:org.mitre.oval:def:28736 | ||
| Title: | RHSA-2009:0449 -- firefox security update (Critical) | ||
| Description: | Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:0449 CESA-2009:0449-CentOS 5 CVE-2009-1313 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28788 | |||
| Oval ID: | oval:org.mitre.oval:def:28788 | ||
| Title: | DSA-2273-1 -- icedove -- several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2273-1 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29008 | |||
| Oval ID: | oval:org.mitre.oval:def:29008 | ||
| Title: | RHSA-2008:0879 -- firefox security update (Critical) | ||
| Description: | All firefox users should upgrade to this updated package, which contains backported patches that correct these issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2008:0879 CESA-2008:0879-CentOS 5 CVE-2008-3837 CVE-2008-4058 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 CVE-2008-4064 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox devhelp nss xulrunner yelp |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29045 | |||
| Oval ID: | oval:org.mitre.oval:def:29045 | ||
| Title: | RHSA-2009:0256 -- firefox security update (Critical) | ||
| Description: | All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.6, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:0256 CESA-2009:0256-CentOS 5 CVE-2009-0352 CVE-2009-0353 CVE-2009-0354 CVE-2009-0355 CVE-2009-0356 CVE-2009-0357 CVE-2009-0358 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox nss xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29116 | |||
| Oval ID: | oval:org.mitre.oval:def:29116 | ||
| Title: | RHSA-2008:0976 -- thunderbird security update (Moderate) | ||
| Description: | Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2008:0976 CESA-2008:0976-CentOS 5 CVE-2008-5012 CVE-2008-5014 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29166 | |||
| Oval ID: | oval:org.mitre.oval:def:29166 | ||
| Title: | RHSA-2009:0258 -- thunderbird security update (Moderate) | ||
| Description: | An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:0258 CESA-2009:0258-CentOS 5 CVE-2009-0352 CVE-2009-0353 CVE-2009-0355 CVE-2009-0772 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29170 | |||
| Oval ID: | oval:org.mitre.oval:def:29170 | ||
| Title: | RHSA-2009:1561 -- libvorbis security update (Important) | ||
| Description: | Updated libvorbis packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1561 CESA-2009:1561-CentOS 3 CESA-2009:1561-CentOS 5 CVE-2009-3379 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | libvorbis |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29178 | |||
| Oval ID: | oval:org.mitre.oval:def:29178 | ||
| Title: | RHSA-2009:0397 -- firefox security update (Critical) | ||
| Description: | Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:0397 CESA-2009:0397-CentOS 5 CVE-2009-1044 CVE-2009-1169 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29180 | |||
| Oval ID: | oval:org.mitre.oval:def:29180 | ||
| Title: | DSA-2457-2 -- iceweasel -- several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2457-2 CVE-2012-0467 CVE-2012-0470 CVE-2012-0471 CVE-2012-0477 CVE-2012-0479 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29183 | |||
| Oval ID: | oval:org.mitre.oval:def:29183 | ||
| Title: | RHSA-2009:1126 -- thunderbird security update (Moderate) | ||
| Description: | An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833, CVE-2009-1838) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1126 CESA-2009:1126-CentOS 5 CVE-2009-1303 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1392 CVE-2009-1833 CVE-2009-1836 CVE-2009-1838 CVE-2009-2210 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29188 | |||
| Oval ID: | oval:org.mitre.oval:def:29188 | ||
| Title: | RHSA-2009:1162 -- firefox security update (Critical) | ||
| Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1162 CESA-2009:1162-CentOS 5 CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2470 CVE-2009-2471 CVE-2009-2472 CVE-2009-2664 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29201 | |||
| Oval ID: | oval:org.mitre.oval:def:29201 | ||
| Title: | RHSA-2009:0002 -- thunderbird security update (Moderate) | ||
| Description: | Updated thunderbird packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:0002 CESA-2009:0002-CentOS 5 CVE-2008-5500 CVE-2008-5501 CVE-2008-5502 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29237 | |||
| Oval ID: | oval:org.mitre.oval:def:29237 | ||
| Title: | RHSA-2008:0978 -- firefox security update (Critical) | ||
| Description: | All firefox users should upgrade to these updated packages, which contain backported patches that correct these issues. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2008:0978 CESA-2008:0978-CentOS 5 CVE-2008-0017 CVE-2008-5014 CVE-2008-5015 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5019 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox nss devhelp xulrunner yelp |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29267 | |||
| Oval ID: | oval:org.mitre.oval:def:29267 | ||
| Title: | RHSA-2009:0436 -- firefox security update (Critical) | ||
| Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:0436 CESA-2009:0436-CentOS 5 CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29317 | |||
| Oval ID: | oval:org.mitre.oval:def:29317 | ||
| Title: | RHSA-2009:1579 -- httpd security update (Moderate) | ||
| Description: | Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by rejecting client-requested renegotiation. (CVE-2009-3555) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1579 CESA-2009:1579-CentOS 3 CESA-2009:1579-CentOS 5 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 CentOS Linux 3 CentOS Linux 5 | Product(s): | httpd |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29334 | |||
| Oval ID: | oval:org.mitre.oval:def:29334 | ||
| Title: | RHSA-2009:1430 -- firefox security update (Critical) | ||
| Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1430 CESA-2009:1430-CentOS 5 CVE-2009-2654 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox nspr xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29342 | |||
| Oval ID: | oval:org.mitre.oval:def:29342 | ||
| Title: | RHSA-2009:1674 -- firefox security update (Critical) | ||
| Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1674 CESA-2009:1674-CentOS 5 CVE-2009-3979 CVE-2009-3981 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29381 | |||
| Oval ID: | oval:org.mitre.oval:def:29381 | ||
| Title: | RHSA-2009:0315 -- firefox security update (Critical) | ||
| Description: | An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:0315 CESA-2009:0315-CentOS 5 CVE-2009-0040 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:29396 | |||
| Oval ID: | oval:org.mitre.oval:def:29396 | ||
| Title: | RHSA-2009:1095 -- firefox security update (Critical) | ||
| Description: | Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838, CVE-2009-1841) | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2009:1095 CESA-2009:1095-CentOS 5 CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | firefox xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5250 | |||
| Oval ID: | oval:org.mitre.oval:def:5250 | ||
| Title: | Mozilla Seamonkey memory corruption Vulnerability | ||
| Description: | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0771 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5265 | |||
| Oval ID: | oval:org.mitre.oval:def:5265 | ||
| Title: | Mozilla Seamonkey Multiple XSS Vulnerabilities | ||
| Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1309 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5319 | |||
| Oval ID: | oval:org.mitre.oval:def:5319 | ||
| Title: | Mozilla Thunderbird Memory corruption Vulnerabilities | ||
| Description: | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1304 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5418 | |||
| Oval ID: | oval:org.mitre.oval:def:5418 | ||
| Title: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow Visual truncation vulnerability | ||
| Description: | Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3078 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5480 | |||
| Oval ID: | oval:org.mitre.oval:def:5480 | ||
| Title: | Mozilla Seamonkey Memory corruption Vulnerabilities | ||
| Description: | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1304 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5527 | |||
| Oval ID: | oval:org.mitre.oval:def:5527 | ||
| Title: | Mozilla Firefox Denial of Service Vulnerability | ||
| Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1302 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5581 | |||
| Oval ID: | oval:org.mitre.oval:def:5581 | ||
| Title: | Mozilla Firefox 3.0.x before 3.0.15 cause a denial of service in layout/base/nsCSSFrameConstructor.cpp | ||
| Description: | layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3382 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5591 | |||
| Oval ID: | oval:org.mitre.oval:def:5591 | ||
| Title: | Mozilla Thunderbird Multiple XSS Vulnerabilities | ||
| Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1309 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5606 | |||
| Oval ID: | oval:org.mitre.oval:def:5606 | ||
| Title: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow dangling pointer vulnerability | ||
| Description: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3077 | Version: | 6 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5703 | |||
| Oval ID: | oval:org.mitre.oval:def:5703 | ||
| Title: | Mozilla Thunderbird Denial of Service Vulnerability | ||
| Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0772 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5717 | |||
| Oval ID: | oval:org.mitre.oval:def:5717 | ||
| Title: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2 allow multiple DOS Vulnerabilities | ||
| Description: | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3075 | Version: | 6 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5806 | |||
| Oval ID: | oval:org.mitre.oval:def:5806 | ||
| Title: | Mozilla Seamonkey remote code execution Vulnerability | ||
| Description: | Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0775 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5810 | |||
| Oval ID: | oval:org.mitre.oval:def:5810 | ||
| Title: | Mozilla Seamonkey Denial of Service Vulnerability | ||
| Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1303 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5816 | |||
| Oval ID: | oval:org.mitre.oval:def:5816 | ||
| Title: | Mozilla Thunderbird remote code execution Vulnerability | ||
| Description: | Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0775 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5856 | |||
| Oval ID: | oval:org.mitre.oval:def:5856 | ||
| Title: | Mozilla Seamonkey Denial of Service and arbitrary code execution Vulnerabilities | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0773 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5905 | |||
| Oval ID: | oval:org.mitre.oval:def:5905 | ||
| Title: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2 allow Denial of Service Vulnerability | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3071 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5928 | |||
| Oval ID: | oval:org.mitre.oval:def:5928 | ||
| Title: | Mozilla Firefox 'keygen' HTML Tag Denial of Service Vulnerability | ||
| Description: | Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1828 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5933 | |||
| Oval ID: | oval:org.mitre.oval:def:5933 | ||
| Title: | Mozilla Seamonkey arbitrary code execution Vulnerability | ||
| Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1307 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5935 | |||
| Oval ID: | oval:org.mitre.oval:def:5935 | ||
| Title: | Remote bypass vulnerability in content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 via the document.getSelection function | ||
| Description: | content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3375 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5945 | |||
| Oval ID: | oval:org.mitre.oval:def:5945 | ||
| Title: | Mozilla Seamonkey Denial of Service Vulnerability | ||
| Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0772 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5947 | |||
| Oval ID: | oval:org.mitre.oval:def:5947 | ||
| Title: | Mozilla Firefox gczeal (vector) Denial of Service Vulnerability | ||
| Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0774 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5956 | |||
| Oval ID: | oval:org.mitre.oval:def:5956 | ||
| Title: | Mozilla Firefox security bypass Vulnerability | ||
| Description: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0776 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5980 | |||
| Oval ID: | oval:org.mitre.oval:def:5980 | ||
| Title: | Mozilla Thunderbird Denial of Service and arbitrary code execution Vulnerabilities | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0773 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5989 | |||
| Oval ID: | oval:org.mitre.oval:def:5989 | ||
| Title: | Mozilla Firefox 3.5.x before 3.5.3 allow Denial of Service Vulnerability | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3069 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5992 | |||
| Oval ID: | oval:org.mitre.oval:def:5992 | ||
| Title: | Mozilla Firefox Denial of Service Vulnerability | ||
| Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1303 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5996 | |||
| Oval ID: | oval:org.mitre.oval:def:5996 | ||
| Title: | Multiple vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 | ||
| Description: | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3383 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6015 | |||
| Oval ID: | oval:org.mitre.oval:def:6015 | ||
| Title: | Mozilla Firefox Memory corruption Vulnerabilities | ||
| Description: | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1304 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6017 | |||
| Oval ID: | oval:org.mitre.oval:def:6017 | ||
| Title: | Mozilla Seamonkey security bypass Vulnerability | ||
| Description: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0776 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6021 | |||
| Oval ID: | oval:org.mitre.oval:def:6021 | ||
| Title: | Mozilla Firefox Cross Site Scripting Vulnerability | ||
| Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1306 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6039 | |||
| Oval ID: | oval:org.mitre.oval:def:6039 | ||
| Title: | Mozilla Thunderbird Phishing Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0777 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6053 | |||
| Oval ID: | oval:org.mitre.oval:def:6053 | ||
| Title: | Mozilla Firefox before 3.0.14 JavaScript engine allow denial of service Vulnerability | ||
| Description: | Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3074 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6057 | |||
| Oval ID: | oval:org.mitre.oval:def:6057 | ||
| Title: | Mozilla Seamonkey gczeal (vector) Denial of Service Vulnerability | ||
| Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0774 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6064 | |||
| Oval ID: | oval:org.mitre.oval:def:6064 | ||
| Title: | Mozilla Firefox XSS Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1312 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6070 | |||
| Oval ID: | oval:org.mitre.oval:def:6070 | ||
| Title: | Mozilla Seamonkey Denial of Service Vulnerability | ||
| Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1302 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6073 | |||
| Oval ID: | oval:org.mitre.oval:def:6073 | ||
| Title: | Mozilla Firefox before 3.0.14 allow Denial of Service Vulnerability | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3070 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6090 | |||
| Oval ID: | oval:org.mitre.oval:def:6090 | ||
| Title: | Mozilla Thunderbird DoS and Memory Corruption Vulnerability | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1305 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6097 | |||
| Oval ID: | oval:org.mitre.oval:def:6097 | ||
| Title: | Mozilla Firefox Denial of Service Vulnerability | ||
| Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0772 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6121 | |||
| Oval ID: | oval:org.mitre.oval:def:6121 | ||
| Title: | Mozilla Thunderbird gczeal (vector) Denial of Service Vulnerability | ||
| Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0774 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6131 | |||
| Oval ID: | oval:org.mitre.oval:def:6131 | ||
| Title: | Mozilla Seamonkey XSS Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1312 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6139 | |||
| Oval ID: | oval:org.mitre.oval:def:6139 | ||
| Title: | Mozilla Firefox Multiple XSS Vulnerabilities | ||
| Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1309 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6140 | |||
| Oval ID: | oval:org.mitre.oval:def:6140 | ||
| Title: | Mozilla Firefox before 3.0.14 allow remote arbitrary code execution Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3076 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6141 | |||
| Oval ID: | oval:org.mitre.oval:def:6141 | ||
| Title: | Mozilla Firefox Denial of Service and arbitrary code execution Vulnerabilities | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0773 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6151 | |||
| Oval ID: | oval:org.mitre.oval:def:6151 | ||
| Title: | Mozilla Thunderbird Denial of Service Vulnerability | ||
| Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1303 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6154 | |||
| Oval ID: | oval:org.mitre.oval:def:6154 | ||
| Title: | Mozilla Firefox arbitrary code execution Vulnerability | ||
| Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1307 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6157 | |||
| Oval ID: | oval:org.mitre.oval:def:6157 | ||
| Title: | Mozilla Firefox Phishing Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0777 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6163 | |||
| Oval ID: | oval:org.mitre.oval:def:6163 | ||
| Title: | Mozilla Thunderbird memory corruption Vulnerability | ||
| Description: | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0771 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6170 | |||
| Oval ID: | oval:org.mitre.oval:def:6170 | ||
| Title: | Mozilla Thunderbird Denial of Service Vulnerability | ||
| Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1302 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6173 | |||
| Oval ID: | oval:org.mitre.oval:def:6173 | ||
| Title: | Mozilla Seamonkey XSS and arbitrary injection Vulnerabilities | ||
| Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1308 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6185 | |||
| Oval ID: | oval:org.mitre.oval:def:6185 | ||
| Title: | Mozilla Firefox XSS and arbitrary injection Vulnerabilities | ||
| Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1308 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6191 | |||
| Oval ID: | oval:org.mitre.oval:def:6191 | ||
| Title: | Mozilla Thunderbird security bypass Vulnerability | ||
| Description: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0776 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6194 | |||
| Oval ID: | oval:org.mitre.oval:def:6194 | ||
| Title: | Mozilla Seamonkey Cross Site Scripting Vulnerability | ||
| Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1306 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6196 | |||
| Oval ID: | oval:org.mitre.oval:def:6196 | ||
| Title: | Mozilla Firefox memory corruption Vulnerability | ||
| Description: | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0771 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6200 | |||
| Oval ID: | oval:org.mitre.oval:def:6200 | ||
| Title: | Mozilla Seamonkey Information Disclosure Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1311 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6207 | |||
| Oval ID: | oval:org.mitre.oval:def:6207 | ||
| Title: | Mozilla Firefox remote code execution Vulnerability | ||
| Description: | Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0775 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6222 | |||
| Oval ID: | oval:org.mitre.oval:def:6222 | ||
| Title: | Mozilla Firefox Information Disclosure Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1311 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6229 | |||
| Oval ID: | oval:org.mitre.oval:def:6229 | ||
| Title: | Mozilla Seamonkey Phishing Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0777 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6232 | |||
| Oval ID: | oval:org.mitre.oval:def:6232 | ||
| Title: | Mozilla Firefox DoS and Memory Corruption Vulnerability | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1305 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6242 | |||
| Oval ID: | oval:org.mitre.oval:def:6242 | ||
| Title: | Mozilla Firefox XSS nadn HTML injection Vulnerabilities | ||
| Description: | Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1310 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6248 | |||
| Oval ID: | oval:org.mitre.oval:def:6248 | ||
| Title: | Mozilla Seamonkey DoS and Memory Corruption Vulnerability | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1305 | Version: | 2 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6250 | |||
| Oval ID: | oval:org.mitre.oval:def:6250 | ||
| Title: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow remote arbitrary code Vulnerability | ||
| Description: | Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3079 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6266 | |||
| Oval ID: | oval:org.mitre.oval:def:6266 | ||
| Title: | Mozilla Thunderbird arbitrary code execution Vulnerability | ||
| Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1307 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6296 | |||
| Oval ID: | oval:org.mitre.oval:def:6296 | ||
| Title: | Mozilla Thunderbird XSS and arbitrary injection Vulnerabilities | ||
| Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1308 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6312 | |||
| Oval ID: | oval:org.mitre.oval:def:6312 | ||
| Title: | Mozilla Thunderbird Cross Site Scripting Vulnerability | ||
| Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1306 | Version: | 6 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6315 | |||
| Oval ID: | oval:org.mitre.oval:def:6315 | ||
| Title: | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3 allow denial of service Vulnerability | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3072 | Version: | 6 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6347 | |||
| Oval ID: | oval:org.mitre.oval:def:6347 | ||
| Title: | Arbitrary code execution in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 ia a crafted regular expression in a Proxy Auto-configuration (PAC) file. | ||
| Description: | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3372 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6375 | |||
| Oval ID: | oval:org.mitre.oval:def:6375 | ||
| Title: | vulnerabilities in liboggz, as used in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service | ||
| Description: | Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3377 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6443 | |||
| Oval ID: | oval:org.mitre.oval:def:6443 | ||
| Title: | The oggplay_data_handle_theora_frame in liboggplay in Mozilla Firefox 3.5.x before 3.5.4 to cuase denial of service | ||
| Description: | The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3378 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6464 | |||
| Oval ID: | oval:org.mitre.oval:def:6464 | ||
| Title: | Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service | ||
| Description: | Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3371 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6495 | |||
| Oval ID: | oval:org.mitre.oval:def:6495 | ||
| Title: | Multiple vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 to cause a denial of service. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3381 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6541 | |||
| Oval ID: | oval:org.mitre.oval:def:6541 | ||
| Title: | Spoofed file extensions via a crafted filename containing Unicode character in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 | ||
| Description: | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3376 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6548 | |||
| Oval ID: | oval:org.mitre.oval:def:6548 | ||
| Title: | Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0 via unspecified vectors. | ||
| Description: | Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3373 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6565 | |||
| Oval ID: | oval:org.mitre.oval:def:6565 | ||
| Title: | Vulnerability in the XPCVariant::VariantDataToJS function in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 | ||
| Description: | The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3374 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6580 | |||
| Oval ID: | oval:org.mitre.oval:def:6580 | ||
| Title: | Multiple vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 to cause a denial of service | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3380 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6582 | |||
| Oval ID: | oval:org.mitre.oval:def:6582 | ||
| Title: | Vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4 to cause a denial of service | ||
| Description: | Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3379 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6646 | |||
| Oval ID: | oval:org.mitre.oval:def:6646 | ||
| Title: | Mozilla Thunderbird, Firefox and Seamonkey Denial of Service Vulnerability | ||
| Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1303 | Version: | 17 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6658 | |||
| Oval ID: | oval:org.mitre.oval:def:6658 | ||
| Title: | DSA-2045 libtheora -- integer overflow | ||
| Description: | Bob Clary, Dan Kaminsky and David Keeler discovered that in libtheora, a video library part of the Ogg project, several flaws allow context-dependent attackers via a large and specially crafted media file, to cause a denial of service, and possibly arbitrary code execution. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2045 CVE-2009-3389 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | libtheora |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6699 | |||
| Oval ID: | oval:org.mitre.oval:def:6699 | ||
| Title: | DSA-2025 icedove -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: Dan Kaminsky and Moxie Marlinspike discovered that icedove does not properly handle a "\0" character in a domain name in the subject's Common Name field of an X.509 certificate. Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. monarch2020 discovered an integer overflow in a base64 decoding function. Josh Soref discovered a crash in the BinHex decoder. Carsten Book reported a crash in the JavaScript engine. Ludovic Hirlimann reported a crash indexing some messages with attachments, which could lead to the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2025 CVE-2009-2408 CVE-2009-2404 CVE-2009-2463 CVE-2009-3072 CVE-2009-3075 CVE-2010-0163 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6708 | |||
| Oval ID: | oval:org.mitre.oval:def:6708 | ||
| Title: | Mozilla Firefox, Thunderbird and Seamonkey Denial of Service and arbitrary code execution Vulnerabilities | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0773 | Version: | 19 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6710 | |||
| Oval ID: | oval:org.mitre.oval:def:6710 | ||
| Title: | Mozilla Thunderbird, Firefox and Seamonkey Cross Site Scripting Vulnerability | ||
| Description: | The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1306 | Version: | 17 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6731 | |||
| Oval ID: | oval:org.mitre.oval:def:6731 | ||
| Title: | Mozilla Firefox and Seamonkey XSS Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1312 | Version: | 10 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6755 | |||
| Oval ID: | oval:org.mitre.oval:def:6755 | ||
| Title: | Mozilla Firefox, Thunderbird and Seamonkey memory corruption Vulnerability | ||
| Description: | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0771 | Version: | 19 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6776 | |||
| Oval ID: | oval:org.mitre.oval:def:6776 | ||
| Title: | Mozilla Firefox and SeaMonkey mailto: URL Redirection Vulnerability | ||
| Description: | Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0181 | Version: | 17 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6811 | |||
| Oval ID: | oval:org.mitre.oval:def:6811 | ||
| Title: | Mozilla Firefox, Thunderbird and Seamonkey Denial of Service Vulnerability | ||
| Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0772 | Version: | 19 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6831 | |||
| Oval ID: | oval:org.mitre.oval:def:6831 | ||
| Title: | Mozilla Firefox, Thunderbird, and Seamonkey Multiple XSS Vulnerabilities | ||
| Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1309 | Version: | 17 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6844 | |||
| Oval ID: | oval:org.mitre.oval:def:6844 | ||
| Title: | Mozilla Firefox DOM Node Moving Use-After-Free Remote Code Execution Vulnerability | ||
| Description: | Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1121 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6920 | |||
| Oval ID: | oval:org.mitre.oval:def:6920 | ||
| Title: | DSA-1797 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Moxie Marlinspike discovered that Unicode box drawing characters inside of internationalised domain names could be used for phishing attacks. Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the layout engine, which might allow the execution of arbitrary code. Olli Pettay, Martijn Wargers, Mats Palmgren, Oleg Romashin, Jesse Ruderman and Gary Kwong reported crashes in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Igor Bukanov and Bob Clary discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Daniel Veditz discovered that the Content-Disposition: header is ignored within the jar: URI scheme. Gregory Fleischer discovered that the same-origin policy for Flash files is inproperly enforced for files loaded through the view-source scheme, which may result in bypass of cross-domain policy restrictions. Cefn Hoile discovered that sites, which allow the embedding of third-party stylesheets are vulnerable to cross-site scripting attacks through XBL bindings. "moz_bug_r_a4" discovered bypasses of the same-origin policy in the XMLHttpRequest Javascript API and the XPCNativeWrapper. Paolo Amadini discovered that incorrect handling of POST data when saving a web site with an embedded frame may lead to information disclosure. It was discovered that Iceweasel allows Refresh: headers to redirect to Javascript URIs, resulting in cross-site scripting. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1797 CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1311 CVE-2009-1312 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6921 | |||
| Oval ID: | oval:org.mitre.oval:def:6921 | ||
| Title: | Mozilla Firefox, Thunderbird and Seamonkey DoS and Memory Corruption Vulnerability | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1305 | Version: | 17 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6945 | |||
| Oval ID: | oval:org.mitre.oval:def:6945 | ||
| Title: | Mozilla Firefox, Thunderbird and Seamonkey gczeal (vector) Denial of Service Vulnerability | ||
| Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0774 | Version: | 19 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6971 | |||
| Oval ID: | oval:org.mitre.oval:def:6971 | ||
| Title: | Mozilla Firefox and SeaMonkey Arbitrary Code Execution With Firebug XMLHttpRequestSpy Module Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0179 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6975 | |||
| Oval ID: | oval:org.mitre.oval:def:6975 | ||
| Title: | Mozilla Firefox and SeaMonkey Chrome Privilege Escalation Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0178 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7008 | |||
| Oval ID: | oval:org.mitre.oval:def:7008 | ||
| Title: | Mozilla Thunderbird, Firefox and Seamonkey arbitrary code execution Vulnerability | ||
| Description: | The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1307 | Version: | 17 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7030 | |||
| Oval ID: | oval:org.mitre.oval:def:7030 | ||
| Title: | Mozilla Thunderbird, Seamonkey and Firefox Denial of Service Vulnerability | ||
| Description: | The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1302 | Version: | 17 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7038 | |||
| Oval ID: | oval:org.mitre.oval:def:7038 | ||
| Title: | DSA-1956 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: David James discovered that the window.opener property allows Chrome privilege escalation. Jordi Chanel discovered a spoofing vulnerability of the URL location bar using the document.location property. Jonathan Morgan discovered that the icon indicating a secure connection could be spoofed through the document.location property. Takehiro Takahashi discovered that the NTLM implementation is vulnerable to reflection attacks. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel and Olli Pettay discovered crashes in the layout engine, which might allow the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1956 CVE-2009-3986 CVE-2009-3985 CVE-2009-3984 CVE-2009-3983 CVE-2009-3981 CVE-2009-3979 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7222 | |||
| Oval ID: | oval:org.mitre.oval:def:7222 | ||
| Title: | Mozilla Firefox/Thunderbird/SeaMonkey XUL Tree Optgroup Dangling Pointer Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0176 | Version: | 24 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7235 | |||
| Oval ID: | oval:org.mitre.oval:def:7235 | ||
| Title: | Mozilla Firefox and Seamonkey Information Disclosure Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1311 | Version: | 10 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7285 | |||
| Oval ID: | oval:org.mitre.oval:def:7285 | ||
| Title: | Mozilla Thunderbird, Firefox and Seamonkey XSS and arbitrary injection Vulnerabilities | ||
| Description: | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1308 | Version: | 17 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7315 | |||
| Oval ID: | oval:org.mitre.oval:def:7315 | ||
| Title: | TLS/SSL Renegotiation Vulnerability | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 23 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7339 | |||
| Oval ID: | oval:org.mitre.oval:def:7339 | ||
| Title: | Vulnerability in js_InitRandom function in the JavaScript implementation in Mozilla Firefox and Seamonkey | ||
| Description: | The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3400 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7349 | |||
| Oval ID: | oval:org.mitre.oval:def:7349 | ||
| Title: | DSA-1939 libvorbis -- several vulnerabilities | ||
| Description: | Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered that libvorbis, a library for the Vorbis general-purpose compressed audio codec, did not correctly handle certain malformed ogg files. An attacher could cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1939 CVE-2009-2663 CVE-2009-3379 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libvorbis |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7370 | |||
| Oval ID: | oval:org.mitre.oval:def:7370 | ||
| Title: | Vulnerability in the Math.random function in the JavaScript implementation in Mozilla Firefox | ||
| Description: | The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3171 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7390 | |||
| Oval ID: | oval:org.mitre.oval:def:7390 | ||
| Title: | Mozilla Firefox, Thunderbird and Seamonkey security bypass Vulnerability | ||
| Description: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0776 | Version: | 19 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7432 | |||
| Oval ID: | oval:org.mitre.oval:def:7432 | ||
| Title: | DSA-2027 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout engine, which might allow the execution of arbitrary code. It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. It was discovered that incorrect memory handling in the XUL event handler might allow the execution of arbitrary code. It was discovered that incorrect memory handling in the plugin code might allow the execution of arbitrary code. Paul Stone discovered that forced drag-and-drop events could lead to Chrome privilege escalation. It was discovered that a programming error in the XMLHttpRequestSpy module could lead to the execution of arbitrary code. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2027 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7435 | |||
| Oval ID: | oval:org.mitre.oval:def:7435 | ||
| Title: | Mozilla Firefox, Thunderbird and Seamonkey Phishing Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0777 | Version: | 19 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7463 | |||
| Oval ID: | oval:org.mitre.oval:def:7463 | ||
| Title: | DSA-1999 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1999 CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7467 | |||
| Oval ID: | oval:org.mitre.oval:def:7467 | ||
| Title: | Mozilla Firefox/Thunderbird/SeaMonkey Memory Corruption Vulnerabilities | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0173 | Version: | 24 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7478 | |||
| Oval ID: | oval:org.mitre.oval:def:7478 | ||
| Title: | VMware ESX, Service Console update for OpenSSL, GnuTLS, NSS and NSPR. | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 5 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7516 | |||
| Oval ID: | oval:org.mitre.oval:def:7516 | ||
| Title: | Mozilla Firefox, Thunderbird and Seamonkey Memory corruption Vulnerabilities | ||
| Description: | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1304 | Version: | 17 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7546 | |||
| Oval ID: | oval:org.mitre.oval:def:7546 | ||
| Title: | Mozilla Firefox/Thunderbird/SeaMonkey nsTreeSelection Use-After-Free Vulnerability | ||
| Description: | Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0175 | Version: | 24 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7584 | |||
| Oval ID: | oval:org.mitre.oval:def:7584 | ||
| Title: | Mozilla Firefox, Thunderbird and Seamonkey remote code execution Vulnerability | ||
| Description: | Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-0775 | Version: | 19 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7598 | |||
| Oval ID: | oval:org.mitre.oval:def:7598 | ||
| Title: | Vulnerability in js_InitRandom function in the JavaScript implementation in Mozilla Firefox | ||
| Description: | The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-3399 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7615 | |||
| Oval ID: | oval:org.mitre.oval:def:7615 | ||
| Title: | Mozilla Firefox/Thunderbird/SeaMonkey Memory Corruption Vulnerabilities | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0174 | Version: | 24 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7618 | |||
| Oval ID: | oval:org.mitre.oval:def:7618 | ||
| Title: | Mozilla Firefox/Thunderbird/SeaMonkey XMLDocument::load Function Access Restrictions Bypass Vulnerability | ||
| Description: | The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0182 | Version: | 24 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7622 | |||
| Oval ID: | oval:org.mitre.oval:def:7622 | ||
| Title: | Mozilla Firefox and SeaMonkey window.navigator.plugins Object Dangling Pointer Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0177 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7657 | |||
| Oval ID: | oval:org.mitre.oval:def:7657 | ||
| Title: | DSA-1649 iceweasel -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. moz_bug_r_a4 discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could by bypassed. moz_bug_r_a4 discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. moz_bug_r_a4 discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. moz_bug_r_a4 discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. Olli Pettay and moz_bug_r_a4 discovered a Chrome privilege escalation vulnerability in XSLT handling. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. Gareth Heyes discovered that some Unicode surrogate characters are ignored by the HTML parser. Boris Zbarsky discovered that resource: URLs allow directory traversal when using URL-encoded slashes. Georgi Guninski discovered that resource: URLs could bypass local access restrictions. Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1649 CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7740 | |||
| Oval ID: | oval:org.mitre.oval:def:7740 | ||
| Title: | DSA-1669 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could by bypassed. "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. Gareth Heyes discovered that some Unicode surrogate characters are ignored by the HTML parser. Boris Zbarsky discovered that resource: URls allow directory traversal when using URL-encoded slashes. Georgi Guninski discovered that resource: URLs could bypass local access restrictions. Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. Liu Die Yu discovered an information leak through local shortcut files. Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. It was discovered that crashes in the layout engine could lead to arbitrary code execution. It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals. Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1669 CVE-2008-0016 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-0017 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7743 | |||
| Oval ID: | oval:org.mitre.oval:def:7743 | ||
| Title: | Mozilla Firefox/Thunderbird/SeaMonkey Multiple Cross Domain Scripting Vulnerabilities | ||
| Description: | Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0171 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7766 | |||
| Oval ID: | oval:org.mitre.oval:def:7766 | ||
| Title: | DSA-1885 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. Daniel Holbert, Jesse Ruderman, Olli Pettay and "toshi" discovered crashes in the layout engine, which might allow the execution of arbitrary code. Josh Soref, Jesse Ruderman and Martin Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered a crash in the Javascript engine, which might allow the execution of arbitrary code. Carsten Book and "Taral" discovered crashes in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered that the user interface for installing/ removing PCKS #11 securiy modules wasn't informative enough, which might allow social engineering attacks. It was discovered that incorrect pointer handling in the XUL parser could lead to the execution of arbitrary code. Juan Pablo Lopez Yacubian discovered that incorrent rendering of some Unicode font characters could lead to spoofing attacks on the location bar. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1885 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7805 | |||
| Oval ID: | oval:org.mitre.oval:def:7805 | ||
| Title: | DSA-1707 iceweasel -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) It was discovered that attackers could run arbitrary JavaScript with chrome privileges via vectors related to the feed preview. (MFSA 2008-62) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) Kojima Hajime and Jun Muto discovered that escaped null characters were ignored by the CSS parser and could lead to the bypass of protection mechanisms (MFSA 2008-67) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68) moz_bug_r_a4 discovered that the session-restore feature does not properly sanitise input leading to arbitrary injections. This issue could be used to perform an XSS attack or run arbitrary JavaScript with chrome privileges. (MFSA 2008-69) | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1707 CVE-2008-5500 CVE-2008-5503 CVE-2008-5504 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5510 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7832 | |||
| Oval ID: | oval:org.mitre.oval:def:7832 | ||
| Title: | DSA-1840 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Martijn Wargers, Arno Renevier, Jesse Ruderman, Olli Pettay and Blake Kaplan discovered several issues in the browser engine that could potentially lead to the execution of arbitrary code. (MFSA 2009-34) monarch2020 reported an integer overflow in a base64 decoding function. (MFSA 2009-34) Christophe Charron reported a possibly exploitable crash occuring when multiple RDF files were loaded in a XUL tree element. (MFSA 2009-34) Yongqian Li reported that an unsafe memory condition could be created by specially crafted document. (MFSA 2009-34) Peter Van der Beken, Mike Shaver, Jesse Ruderman, and Carsten Book discovered several issues in the JavaScript engine that could possibly lead to the execution of arbitrary JavaScript. (MFSA 2009-34) Attila Suszter discovered an issue related to a specially crafted Flash object, which could be used to run arbitrary code. (MFSA 2009-35) PenPal discovered that it is possible to execute arbitrary code via a specially crafted SVG element. (MFSA 2009-37) Blake Kaplan discovered a flaw in the JavaScript engine that might allow an attacker to execute arbitrary JavaScript with chrome privileges. (MFSA 2009-39) moz_bug_r_a4 discovered an issue in the JavaScript engine that could be used to perform cross-site scripting attacks. (MFSA 2009-40) | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1840 CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2471 CVE-2009-2472 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7872 | |||
| Oval ID: | oval:org.mitre.oval:def:7872 | ||
| Title: | DSA-1820 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Several issues in the browser engine have been discovered, which can result in the execution of arbitrary code. (MFSA 2009-24) It is possible to execute arbitrary code via vectors involving "double frame construction." (MFSA 2009-24) Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript engine, which could lead to the execution of arbitrary code. (MFSA 2009-24) Pavel Cvrcek discovered a potential issue leading to a spoofing attack on the location bar related to certain invalid unicode characters. (MFSA 2009-25) Gregory Fleischer discovered that it is possible to read arbitrary cookies via a crafted HTML document. (MFSA 2009-26) Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. (MFSA 2009-27) Jakob Balle and Carsten Eiram reported a race condition in the NPObjWrapper_NewResolve function that can be used to execute arbitrary code. (MFSA 2009-28) moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage-collection implementation. (MFSA 2009-29) Adam Barth and Collin Jackson reported a potential privilege escalation when loading a file::resource via the location bar. (MFSA 2009-30) Wladimir Palant discovered that it is possible to bypass access restrictions due to a lack of content policy check, when loading a script file into a XUL document. (MFSA 2009-31) moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. (MFSA 2009-32) | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1820 CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7898 | |||
| Oval ID: | oval:org.mitre.oval:def:7898 | ||
| Title: | DSA-1756 xulrunner -- multiple vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer. Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim's computer. Note that after installing these updates, you will need to restart any packages using xulrunner, typically iceweasel or epiphany. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1756 CVE-2009-1169 CVE-2009-1044 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7945 | |||
| Oval ID: | oval:org.mitre.oval:def:7945 | ||
| Title: | DSA-1922 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Vladimir Vukicevic, Jesse Ruderman, Martijn Wargers, Daniel Banchero, David Keeler and Boris Zbarsky reported crashes in layout engine, which might allow the execution of arbitrary code. Carsten Book reported a crash in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman and Sid Stamm discovered spoofing vulnerability in the file download dialog. Gregory Fleischer discovered a bypass of the same-origin policy using the document.getSelection() function. "moz_bug_r_a4" discovered a privilege escalation to Chrome status in the XPCOM utility XPCVariant::VariantDataToJS. "regenrecht" discovered a buffer overflow in the GIF parser, which might lead to the execution of arbitrary code. Marco C. discovered that a programming error in the proxy auto configuration code might lead to denial of service or the execution of arbitrary code. Jeremy Brown discovered that the filename of a downloaded file which is opened by the user is predictable, which might lead to tricking the user into a malicious file if the attacker has local access to the system. Paul Stone discovered that history information from web forms could be stolen. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1922 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7950 | |||
| Oval ID: | oval:org.mitre.oval:def:7950 | ||
| Title: | DSA-1697 iceape -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. (MFSA 2008-37) It was discovered that a buffer overflow in MIME decoding can lead to the execution of arbitrary code. (MFSA 2008-26) It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the execution of arbitrary code. (MFSA 2008-34) Devon Hubbard, Jesse Ruderman and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-21) Igor Bukanov, Jesse Ruderman and Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. (MFSA 2008-21) "moz_bug_r_a4" discovered several cross-site scripting vulnerabilities. (MFSA 2008-22) Collin Jackson and Adam Barth discovered that Javascript code could be executed in the context or signed JAR archives. (MFSA 2008-23) "moz_bug_r_a4" discovered that XUL documements can escalate privileges by accessing the pre-compiled "fastload" file. (MFSA 2008-24) "moz_bug_r_a4" discovered that missing input sanitising in the mozIJSSubScriptLoader.loadSubScript() function could lead to the execution of arbitrary code. Iceape itself is not affected, but some addons are. (MFSA 2008-25) Claudio Santambrogio discovered that missing access validation in DOM parsing allows malicious web sites to force the browser to upload local files to the server, which could lead to information disclosure. (MFSA 2008-27) Daniel Glazman discovered that a programming error in the code for parsing .properties files could lead to memory content being exposed to addons, which could lead to information disclosure. (MFSA 2008-29) Masahiro Yamada discovered that file URLs in directory listings were insufficiently escaped. (MFSA 2008-30) John G. Myers, Frank Benkstein and Nils Toedtmann discovered that alternate names on self-signed certificates were handled insufficiently, which could lead to spoofings of secure connections. (MFSA 2008-31) It was discovered that URL shortcut files could be used to bypass the same-origin restrictions. This issue does not affect current Iceape, but might occur with additional extensions installed. (MFSA 2008-32) Greg McManus discovered a crash in the block reflow code, which might allow the execution of arbitrary code. (MFSA 2008-33) Billy Rios discovered that passing an URL containing a pipe symbol to Iceape can lead to Chrome privilege escalation. (MFSA 2008-35) "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38) "moz_bug_r_a4" discovered that several vulnerabilities in feedWriter could lead to Chrome privilege escalation. (MFSA 2008-39) Paul Nickerson discovered that an attacker could move windows during a mouse click, resulting in unwanted action triggered by drag-and-drop. (MFSA 2008-40) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. (MFSA 2008-41) Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. (MFSA 2008-43) Boris Zbarsky discovered that resource: URLs allow directory traversal when using URL-encoded slashes. (MFSA 2008-44) Georgi Guninski discovered that resource: URLs could bypass local access restrictions. (MFSA 2008-44) Billy Hoffman discovered that the XBM decoder could reveal uninitialised memory. (MFSA 2008-45) It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. (MFSA 2008-46) Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. (MFSA 2008-48) It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. (MFSA 2008-49) Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. (MFSA 2008-50) It was discovered that crashes in the layout engine could lead to arbitrary code execution. (MFSA 2008-52) Justin Schuh discovered that a buffer overflow in http-index-format parser could lead to arbitrary code execution. (MFSA 2008-54) It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. (MFSA 2008-55) "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. (MFSA 2008-56) Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. (MFSA 2008-58) Liu Die Yu discovered an information leak through local shortcut files. (MFSA 2008-59) Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68) | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1697 CVE-2008-0016 CVE-2008-0304 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811 CVE-2008-2933 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4070 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-0017 CVE-2008-5021 CVE-2008-5024 CVE-2008-5022 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceape |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7958 | |||
| Oval ID: | oval:org.mitre.oval:def:7958 | ||
| Title: | Mozilla Firefox and SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability | ||
| Description: | The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3987 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7967 | |||
| Oval ID: | oval:org.mitre.oval:def:7967 | ||
| Title: | Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability | ||
| Description: | Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3389 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7969 | |||
| Oval ID: | oval:org.mitre.oval:def:7969 | ||
| Title: | Mozilla Firefox WOFF Processing Integer Overflow Vulnerability | ||
| Description: | Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1028 | Version: | 12 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:7973 | |||
| Oval ID: | oval:org.mitre.oval:def:7973 | ||
| Title: | Security Vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer 3.0 (SSLv3) Protocols Involving Handshake Renegotiation Affects Applications Utilizing Network Security Services (NSS) | ||
| Description: | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3555 | Version: | 1 |
| Platform(s): | Sun Solaris 8 Sun Solaris 9 Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:7990 | |||
| Oval ID: | oval:org.mitre.oval:def:7990 | ||
| Title: | DSA-1751 xulrunner -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Martijn Wargers, Jesse Ruderman and Josh Soref discovered crashes in the layout engine, which might allow the execution of arbitrary code. Jesse Ruderman discovered crashes in the layout engine, which might allow the execution of arbitrary code. Gary Kwong, and Timothee Groleau discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. Gary Kwong discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. It was discovered that incorrect memory management in the DOM element handling may lead to the execution of arbitrary code. Georgi Guninski discovered a violation of the same-origin policy through RDFXMLDataSource and cross-domain redirects. As indicated in the Etch release notes, security support for the Mozilla products in the oldstable distribution needed to be stopped before the end of the regular Etch security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a still supported browser. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1751 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8008 | |||
| Oval ID: | oval:org.mitre.oval:def:8008 | ||
| Title: | DSA-1886 iceweasel -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: "moz_bug_r_a4" discovered that a programming error in the FeedWriter module could lead to the execution of Javascript code with elevated privileges. Prateek Saxena discovered a cross-site scripting vulnerability in the MozSearch plugin interface. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1886 CVE-2009-1310 CVE-2009-3079 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8009 | |||
| Oval ID: | oval:org.mitre.oval:def:8009 | ||
| Title: | Mozilla Firefox and SeaMonkey 'liboggplay' Media Library Remote Memory Corruption Vulnerabilities | ||
| Description: | liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3388 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8021 | |||
| Oval ID: | oval:org.mitre.oval:def:8021 | ||
| Title: | DSA-1696 icedove -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh, Tom Cross and Peter Williams discovered a buffer overflow in the parser for UTF-8 URLs, which may lead to the execution of arbitrary code. (MFSA 2008-37) It was discovered that crashes in the Javascript engine could potentially lead to the execution of arbitrary code. (MFSA 2008-20) "moz_bug_r_a4" discovered that the same-origin check in nsXMLDocument::OnChannelRedirect() could be bypassed. (MFSA 2008-38) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) "moz_bug_r_a4" discovered a vulnerability which can result in Chrome privilege escalation through XPCNativeWrappers. (MFSA 2008-41) Olli Pettay and "moz_bug_r_a4" discovered a Chrome privilege escalation vulnerability in XSLT handling. (MFSA 2008-41) Jesse Ruderman discovered a crash in the layout engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour discovered crashes in the Javascript engine, which might allow the execution of arbitrary code. (MFSA 2008-42) Dave Reed discovered that some Unicode byte order marks are stripped from Javascript code before execution, which can result in code being executed, which were otherwise part of a quoted string. (MFSA 2008-43) It was discovered that a directory traversal allows attackers to read arbitrary files via a certain character. (MFSA 2008-44) It was discovered that a directory traversal allows attackers to bypass security restrictions and obtain sensitive information. (MFSA 2008-44) It was discovered that a buffer overflow could be triggered via a long header in a news article, which could lead to arbitrary code execution. (MFSA 2008-46) Liu Die Yu and Boris Zbarsky discovered an information leak through local shortcut files. (MFSA 2008-47, MFSA 2008-59) Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. (MFSA 2008-48) Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. (MFSA 2008-50) It was discovered that crashes in the layout engine could lead to arbitrary code execution. (MFSA 2008-52) It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. (MFSA 2008-52) It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. (MFSA 2008-55) "moz_bug_r_a4" discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. (MFSA 2008-56) Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. (MFSA 2008-58) Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory corruption and an integer overflow. (MFSA 2008-60) Boris Zbarsky discovered that an information disclosure attack could be performed via XBL bindings. (MFSA 2008-61) Marius Schilder discovered that it is possible to obtain sensible data via a XMLHttpRequest. (MFSA 2008-64) Chris Evans discovered that it is possible to obtain sensible data via a JavaScript URL. (MFSA 2008-65) Chip Salzenberg discovered possible phishing attacks via URLs with leading whitespaces or control characters. (MFSA 2008-66) It was discovered that it is possible to perform cross-site scripting attacks via an XBL binding to an "unloaded document." (MFSA 2008-68) It was discovered that it is possible to run arbitrary JavaScript with chrome privileges via unknown vectors. (MFSA 2008-68) | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1696 CVE-2008-0016 CVE-2008-1380 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4070 CVE-2008-4582 CVE-2008-5012 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8036 | |||
| Oval ID: | oval:org.mitre.oval:def:8036 | ||
| Title: | DSA-1830 icedove -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems: The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialised pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. (MFSA 2009-10) It is possible to execute arbitrary code via vectors related to the layout engine. (MFSA 2009-01) It is possible to execute arbitrary code via vectors related to the JavaScript engine. (MFSA 2009-01) Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalised domain names. (MFSA 2009-15) Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. (MFSA 2009-07) The layout engine allows the execution of arbitrary code in vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. (MFSA 2009-07) The JavaScript engine is prone to the execution of arbitrary code via several vectors. (MFSA 2009-07) The layout engine allows the execution of arbitrary code via vectors related to gczeal. (MFSA 2009-07) Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. (MFSA 2009-09) The browser engine is prone to a possible memory corruption via several vectors. (MFSA 2009-14) The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. (MFSA 2009-14) Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. (MFSA 2009-17) The possible arbitrary execution of code was discovered via vectors involving "double frame construction." (MFSA 2009-24) Several issues were discovered in the browser engine as used by icedove, which could lead to the possible execution of arbitrary code. (MFSA 2009-24) Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. (MFSA 2009-27) moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage collection implementation. (MFSA 2009-29) moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. (MFSA 2009-32) Bernd Jendrissek discovered a potentially exploitable crash when viewing a multipart/alternative mail message with a text/enhanced part. (MFSA 2009-33) | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1830 CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1302 CVE-2009-1303 CVE-2009-1307 CVE-2009-1832 CVE-2009-1392 CVE-2009-1836 CVE-2009-1838 CVE-2009-1841 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | icedove |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8140 | |||
| Oval ID: | oval:org.mitre.oval:def:8140 | ||
| Title: | DSA-1671 iceweasel -- several vulnerabilities | ||
| Description: | Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Justin Schuh discovered that a buffer overflow in the http-index-format parser could lead to arbitrary code execution. Liu Die Yu discovered an information leak through local shortcut files. Georgi Guninski, Michal Zalewski and Chris Evan discovered that the canvas element could be used to bypass same-origin restrictions. It was discovered that insufficient checks in the Flash plugin glue code could lead to arbitrary code execution. Jesse Ruderman discovered that a programming error in the window.__proto__.__proto__ object could lead to arbitrary code execution. It was discovered that crashes in the layout engine could lead to arbitrary code execution. It was discovered that crashes in the Javascript engine could lead to arbitrary code execution. It was discovered that a crash in the nsFrameManager might lead to the execution of arbitrary code. moz_bug_r_a4 discovered that the same-origin check in nsXMLHttpRequest::NotifyEventListeners() could be bypassed. Collin Jackson discovered that the -moz-binding property bypasses security checks on codebase principals. Chris Evans discovered that quote characters were improperly escaped in the default namespace of E4X documents. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1671 CVE-2008-0017 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 4.0 | Product(s): | iceweasel |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8171 | |||
| Oval ID: | oval:org.mitre.oval:def:8171 | ||
| Title: | DSA-1931 nspr -- several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in the NetScape Portable Runtime Library, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: A programming error in the string handling code may lead to the execution of arbitrary code. An integer overflow in the Base64 decoding functions may lead to the execution of arbitrary code. The old stable distribution (etch) doesn't contain nspr. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1931 CVE-2009-1563 CVE-2009-2463 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nspr |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8201 | |||
| Oval ID: | oval:org.mitre.oval:def:8201 | ||
| Title: | DSA-1934 apache2 -- multiple issues | ||
| Description: | A design flaw has been found in the TLS and SSL protocol that allows an attacker to inject arbitrary content at the beginning of a TLS/SSL connection. The attack is related to the way how TLS and SSL handle session renegotiations. CVE-2009-3555 has been assigned to this vulnerability. As a partial mitigation against this attack, this apache2 update disables client-initiated renegotiations. This should fix the vulnerability for the majority of Apache configurations in use. NOTE: This is not a complete fix for the problem. The attack is still possible in configurations where the server initiates the renegotiation. This is the case for the following configurations (the information in the changelog of the updated packages is slightly inaccurate): As a workaround, you may rearrange your configuration in a way that SSLVerifyClient and SSLCipherSuite are only used on the server or virtual host level. A complete fix for the problem will require a protocol change. Further information will be included in a separate announcement about this issue. In addition, this update fixes the following issues in Apache's mod_proxy_ftp: Insufficient input validation in the mod_proxy_ftp module allowed remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. Insufficient input validation in the mod_proxy_ftp module allowed remote authenticated attackers to bypass intended access restrictions and send arbitrary FTP commands to an FTP server. The oldstable distribution (etch), these problems have been fixed in version 2.2.3-4+etch11. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1934 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | apache2 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8240 | |||
| Oval ID: | oval:org.mitre.oval:def:8240 | ||
| Title: | Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3983 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8248 | |||
| Oval ID: | oval:org.mitre.oval:def:8248 | ||
| Title: | Mozilla Firefox Address Bar Spoofing Vulnerability | ||
| Description: | The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1206 | Version: | 19 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8281 | |||
| Oval ID: | oval:org.mitre.oval:def:8281 | ||
| Title: | Mozilla Firefox Asynchronous HTTP Authorization Prompt Information Disclosure Vulnerability | ||
| Description: | toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0172 | Version: | 12 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8292 | |||
| Oval ID: | oval:org.mitre.oval:def:8292 | ||
| Title: | Mozilla Firefox Memory Consumption DoS Vulnerability | ||
| Description: | The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0220 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8317 | |||
| Oval ID: | oval:org.mitre.oval:def:8317 | ||
| Title: | Mozilla Firefox jstracer.cpp Memory Corruption Vulnerability | ||
| Description: | The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1203 | Version: | 11 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8355 | |||
| Oval ID: | oval:org.mitre.oval:def:8355 | ||
| Title: | Mozilla Firefox and SeaMonkey XSS Vulnerability due to window.dialogArguments being readable cross-domain | ||
| Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3988 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8379 | |||
| Oval ID: | oval:org.mitre.oval:def:8379 | ||
| Title: | Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3984 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8431 | |||
| Oval ID: | oval:org.mitre.oval:def:8431 | ||
| Title: | Mozilla Firefox Cached XUL Stylesheets Security Bypass Vulnerability | ||
| Description: | The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0169 | Version: | 19 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8434 | |||
| Oval ID: | oval:org.mitre.oval:def:8434 | ||
| Title: | Mozilla Firefox 3.5 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities | ||
| Description: | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3982 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8458 | |||
| Oval ID: | oval:org.mitre.oval:def:8458 | ||
| Title: | VMware Network Security Services (NSS) does not properly handle '\0' character | ||
| Description: | Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2408 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8465 | |||
| Oval ID: | oval:org.mitre.oval:def:8465 | ||
| Title: | Mozilla Firefox and SeaMonkey Web Worker Array Handling Heap Corruption Vulnerability | ||
| Description: | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0160 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8472 | |||
| Oval ID: | oval:org.mitre.oval:def:8472 | ||
| Title: | Mozilla Firefox 'TraceRecorder::traverseScopeChain()' Remote Memory Corruption Vulnerability | ||
| Description: | The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0165 | Version: | 12 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8480 | |||
| Oval ID: | oval:org.mitre.oval:def:8480 | ||
| Title: | Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3985 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8485 | |||
| Oval ID: | oval:org.mitre.oval:def:8485 | ||
| Title: | Mozilla Firefox, Thunderbird and SeaMonkey Browser Engine Memory Corruption Vulnerability | ||
| Description: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0159 | Version: | 20 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8487 | |||
| Oval ID: | oval:org.mitre.oval:def:8487 | ||
| Title: | Mozilla Firefox and SeaMonkey Multiple Remote Memory Corruption Vulnerabilities | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3979 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8489 | |||
| Oval ID: | oval:org.mitre.oval:def:8489 | ||
| Title: | Mozilla Firefox 'window.opener' Property Chrome Privilege Escalation Vulnerability | ||
| Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3986 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8503 | |||
| Oval ID: | oval:org.mitre.oval:def:8503 | ||
| Title: | Mozilla Firefox 3.5 and SeaMonkey Multiple Remote Memory Corruption Vulnerabilities | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3980 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8523 | |||
| Oval ID: | oval:org.mitre.oval:def:8523 | ||
| Title: | Mozilla Firefox 3.0 and SeaMonkey Remote Memory Corruption Vulnerability | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-3981 | Version: | 13 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8584 | |||
| Oval ID: | oval:org.mitre.oval:def:8584 | ||
| Title: | Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3981 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8602 | |||
| Oval ID: | oval:org.mitre.oval:def:8602 | ||
| Title: | Mozilla Firefox 'window.location' Same Origin Policy Security Bypass Vulnerability | ||
| Description: | Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0170 | Version: | 12 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8610 | |||
| Oval ID: | oval:org.mitre.oval:def:8610 | ||
| Title: | Mozilla Firefox/Thunderbird/Seamonkey Multiple Memory Corruption Vulnerabilities | ||
| Description: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0167 | Version: | 21 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8615 | |||
| Oval ID: | oval:org.mitre.oval:def:8615 | ||
| Title: | Mozilla Firefox, Thunderbird and SeaMonkey Use-After-Free HTML Parser Vulnerability | ||
| Description: | Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2009-1571 | Version: | 20 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8631 | |||
| Oval ID: | oval:org.mitre.oval:def:8631 | ||
| Title: | Mozilla Firefox and SeaMonkey XSS hazard using SVG document and binary Content-Type | ||
| Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0162 | Version: | 15 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8658 | |||
| Oval ID: | oval:org.mitre.oval:def:8658 | ||
| Title: | VMware Network Security Services (NSS) heap-based buffer overflow vulnerability | ||
| Description: | Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2404 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8703 | |||
| Oval ID: | oval:org.mitre.oval:def:8703 | ||
| Title: | Mozilla Firefox 'multipart/x-mixed-replace' Image Remote Memory Corruption Vulnerability | ||
| Description: | Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0164 | Version: | 12 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8711 | |||
| Oval ID: | oval:org.mitre.oval:def:8711 | ||
| Title: | Mozilla Firefox Image Preloading Content-Policy Check Security Bypass Vulnerability | ||
| Description: | The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-0168 | Version: | 12 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:8880 | |||
| Oval ID: | oval:org.mitre.oval:def:8880 | ||
| Title: | Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "javascript" sequence, aka "HTML escaped low surrogates bug." | ||
| Description: | Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-4066 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:8888 | |||
| Oval ID: | oval:org.mitre.oval:def:8888 | ||
| Title: | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||
| Description: | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1563 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9241 | |||
| Oval ID: | oval:org.mitre.oval:def:9241 | ||
| Title: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
| Description: | nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0776 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9256 | |||
| Oval ID: | oval:org.mitre.oval:def:9256 | ||
| Title: | Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack. | ||
| Description: | Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1839 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9375 | |||
| Oval ID: | oval:org.mitre.oval:def:9375 | ||
| Title: | The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. | ||
| Description: | The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0182 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9384 | |||
| Oval ID: | oval:org.mitre.oval:def:9384 | ||
| Title: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | ||
| Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3988 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9444 | |||
| Oval ID: | oval:org.mitre.oval:def:9444 | ||
| Title: | Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3074 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9446 | |||
| Oval ID: | oval:org.mitre.oval:def:9446 | ||
| Title: | Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. | ||
| Description: | Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0179 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9448 | |||
| Oval ID: | oval:org.mitre.oval:def:9448 | ||
| Title: | Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page. | ||
| Description: | Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1840 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9449 | |||
| Oval ID: | oval:org.mitre.oval:def:9449 | ||
| Title: | The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. | ||
| Description: | The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5052 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9455 | |||
| Oval ID: | oval:org.mitre.oval:def:9455 | ||
| Title: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
| Description: | The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1303 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9494 | |||
| Oval ID: | oval:org.mitre.oval:def:9494 | ||
| Title: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
| Description: | Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1309 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9497 | |||
| Oval ID: | oval:org.mitre.oval:def:9497 | ||
| Title: | Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." | ||
| Description: | Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2472 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9501 | |||
| Oval ID: | oval:org.mitre.oval:def:9501 | ||
| Title: | The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors. | ||
| Description: | The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1392 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9502 | |||
| Oval ID: | oval:org.mitre.oval:def:9502 | ||
| Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0174 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9535 | |||
| Oval ID: | oval:org.mitre.oval:def:9535 | ||
| Title: | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. | ||
| Description: | The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1304 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9590 | |||
| Oval ID: | oval:org.mitre.oval:def:9590 | ||
| Title: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | ||
| Description: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0159 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9594 | |||
| Oval ID: | oval:org.mitre.oval:def:9594 | ||
| Title: | The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element. | ||
| Description: | The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2464 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9609 | |||
| Oval ID: | oval:org.mitre.oval:def:9609 | ||
| Title: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. | ||
| Description: | The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0772 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9641 | |||
| Oval ID: | oval:org.mitre.oval:def:9641 | ||
| Title: | Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. | ||
| Description: | Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3274 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9643 | |||
| Oval ID: | oval:org.mitre.oval:def:9643 | ||
| Title: | The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | ||
| Description: | The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-3835 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9660 | |||
| Oval ID: | oval:org.mitre.oval:def:9660 | ||
| Title: | Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. | ||
| Description: | Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5013 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9662 | |||
| Oval ID: | oval:org.mitre.oval:def:9662 | ||
| Title: | The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. | ||
| Description: | The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-5510 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9681 | |||
| Oval ID: | oval:org.mitre.oval:def:9681 | ||
| Title: | Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. | ||
| Description: | Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0775 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9686 | |||
| Oval ID: | oval:org.mitre.oval:def:9686 | ||
| Title: | Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. | ||
| Description: | Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2654 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9789 | |||
| Oval ID: | oval:org.mitre.oval:def:9789 | ||
| Title: | The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." | ||
| Description: | The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3374 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9791 | |||
| Oval ID: | oval:org.mitre.oval:def:9791 | ||
| Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||
| Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3984 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9796 | |||
| Oval ID: | oval:org.mitre.oval:def:9796 | ||
| Title: | Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function. | ||
| Description: | Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0354 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9803 | |||
| Oval ID: | oval:org.mitre.oval:def:9803 | ||
| Title: | Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning. | ||
| Description: | Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1835 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9806 | |||
| Oval ID: | oval:org.mitre.oval:def:9806 | ||
| Title: | The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13. | ||
| Description: | The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2664 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9815 | |||
| Oval ID: | oval:org.mitre.oval:def:9815 | ||
| Title: | js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | ||
| Description: | js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1841 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9818 | |||
| Oval ID: | oval:org.mitre.oval:def:9818 | ||
| Title: | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||
| Description: | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-1312 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9820 | |||
| Oval ID: | oval:org.mitre.oval:def:9820 | ||
| Title: | The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT. | ||
| Description: | The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2466 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9834 | |||
| Oval ID: | oval:org.mitre.oval:def:9834 | ||
| Title: | Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. | ||
| Description: | Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0175 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9835 | |||
| Oval ID: | oval:org.mitre.oval:def:9835 | ||
| Title: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp. | ||
| Description: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0167 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9911 | |||
| Oval ID: | oval:org.mitre.oval:def:9911 | ||
| Title: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||
| Description: | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-3985 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9922 | |||
| Oval ID: | oval:org.mitre.oval:def:9922 | ||
| Title: | Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582. | ||
| Description: | Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-0356 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9994 | |||
| Oval ID: | oval:org.mitre.oval:def:9994 | ||
| Title: | Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. | ||
| Description: | Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-2210 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Mozilla Firefox JIT Escape Function Memory Corruption | More info here |
| Mozilla Firefox PKCS11 Module Installation Code Execution | More info here |
| Firefox AttributeChildRemoved Use After Free | More info here |
| Mozilla Firefox document.write and DOM insertion memory corruption | More info here |
| Mozilla Firefox nsTreeRange Use After Free | More info here |
| Firefox sensor.dll Insecure Library Loading | More info here |
| Mozilla Firefox OBJECT mChannel Use-After-Free | More info here |
| Mozilla Firefox UTF-8 URL buffer overflow | More info here |
| Firefox DOMAttrModified nsSVGValue Observer Handling Out-of-bounds Memory Access | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2013-12-24 | Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution |
| 2013-08-19 | Mozilla Firefox 3.5.4 - Local Color Map Exploit |
| 2013-08-19 | Mozilla Firefox 3.6 - Integer Overflow Exploit |
| 2012-02-27 | Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit |
| 2011-10-12 | Mozilla Firefox Array.reduceRight() Integer Overflow Exploit |
| 2010-10-28 | Firefox Memory Corruption Proof of Concept (Simplified) |
| 2010-09-25 | MOAUB #25 - Mozilla Firefox CSS font-face Remote Code Execution Vulnerability |
| 2010-09-17 | MOAUB #17 - Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code ... |
| 2010-09-09 | MOAUB #9 - Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability |
| 2010-07-20 | libpng <= 1.4.2 Denial of Service Vulnerability |
| 2010-05-21 | Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities |
| 2009-12-21 | TLS Renegotiation Vulnerability PoC Exploit |
| 2009-12-18 | Mozilla Firefox Location Bar Spoofing Vulnerability |
| 2009-11-19 | Opera 10.01 Remote Array Overrun |
| 2009-11-19 | K-Meleon 1.5.3 Remote Array Overrun |
| 2009-11-19 | SeaMonkey 1.1.8 Remote Array Overrun |
| 2009-11-19 | KDE KDELibs 4.3.3 Remote Array Overrun |
| 2009-09-14 | Mozilla Firefox 2.0.0.16 UTF-8 URL Remote Buffer Overflow Exploit |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2013-09-18 | Name : Debian Security Advisory DSA 2406-1 (icedove - several vulnerabilities) File : nvt/deb_2406_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2457-2 (iceweasel - several vulnerabilities) File : nvt/deb_2457_2.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2458-2 (iceape - several vulnerabilities) File : nvt/deb_2458_2.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2513-1 (iceape - several vulnerabilities) File : nvt/deb_2513_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2553-1 (iceweasel - several vulnerabilities) File : nvt/deb_2553_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2583-1 (iceweasel - several vulnerabilities) File : nvt/deb_2583_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2584-1 (iceape - several vulnerabilities) File : nvt/deb_2584_1.nasl |
| 2013-09-18 | Name : Debian Security Advisory DSA 2588-1 (icedove - several vulnerabilities) File : nvt/deb_2588_1.nasl |
| 2013-04-01 | Name : Mozilla Firefox ESR Code Execution Vulnerabilities - November12 (Mac OS X) File : nvt/gb_mozilla_firefox_esr_code_exec_vuln_nov12_macosx.nasl |
| 2013-04-01 | Name : Mozilla Firefox ESR Code Execution Vulnerabilities - November12 (Windows) File : nvt/gb_mozilla_firefox_esr_code_exec_vuln_nov12_win.nasl |
| 2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0656-1 (update) File : nvt/gb_suse_2012_0656_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox, openSUSE-SU-2012:0760-1 (MozillaFirefox,) File : nvt/gb_suse_2012_0760_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:0899-1 (MozillaFirefox) File : nvt/gb_suse_2012_0899_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaThunderbird openSUSE-SU-2012:0917-1 (MozillaThunderbird) File : nvt/gb_suse_2012_0917_1.nasl |
| 2012-12-13 | Name : SuSE Update for xulrunner openSUSE-SU-2012:0924-1 (xulrunner) File : nvt/gb_suse_2012_0924_1.nasl |
| 2012-12-13 | Name : SuSE Update for seamonkey openSUSE-SU-2012:0935-1 (seamonkey) File : nvt/gb_suse_2012_0935_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox) File : nvt/gb_suse_2012_1064_1.nasl |
| 2012-12-13 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:1345-1 (MozillaFirefox) File : nvt/gb_suse_2012_1345_1.nasl |
| 2012-12-13 | Name : SuSE Update for Mozilla Suite openSUSE-SU-2012:1412-1 (Mozilla Suite) File : nvt/gb_suse_2012_1412_1.nasl |
| 2012-12-06 | Name : Fedora Update for seamonkey FEDORA-2012-18931 File : nvt/gb_fedora_2012_18931_seamonkey_fc16.nasl |
| 2012-12-06 | Name : Fedora Update for seamonkey FEDORA-2012-18952 File : nvt/gb_fedora_2012_18952_seamonkey_fc17.nasl |
| 2012-12-04 | Name : Ubuntu Update for firefox USN-1638-3 File : nvt/gb_ubuntu_USN_1638_3.nasl |
| 2012-11-26 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox72.nasl |
| 2012-11-26 | Name : Mozilla Firefox Code Execution Vulnerabilities - November12 (Mac OS X) File : nvt/gb_mozilla_firefox_code_exec_vuln_nov12_macosx.nasl |
| 2012-11-26 | Name : Mozilla Firefox Code Execution Vulnerabilities - November12 (Windows) File : nvt/gb_mozilla_firefox_code_exec_vuln_nov12_win.nasl |
| 2012-11-26 | Name : Mozilla Firefox ESR Multiple Vulnerabilities-01 November12 (Windows) File : nvt/gb_mozilla_firefox_esr_mult_vuln01_nov12_win.nasl |
| 2012-11-26 | Name : Mozilla Firefox Multiple Vulnerabilities-01 November12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln01_nov12_macosx.nasl |
| 2012-11-26 | Name : Mozilla Firefox Multiple Vulnerabilities-01 November12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln01_nov12_win.nasl |
| 2012-11-26 | Name : Mozilla Firefox Multiple Vulnerabilities-02 November12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln02_nov12_macosx.nasl |
| 2012-11-26 | Name : Mozilla Firefox Multiple Vulnerabilities-02 November12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln02_nov12_win.nasl |
| 2012-11-26 | Name : Mozilla SeaMonkey Multiple Vulnerabilities-01 November12 (Windows) File : nvt/gb_mozilla_seamonkey_mult_vuln01_nov12_win.nasl |
| 2012-11-26 | Name : Mozilla SeaMonkey Multiple Vulnerabilities-02 November12 (Windows) File : nvt/gb_mozilla_seamonkey_mult_vuln02_nov12_win.nasl |
| 2012-11-26 | Name : Mozilla Thunderbird ESR Multiple Vulnerabilities-01 November12 (Windows) File : nvt/gb_mozilla_thunderbird_esr_mult_vuln01_nov12_win.nasl |
| 2012-11-26 | Name : Mozilla Thunderbird Multiple Vulnerabilities-01 November12 (Windows) File : nvt/gb_mozilla_thunderbird_mult_vuln01_nov12_win.nasl |
| 2012-11-26 | Name : Mozilla Thunderbird Multiple Vulnerabilities-02 November12 (Windows) File : nvt/gb_mozilla_thunderbird_mult_vuln02_nov12_win.nasl |
| 2012-11-23 | Name : CentOS Update for firefox CESA-2012:1482 centos5 File : nvt/gb_CESA-2012_1482_firefox_centos5.nasl |
| 2012-11-23 | Name : CentOS Update for firefox CESA-2012:1482 centos6 File : nvt/gb_CESA-2012_1482_firefox_centos6.nasl |
| 2012-11-23 | Name : CentOS Update for thunderbird CESA-2012:1483 centos5 File : nvt/gb_CESA-2012_1483_thunderbird_centos5.nasl |
| 2012-11-23 | Name : CentOS Update for thunderbird CESA-2012:1483 centos6 File : nvt/gb_CESA-2012_1483_thunderbird_centos6.nasl |
| 2012-11-23 | Name : RedHat Update for firefox RHSA-2012:1482-01 File : nvt/gb_RHSA-2012_1482-01_firefox.nasl |
| 2012-11-23 | Name : RedHat Update for thunderbird RHSA-2012:1483-01 File : nvt/gb_RHSA-2012_1483-01_thunderbird.nasl |
| 2012-11-23 | Name : Ubuntu Update for thunderbird USN-1636-1 File : nvt/gb_ubuntu_USN_1636_1.nasl |
| 2012-11-23 | Name : Ubuntu Update for firefox USN-1638-1 File : nvt/gb_ubuntu_USN_1638_1.nasl |
| 2012-11-23 | Name : Ubuntu Update for ubufox USN-1638-2 File : nvt/gb_ubuntu_USN_1638_2.nasl |
| 2012-11-16 | Name : Debian Security Advisory DSA 2569-1 (icedove) File : nvt/deb_2569_1.nasl |
| 2012-11-16 | Name : Debian Security Advisory DSA 2572-1 (iceape) File : nvt/deb_2572_1.nasl |
| 2012-11-16 | Name : VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console File : nvt/gb_VMSA-2012-0016.nasl |
| 2012-11-02 | Name : CentOS Update for thunderbird CESA-2012:1413 centos5 File : nvt/gb_CESA-2012_1413_thunderbird_centos5.nasl |
| 2012-11-02 | Name : CentOS Update for thunderbird CESA-2012:1413 centos6 File : nvt/gb_CESA-2012_1413_thunderbird_centos6.nasl |
| 2012-11-02 | Name : RedHat Update for thunderbird RHSA-2012:1413-01 File : nvt/gb_RHSA-2012_1413-01_thunderbird.nasl |
| 2012-11-02 | Name : Mozilla Firefox Multiple Vulnerabilities - November12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln_nov12_macosx.nasl |
| 2012-11-02 | Name : Mozilla Firefox Multiple Vulnerabilities - November12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_nov12_win.nasl |
| 2012-10-31 | Name : Ubuntu Update for thunderbird USN-1620-2 File : nvt/gb_ubuntu_USN_1620_2.nasl |
| 2012-10-29 | Name : Debian Security Advisory DSA 2565-1 (iceweasel) File : nvt/deb_2565_1.nasl |
| 2012-10-29 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox71.nasl |
| 2012-10-29 | Name : CentOS Update for firefox CESA-2012:1407 centos5 File : nvt/gb_CESA-2012_1407_firefox_centos5.nasl |
| 2012-10-29 | Name : CentOS Update for firefox CESA-2012:1407 centos6 File : nvt/gb_CESA-2012_1407_firefox_centos6.nasl |
| 2012-10-29 | Name : RedHat Update for firefox RHSA-2012:1407-01 File : nvt/gb_RHSA-2012_1407-01_firefox.nasl |
| 2012-10-29 | Name : Ubuntu Update for firefox USN-1620-1 File : nvt/gb_ubuntu_USN_1620_1.nasl |
| 2012-10-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.6.0-openjdk_fc16.nasl |
| 2012-10-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-16351 File : nvt/gb_fedora_2012_16351_java-1.7.0-openjdk_fc16.nasl |
| 2012-10-16 | Name : CentOS Update for xulrunner CESA-2012:1361 centos5 File : nvt/gb_CESA-2012_1361_xulrunner_centos5.nasl |
| 2012-10-16 | Name : CentOS Update for xulrunner CESA-2012:1361 centos6 File : nvt/gb_CESA-2012_1361_xulrunner_centos6.nasl |
| 2012-10-16 | Name : CentOS Update for thunderbird CESA-2012:1362 centos5 File : nvt/gb_CESA-2012_1362_thunderbird_centos5.nasl |
| 2012-10-16 | Name : CentOS Update for thunderbird CESA-2012:1362 centos6 File : nvt/gb_CESA-2012_1362_thunderbird_centos6.nasl |
| 2012-10-16 | Name : RedHat Update for xulrunner RHSA-2012:1361-01 File : nvt/gb_RHSA-2012_1361-01_xulrunner.nasl |
| 2012-10-16 | Name : RedHat Update for thunderbird RHSA-2012:1362-01 File : nvt/gb_RHSA-2012_1362-01_thunderbird.nasl |
| 2012-10-16 | Name : Ubuntu Update for thunderbird USN-1611-1 File : nvt/gb_ubuntu_USN_1611_1.nasl |
| 2012-10-15 | Name : Mozilla Firefox Multiple Vulnerabilities-01 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln01_oct12_macosx.nasl |
| 2012-10-15 | Name : Mozilla Firefox Multiple Vulnerabilities-01 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln01_oct12_win.nasl |
| 2012-10-15 | Name : Mozilla Firefox Multiple Vulnerabilities - Oct 12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln_oct12_macosx.nasl |
| 2012-10-15 | Name : Mozilla Firefox Multiple Vulnerabilities - Oct 12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_oct12_win.nasl |
| 2012-10-15 | Name : Mozilla Firefox Security Bypass Vulnerabilities - Oct 12 (Mac OS X) File : nvt/gb_mozilla_prdts_sec_bypass_vuln_oct12_macosx.nasl |
| 2012-10-15 | Name : Mozilla Firefox Security Bypass Vulnerabilities - Oct 12 (Windows) File : nvt/gb_mozilla_prdts_sec_bypass_vuln_oct12_win.nasl |
| 2012-10-15 | Name : Mozilla Firefox 'WebSockets' Denial of Service Vulnerability (Mac OS X) File : nvt/gb_mozilla_prdts_websockets_dos_macosx.nasl |
| 2012-10-15 | Name : Mozilla Firefox 'WebSockets' Denial of Service Vulnerability (Windows) File : nvt/gb_mozilla_prdts_websockets_dos_win.nasl |
| 2012-10-13 | Name : Debian Security Advisory DSA 2556-1 (icedove) File : nvt/deb_2556_1.nasl |
| 2012-10-13 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox70.nasl |
| 2012-10-12 | Name : Mandriva Update for libxslt MDVSA-2012:164 (libxslt) File : nvt/gb_mandriva_MDVSA_2012_164.nasl |
| 2012-10-12 | Name : Ubuntu Update for firefox USN-1608-1 File : nvt/gb_ubuntu_USN_1608_1.nasl |
| 2012-10-11 | Name : CentOS Update for firefox CESA-2012:1350 centos5 File : nvt/gb_CESA-2012_1350_firefox_centos5.nasl |
| 2012-10-11 | Name : CentOS Update for firefox CESA-2012:1350 centos6 File : nvt/gb_CESA-2012_1350_firefox_centos6.nasl |
| 2012-10-11 | Name : CentOS Update for thunderbird CESA-2012:1351 centos5 File : nvt/gb_CESA-2012_1351_thunderbird_centos5.nasl |
| 2012-10-11 | Name : CentOS Update for thunderbird CESA-2012:1351 centos6 File : nvt/gb_CESA-2012_1351_thunderbird_centos6.nasl |
| 2012-10-11 | Name : RedHat Update for firefox RHSA-2012:1350-01 File : nvt/gb_RHSA-2012_1350-01_firefox.nasl |
| 2012-10-11 | Name : RedHat Update for thunderbird RHSA-2012:1351-01 File : nvt/gb_RHSA-2012_1351-01_thunderbird.nasl |
| 2012-10-11 | Name : Ubuntu Update for firefox USN-1600-1 File : nvt/gb_ubuntu_USN_1600_1.nasl |
| 2012-10-05 | Name : Ubuntu Update for libxslt USN-1595-1 File : nvt/gb_ubuntu_USN_1595_1.nasl |
| 2012-10-03 | Name : Debian Security Advisory DSA 2554-1 (iceape) File : nvt/deb_2554_1.nasl |
| 2012-10-03 | Name : Fedora Update for libxslt FEDORA-2012-14048 File : nvt/gb_fedora_2012_14048_libxslt_fc16.nasl |
| 2012-10-03 | Name : Ubuntu Update for thunderbird USN-1551-2 File : nvt/gb_ubuntu_USN_1551_2.nasl |
| 2012-09-27 | Name : Fedora Update for libxslt FEDORA-2012-14083 File : nvt/gb_fedora_2012_14083_libxslt_fc17.nasl |
| 2012-09-25 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004) File : nvt/gb_macosx_su12-004.nasl |
| 2012-09-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-13127 File : nvt/gb_fedora_2012_13127_java-1.6.0-openjdk_fc16.nasl |
| 2012-09-17 | Name : CentOS Update for libxslt CESA-2012:1265 centos5 File : nvt/gb_CESA-2012_1265_libxslt_centos5.nasl |
| 2012-09-17 | Name : CentOS Update for libxslt CESA-2012:1265 centos6 File : nvt/gb_CESA-2012_1265_libxslt_centos6.nasl |
| 2012-09-17 | Name : RedHat Update for libxslt RHSA-2012:1265-01 File : nvt/gb_RHSA-2012_1265-01_libxslt.nasl |
| 2012-09-17 | Name : Ubuntu Update for firefox USN-1548-2 File : nvt/gb_ubuntu_USN_1548_2.nasl |
| 2012-09-06 | Name : Ubuntu Update for firefox USN-1548-1 File : nvt/gb_ubuntu_USN_1548_1.nasl |
| 2012-09-04 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-13138 File : nvt/gb_fedora_2012_13138_java-1.7.0-openjdk_fc16.nasl |
| 2012-09-04 | Name : Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail) File : nvt/gb_mandriva_MDVSA_2012_149.nasl |
| 2012-09-04 | Name : Ubuntu Update for thunderbird USN-1551-1 File : nvt/gb_ubuntu_USN_1551_1.nasl |
| 2012-08-30 | Name : Debian Security Advisory DSA 2528-1 (icedove) File : nvt/deb_2528_1.nasl |
| 2012-08-30 | Name : FreeBSD Ports: fetchmail File : nvt/freebsd_fetchmail16.nasl |
| 2012-08-30 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox69.nasl |
| 2012-08-30 | Name : CentOS Update for firefox CESA-2012:1210 centos5 File : nvt/gb_CESA-2012_1210_firefox_centos5.nasl |
| 2012-08-30 | Name : CentOS Update for firefox CESA-2012:1210 centos6 File : nvt/gb_CESA-2012_1210_firefox_centos6.nasl |
| 2012-08-30 | Name : CentOS Update for thunderbird CESA-2012:1211 centos5 File : nvt/gb_CESA-2012_1211_thunderbird_centos5.nasl |
| 2012-08-30 | Name : CentOS Update for thunderbird CESA-2012:1211 centos6 File : nvt/gb_CESA-2012_1211_thunderbird_centos6.nasl |
| 2012-08-30 | Name : RedHat Update for firefox RHSA-2012:1210-01 File : nvt/gb_RHSA-2012_1210-01_firefox.nasl |
| 2012-08-30 | Name : RedHat Update for thunderbird RHSA-2012:1211-01 File : nvt/gb_RHSA-2012_1211-01_thunderbird.nasl |
| 2012-08-30 | Name : Fedora Update for thunderbird FEDORA-2012-1794 File : nvt/gb_fedora_2012_1794_thunderbird_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for xulrunner FEDORA-2012-1800 File : nvt/gb_fedora_2012_1800_xulrunner_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for libpng FEDORA-2012-1892 File : nvt/gb_fedora_2012_1892_libpng_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for libpng10 FEDORA-2012-2003 File : nvt/gb_fedora_2012_2003_libpng10_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for thunderbird FEDORA-2012-4910 File : nvt/gb_fedora_2012_4910_thunderbird_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for python3 FEDORA-2012-5785 File : nvt/gb_fedora_2012_5785_python3_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for python-docs FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python-docs_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for python FEDORA-2012-5892 File : nvt/gb_fedora_2012_5892_python_fc17.nasl |
| 2012-08-30 | Name : Mandriva Update for firefox MDVSA-2012:145 (firefox) File : nvt/gb_mandriva_MDVSA_2012_145.nasl |
| 2012-08-30 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2012:147 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2012_147.nasl |
| 2012-08-30 | Name : Mozilla Firefox Multiple Vulnerabilities - August12 (Mac OS X) File : nvt/gb_mozilla_firefox_mult_vuln_aug12_macosx.nasl |
| 2012-08-30 | Name : Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) File : nvt/gb_mozilla_firefox_mult_vuln_aug12_win.nasl |
| 2012-08-30 | Name : Mozilla Firefox Multiple Vulnerabilities - August12 (Mac OS X) File : nvt/gb_mozilla_firefox_thunderbird_mult_vuln_aug12_macosx.nasl |
| 2012-08-30 | Name : Mozilla Firefox Multiple Vulnerabilities - August12 (Windows) File : nvt/gb_mozilla_firefox_thunderbird_mult_vuln_aug12_win.nasl |
| 2012-08-30 | Name : Mozilla Products Memory Corruption Vulnerabilities - August12 (Mac OS X) File : nvt/gb_mozilla_prdts_mem_corr_vuln_aug12_macosx.nasl |
| 2012-08-30 | Name : Mozilla Products Memory Corruption Vulnerabilities - August12 (Windows) File : nvt/gb_mozilla_prdts_mem_corr_vuln_aug12_win.nasl |
| 2012-08-30 | Name : Mozilla Products Multiple Vulnerabilities - August12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln_aug12_macosx.nasl |
| 2012-08-30 | Name : Mozilla Products Multiple Vulnerabilities - August12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_aug12_win.nasl |
| 2012-08-24 | Name : Ubuntu Update for nss USN-1540-2 File : nvt/gb_ubuntu_USN_1540_2.nasl |
| 2012-08-17 | Name : Ubuntu Update for nss USN-1540-1 File : nvt/gb_ubuntu_USN_1540_1.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2488-1 (iceweasel) File : nvt/deb_2488_1.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2489-1 (iceape) File : nvt/deb_2489_1.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2490-1 (nss) File : nvt/deb_2490_1.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2499-1 (icedove) File : nvt/deb_2499_1.nasl |
| 2012-08-10 | Name : Debian Security Advisory DSA 2514-1 (iceweasel) File : nvt/deb_2514_1.nasl |
| 2012-08-10 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox67.nasl |
| 2012-08-10 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox68.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-15 (libpng) File : nvt/glsa_201206_15.nasl |
| 2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-18 (GnuTLS) File : nvt/glsa_201206_18.nasl |
| 2012-08-03 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2012:018 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2012_018.nasl |
| 2012-08-03 | Name : Mandriva Update for mozilla MDVSA-2012:022 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_022_firefox.nasl |
| 2012-08-03 | Name : Mandriva Update for mozilla MDVSA-2012:032 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_032.nasl |
| 2012-08-03 | Name : Mandriva Update for mozilla MDVSA-2012:032-1 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_032_1.nasl |
| 2012-08-03 | Name : Mandriva Update for libvorbis MDVSA-2012:052 (libvorbis) File : nvt/gb_mandriva_MDVSA_2012_052.nasl |
| 2012-08-03 | Name : Mandriva Update for curl MDVSA-2012:058 (curl) File : nvt/gb_mandriva_MDVSA_2012_058.nasl |
| 2012-08-03 | Name : Mandriva Update for mozilla MDVSA-2012:066 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_066.nasl |
| 2012-08-03 | Name : Mandriva Update for mozilla MDVSA-2012:088 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_088.nasl |
| 2012-08-03 | Name : Mandriva Update for mozilla MDVSA-2012:110-1 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_110_1.nasl |
| 2012-08-03 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:0234-1 (MozillaFirefox) File : nvt/gb_suse_2012_0234_1.nasl |
| 2012-08-02 | Name : SuSE Update for seamonkey openSUSE-SU-2012:0007-1 (seamonkey) File : nvt/gb_suse_2012_0007_1.nasl |
| 2012-08-02 | Name : SuSE Update for seamonkey openSUSE-SU-2012:0039-1 (seamonkey) File : nvt/gb_suse_2012_0039_1.nasl |
| 2012-08-02 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:0039-2 (MozillaFirefox) File : nvt/gb_suse_2012_0039_2.nasl |
| 2012-08-02 | Name : SuSE Update for MozillaFirefox openSUSE-SU-2012:0258-1 (MozillaFirefox) File : nvt/gb_suse_2012_0258_1.nasl |
| 2012-08-02 | Name : SuSE Update for mozilla-xulrunner192 openSUSE-SU-2012:0297-1 (mozilla-xulrunn... File : nvt/gb_suse_2012_0297_1.nasl |
| 2012-08-02 | Name : SuSE Update for libpng12 openSUSE-SU-2012:0316-1 (libpng12) File : nvt/gb_suse_2012_0316_1.nasl |
| 2012-08-02 | Name : SuSE Update for libvorbis openSUSE-SU-2012:0319-1 (libvorbis) File : nvt/gb_suse_2012_0319_1.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2010:0966 centos4 x86_64 File : nvt/gb_CESA-2010_0966_firefox_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for seamonkey CESA-2010:0967 centos4 x86_64 File : nvt/gb_CESA-2010_0967_seamonkey_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2010:0968 centos4 x86_64 File : nvt/gb_CESA-2010_0968_thunderbird_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:0471 centos4 x86_64 File : nvt/gb_CESA-2011_0471_firefox_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:0471 centos5 x86_64 File : nvt/gb_CESA-2011_0471_firefox_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for seamonkey CESA-2011:0473 centos4 x86_64 File : nvt/gb_CESA-2011_0473_seamonkey_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:0474 centos4 x86_64 File : nvt/gb_CESA-2011_0474_thunderbird_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:0474 centos5 x86_64 File : nvt/gb_CESA-2011_0474_thunderbird_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:0885 centos4 x86_64 File : nvt/gb_CESA-2011_0885_firefox_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:0885 centos5 x86_64 File : nvt/gb_CESA-2011_0885_firefox_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:0887 centos4 x86_64 File : nvt/gb_CESA-2011_0887_thunderbird_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:0887 centos5 x86_64 File : nvt/gb_CESA-2011_0887_thunderbird_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for seamonkey CESA-2011:0888 centos4 x86_64 File : nvt/gb_CESA-2011_0888_seamonkey_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:1164 centos4 x86_64 File : nvt/gb_CESA-2011_1164_firefox_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:1164 centos5 x86_64 File : nvt/gb_CESA-2011_1164_firefox_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for xulrunner CESA-2011:1164 centos5 x86_64 File : nvt/gb_CESA-2011_1164_xulrunner_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1165 centos4 x86_64 File : nvt/gb_CESA-2011_1165_thunderbird_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1165 centos5 x86_64 File : nvt/gb_CESA-2011_1165_thunderbird_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for seamonkey CESA-2011:1167 centos4 x86_64 File : nvt/gb_CESA-2011_1167_seamonkey_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:1341 centos4 x86_64 File : nvt/gb_CESA-2011_1341_firefox_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:1341 centos5 x86_64 File : nvt/gb_CESA-2011_1341_firefox_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos4 x86_64 File : nvt/gb_CESA-2011_1343_thunderbird_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos5 x86_64 File : nvt/gb_CESA-2011_1343_thunderbird_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for seamonkey CESA-2011:1344 centos4 x86_64 File : nvt/gb_CESA-2011_1344_seamonkey_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for java CESA-2011:1380 centos5 x86_64 File : nvt/gb_CESA-2011_1380_java_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:1437 centos4 x86_64 File : nvt/gb_CESA-2011_1437_firefox_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2011:1437 centos5 x86_64 File : nvt/gb_CESA-2011_1437_firefox_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1438 centos4 x86_64 File : nvt/gb_CESA-2011_1438_thunderbird_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1438 centos5 x86_64 File : nvt/gb_CESA-2011_1438_thunderbird_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for seamonkey CESA-2011:1440 centos4 x86_64 File : nvt/gb_CESA-2011_1440_seamonkey_centos4_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:0079 centos4 File : nvt/gb_CESA-2012_0079_firefox_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:0079 centos5 File : nvt/gb_CESA-2012_0079_firefox_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:0079 centos6 File : nvt/gb_CESA-2012_0079_firefox_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0080 centos6 File : nvt/gb_CESA-2012_0080_thunderbird_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for seamonkey CESA-2012:0084 centos4 File : nvt/gb_CESA-2012_0084_seamonkey_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0085 centos4 File : nvt/gb_CESA-2012_0085_thunderbird_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0085 centos5 File : nvt/gb_CESA-2012_0085_thunderbird_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for libvorbis CESA-2012:0136 centos4 File : nvt/gb_CESA-2012_0136_libvorbis_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for libvorbis CESA-2012:0136 centos5 File : nvt/gb_CESA-2012_0136_libvorbis_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for libvorbis CESA-2012:0136 centos6 File : nvt/gb_CESA-2012_0136_libvorbis_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0140 centos6 File : nvt/gb_CESA-2012_0140_thunderbird_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for seamonkey CESA-2012:0141 centos4 File : nvt/gb_CESA-2012_0141_seamonkey_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:0142 centos4 File : nvt/gb_CESA-2012_0142_firefox_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for xulrunner CESA-2012:0143 centos5 File : nvt/gb_CESA-2012_0143_xulrunner_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for xulrunner CESA-2012:0143 centos6 File : nvt/gb_CESA-2012_0143_xulrunner_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for libpng10 CESA-2012:0317 centos4 File : nvt/gb_CESA-2012_0317_libpng10_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for libpng CESA-2012:0317 centos4 File : nvt/gb_CESA-2012_0317_libpng_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for libpng CESA-2012:0317 centos5 File : nvt/gb_CESA-2012_0317_libpng_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for libpng CESA-2012:0317 centos6 File : nvt/gb_CESA-2012_0317_libpng_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:0387 centos5 File : nvt/gb_CESA-2012_0387_firefox_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:0387 centos6 File : nvt/gb_CESA-2012_0387_firefox_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0388 centos5 File : nvt/gb_CESA-2012_0388_thunderbird_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0388 centos6 File : nvt/gb_CESA-2012_0388_thunderbird_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:0515 centos5 File : nvt/gb_CESA-2012_0515_firefox_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:0515 centos6 File : nvt/gb_CESA-2012_0515_firefox_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0516 centos5 File : nvt/gb_CESA-2012_0516_thunderbird_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0516 centos6 File : nvt/gb_CESA-2012_0516_thunderbird_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:0710 centos5 File : nvt/gb_CESA-2012_0710_firefox_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:0710 centos6 File : nvt/gb_CESA-2012_0710_firefox_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0715 centos5 File : nvt/gb_CESA-2012_0715_thunderbird_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:0715 centos6 File : nvt/gb_CESA-2012_0715_thunderbird_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:1088 centos5 File : nvt/gb_CESA-2012_1088_firefox_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for firefox CESA-2012:1088 centos6 File : nvt/gb_CESA-2012_1088_firefox_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:1089 centos5 File : nvt/gb_CESA-2012_1089_thunderbird_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for thunderbird CESA-2012:1089 centos6 File : nvt/gb_CESA-2012_1089_thunderbird_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for nspr CESA-2012:1090 centos5 File : nvt/gb_CESA-2012_1090_nspr_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for nspr CESA-2012:1091 centos6 File : nvt/gb_CESA-2012_1091_nspr_centos6.nasl |
| 2012-07-26 | Name : Mandriva Update for mozilla MDVSA-2012:110 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_110.nasl |
| 2012-07-24 | Name : Mozilla Products Memory Corruption Vulnerabilities - July12 (Mac OS X) File : nvt/gb_mozilla_prdts_mem_corr_vuln_jul12_macosx.nasl |
| 2012-07-24 | Name : Mozilla Products Memory Corruption Vulnerabilities - July12 (Windows) File : nvt/gb_mozilla_prdts_mem_corr_vuln_jul12_win.nasl |
| 2012-07-23 | Name : Mozilla Firefox Multiple Vulnerabilities - July12 (Mac OS X) File : nvt/gb_mozilla_firefox_mult_vuln_jul12_macosx.nasl |
| 2012-07-23 | Name : Mozilla Firefox Multiple Vulnerabilities - July12 (Windows) File : nvt/gb_mozilla_firefox_mult_vuln_jul12_win.nasl |
| 2012-07-23 | Name : Mozilla Products Certificate Page Clickjacking Vulnerability (Mac OS X) File : nvt/gb_mozilla_prdts_clickjacking_vuln_macosx.nasl |
| 2012-07-23 | Name : Mozilla Products Certificate Page Clickjacking Vulnerability (Windows) File : nvt/gb_mozilla_prdts_clickjacking_vuln_win.nasl |
| 2012-07-23 | Name : Mozilla Products Multiple Vulnerabilities - July12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln_jul12_macosx.nasl |
| 2012-07-23 | Name : Mozilla Products Multiple Vulnerabilities - July12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_jul12_win.nasl |
| 2012-07-19 | Name : RedHat Update for firefox RHSA-2012:1088-01 File : nvt/gb_RHSA-2012_1088-01_firefox.nasl |
| 2012-07-19 | Name : RedHat Update for thunderbird RHSA-2012:1089-01 File : nvt/gb_RHSA-2012_1089-01_thunderbird.nasl |
| 2012-07-19 | Name : RedHat Update for nss and nspr RHSA-2012:1090-01 File : nvt/gb_RHSA-2012_1090-01_nss_and_nspr.nasl |
| 2012-07-19 | Name : RedHat Update for nss, nspr, and nss-util RHSA-2012:1091-01 File : nvt/gb_RHSA-2012_1091-01_nss_nspr_and_nss-util.nasl |
| 2012-07-19 | Name : Ubuntu Update for firefox USN-1509-1 File : nvt/gb_ubuntu_USN_1509_1.nasl |
| 2012-07-19 | Name : Ubuntu Update for ubufox USN-1509-2 File : nvt/gb_ubuntu_USN_1509_2.nasl |
| 2012-07-19 | Name : Ubuntu Update for thunderbird USN-1510-1 File : nvt/gb_ubuntu_USN_1510_1.nasl |
| 2012-07-09 | Name : RedHat Update for thunderbird RHSA-2011:0311-01 File : nvt/gb_RHSA-2011_0311-01_thunderbird.nasl |
| 2012-07-09 | Name : RedHat Update for thunderbird RHSA-2011:1166-01 File : nvt/gb_RHSA-2011_1166-01_thunderbird.nasl |
| 2012-07-09 | Name : RedHat Update for thunderbird RHSA-2011:1342-01 File : nvt/gb_RHSA-2011_1342-01_thunderbird.nasl |
| 2012-07-09 | Name : RedHat Update for thunderbird RHSA-2011:1439-01 File : nvt/gb_RHSA-2011_1439-01_thunderbird.nasl |
| 2012-07-09 | Name : RedHat Update for thunderbird RHSA-2012:0080-01 File : nvt/gb_RHSA-2012_0080-01_thunderbird.nasl |
| 2012-07-09 | Name : RedHat Update for thunderbird RHSA-2012:0140-01 File : nvt/gb_RHSA-2012_0140-01_thunderbird.nasl |
| 2012-07-09 | Name : RedHat Update for thunderbird RHSA-2012:0388-01 File : nvt/gb_RHSA-2012_0388-01_thunderbird.nasl |
| 2012-07-09 | Name : RedHat Update for thunderbird RHSA-2012:0516-01 File : nvt/gb_RHSA-2012_0516-01_thunderbird.nasl |
| 2012-06-28 | Name : Ubuntu Update for thunderbird USN-1463-6 File : nvt/gb_ubuntu_USN_1463_6.nasl |
| 2012-06-25 | Name : Mandriva Update for mozilla MDVSA-2012:088-1 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_088_1.nasl |
| 2012-06-25 | Name : Ubuntu Update for thunderbird USN-1463-4 File : nvt/gb_ubuntu_USN_1463_4.nasl |
| 2012-06-22 | Name : Fedora Update for python3 FEDORA-2012-9135 File : nvt/gb_fedora_2012_9135_python3_fc16.nasl |
| 2012-06-22 | Name : Mandriva Update for python MDVSA-2012:096 (python) File : nvt/gb_mandriva_MDVSA_2012_096.nasl |
| 2012-06-22 | Name : Mandriva Update for python MDVSA-2012:097 (python) File : nvt/gb_mandriva_MDVSA_2012_097.nasl |
| 2012-06-22 | Name : Ubuntu Update for firefox USN-1463-3 File : nvt/gb_ubuntu_USN_1463_3.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9541 File : nvt/gb_fedora_2012_9541_java-1.6.0-openjdk_fc15.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-9545 File : nvt/gb_fedora_2012_9545_java-1.6.0-openjdk_fc16.nasl |
| 2012-06-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-9593 File : nvt/gb_fedora_2012_9593_java-1.7.0-openjdk_fc16.nasl |
| 2012-06-19 | Name : Mozilla Products 'jsinfer.cpp' Denial of Service Vulnerability (Mac OS X) File : nvt/gb_mozilla_prdts_jsinfer_dos_vuln_macosx.nasl |
| 2012-06-19 | Name : Mozilla Products 'jsinfer.cpp' Denial of Service Vulnerability (Windows) File : nvt/gb_mozilla_prdts_jsinfer_dos_vuln_win.nasl |
| 2012-06-19 | Name : Mozilla Products Multiple Vulnerabilities - June12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln_jun12_macosx.nasl |
| 2012-06-19 | Name : Mozilla Products Multiple Vulnerabilities - June12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_jun12_win.nasl |
| 2012-06-08 | Name : RedHat Update for firefox RHSA-2012:0710-01 File : nvt/gb_RHSA-2012_0710-01_firefox.nasl |
| 2012-06-08 | Name : RedHat Update for thunderbird RHSA-2012:0715-01 File : nvt/gb_RHSA-2012_0715-01_thunderbird.nasl |
| 2012-06-08 | Name : Ubuntu Update for firefox USN-1463-1 File : nvt/gb_ubuntu_USN_1463_1.nasl |
| 2012-06-06 | Name : RedHat Update for thunderbird RHSA-2011:0475-01 File : nvt/gb_RHSA-2011_0475-01_thunderbird.nasl |
| 2012-06-06 | Name : RedHat Update for thunderbird RHSA-2011:0886-01 File : nvt/gb_RHSA-2011_0886-01_thunderbird.nasl |
| 2012-05-31 | Name : Debian Security Advisory DSA 2464-1 (icedove) File : nvt/deb_2464_1.nasl |
| 2012-05-31 | Name : Gentoo Security Advisory GLSA 201205-03 (chromium v8) File : nvt/glsa_201205_03.nasl |
| 2012-05-24 | Name : Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows) File : nvt/secpod_apple_safari_mult_vuln_win_oct11.nasl |
| 2012-05-18 | Name : Mac OS X Multiple Vulnerabilities (2012-002) File : nvt/gb_macosx_su12-002.nasl |
| 2012-05-17 | Name : Google Chrome Multiple Vulnerabilities - May 12 (Linux) File : nvt/gb_google_chrome_mult_vuln_may12_lin.nasl |
| 2012-05-08 | Name : Fedora Update for python-docs FEDORA-2012-5924 File : nvt/gb_fedora_2012_5924_python-docs_fc16.nasl |
| 2012-05-08 | Name : Fedora Update for python FEDORA-2012-5924 File : nvt/gb_fedora_2012_5924_python_fc16.nasl |
| 2012-05-08 | Name : Ubuntu Update for thunderbird USN-1430-3 File : nvt/gb_ubuntu_USN_1430_3.nasl |
| 2012-05-04 | Name : Fedora Update for python3 FEDORA-2012-5916 File : nvt/gb_fedora_2012_5916_python3_fc15.nasl |
| 2012-05-02 | Name : Mozilla Products Multiple Vulnerabilities - May12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln_may12_macosx.nasl |
| 2012-05-02 | Name : Mozilla Products Multiple Vulnerabilities - May12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_may12_win.nasl |
| 2012-05-02 | Name : Mozilla Products Security Bypass Vulnerability - May12 (Mac OS X) File : nvt/gb_mozilla_prdts_sec_bypass_vuln_may12_macosx.nasl |
| 2012-05-02 | Name : Mozilla Products Security Bypass Vulnerability - May12 (Windows) File : nvt/gb_mozilla_prdts_sec_bypass_vuln_may12_win.nasl |
| 2012-04-30 | Name : Debian Security Advisory DSA 2398-2 (curl) File : nvt/deb_2398_2.nasl |
| 2012-04-30 | Name : Debian Security Advisory DSA 2433-1 (iceweasel) File : nvt/deb_2433_1.nasl |
| 2012-04-30 | Name : Debian Security Advisory DSA 2437-1 (icedove) File : nvt/deb_2437_1.nasl |
| 2012-04-30 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium10.nasl |
| 2012-04-30 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium9.nasl |
| 2012-04-30 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox65.nasl |
| 2012-04-30 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox66.nasl |
| 2012-04-30 | Name : Ubuntu Update for firefox USN-1430-1 File : nvt/gb_ubuntu_USN_1430_1.nasl |
| 2012-04-30 | Name : Ubuntu Update for ubufox USN-1430-2 File : nvt/gb_ubuntu_USN_1430_2.nasl |
| 2012-04-30 | Name : Gentoo Security Advisory GLSA 201203-22 (nginx) File : nvt/glsa_201203_22.nasl |
| 2012-04-30 | Name : Gentoo Security Advisory GLSA 201203-24 (chromium v8) File : nvt/glsa_201203_24.nasl |
| 2012-04-26 | Name : RedHat Update for firefox RHSA-2012:0515-01 File : nvt/gb_RHSA-2012_0515-01_firefox.nasl |
| 2012-04-26 | Name : Fedora Update for libpng FEDORA-2012-5515 File : nvt/gb_fedora_2012_5515_libpng_fc15.nasl |
| 2012-04-26 | Name : Fedora Update for libpng FEDORA-2012-5518 File : nvt/gb_fedora_2012_5518_libpng_fc16.nasl |
| 2012-04-23 | Name : Ubuntu Update for gsettings-desktop-schemas USN-1400-5 File : nvt/gb_ubuntu_USN_1400_5.nasl |
| 2012-04-11 | Name : Fedora Update for thunderbird FEDORA-2012-5068 File : nvt/gb_fedora_2012_5068_thunderbird_fc15.nasl |
| 2012-04-11 | Name : Fedora Update for libpng10 FEDORA-2012-5079 File : nvt/gb_fedora_2012_5079_libpng10_fc15.nasl |
| 2012-04-11 | Name : Fedora Update for libpng10 FEDORA-2012-5080 File : nvt/gb_fedora_2012_5080_libpng10_fc16.nasl |
| 2012-04-06 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Linux) File : nvt/gb_opera_extented_validation_info_disc_vuln_lin.nasl |
| 2012-04-05 | Name : Google Chrome Multiple Vulnerabilities - April 12 (Linux) File : nvt/gb_google_chrome_mult_vuln_apr12_lin.nasl |
| 2012-04-05 | Name : Google Chrome Multiple Vulnerabilities - April 12 (MAC OS X) File : nvt/gb_google_chrome_mult_vuln_apr12_macosx.nasl |
| 2012-04-05 | Name : Google Chrome Multiple Vulnerabilities - April 12 (Windows) File : nvt/gb_google_chrome_mult_vuln_apr12_win.nasl |
| 2012-04-05 | Name : Ubuntu Update for thunderbird USN-1400-4 File : nvt/gb_ubuntu_USN_1400_4.nasl |
| 2012-04-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-15020 File : nvt/gb_fedora_2011_15020_java-1.6.0-openjdk_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for firefox FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_firefox_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for nss-softokn FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_nss-softokn_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for nss-util FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_nss-util_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for thunderbird-lightning FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_thunderbird-lightning_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for thunderbird FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_thunderbird_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for xulrunner FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_xulrunner_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2012-1690 File : nvt/gb_fedora_2012_1690_java-1.7.0-openjdk_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1711 File : nvt/gb_fedora_2012_1711_java-1.6.0-openjdk_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for thunderbird FEDORA-2012-1844 File : nvt/gb_fedora_2012_1844_thunderbird_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for xulrunner FEDORA-2012-1856 File : nvt/gb_fedora_2012_1856_xulrunner_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for libpng10 FEDORA-2012-3536 File : nvt/gb_fedora_2012_3536_libpng10_fc15.nasl |
| 2012-04-02 | Name : Fedora Update for libpng10 FEDORA-2012-3545 File : nvt/gb_fedora_2012_3545_libpng10_fc16.nasl |
| 2012-04-02 | Name : Fedora Update for libpng FEDORA-2012-3705 File : nvt/gb_fedora_2012_3705_libpng_fc15.nasl |
| 2012-04-02 | Name : Fedora Update for thunderbird FEDORA-2012-5028 File : nvt/gb_fedora_2012_5028_thunderbird_fc16.nasl |
| 2012-03-26 | Name : Fedora Update for libpng FEDORA-2012-3739 File : nvt/gb_fedora_2012_3739_libpng_fc16.nasl |
| 2012-03-26 | Name : Ubuntu Update for thunderbird USN-1401-2 File : nvt/gb_ubuntu_USN_1401_2.nasl |
| 2012-03-22 | Name : Ubuntu Update for thunderbird USN-1400-3 File : nvt/gb_ubuntu_USN_1400_3.nasl |
| 2012-03-22 | Name : Ubuntu Update for xulrunner-1.9.2 USN-1401-1 File : nvt/gb_ubuntu_USN_1401_1.nasl |
| 2012-03-20 | Name : Mozilla Products Multiple Vulnerabilities - Mar12 (Mac OS X 01) File : nvt/gb_mozilla_prdts_mult_vuln_mar12_macosx01.nasl |
| 2012-03-19 | Name : Fedora Update for java-1.7.0-openjdk FEDORA-2011-15555 File : nvt/gb_fedora_2011_15555_java-1.7.0-openjdk_fc16.nasl |
| 2012-03-19 | Name : Fedora Update for nss FEDORA-2011-17400 File : nvt/gb_fedora_2011_17400_nss_fc16.nasl |
| 2012-03-19 | Name : Fedora Update for libvorbis FEDORA-2012-1652 File : nvt/gb_fedora_2012_1652_libvorbis_fc16.nasl |
| 2012-03-19 | Name : Fedora Update for libpng FEDORA-2012-1922 File : nvt/gb_fedora_2012_1922_libpng_fc16.nasl |
| 2012-03-19 | Name : Fedora Update for libpng10 FEDORA-2012-2028 File : nvt/gb_fedora_2012_2028_libpng10_fc16.nasl |
| 2012-03-19 | Name : Mozilla Products Multiple Vulnerabilities - Mar12 (Mac OS X) File : nvt/gb_mozilla_prdts_mult_vuln_mar12_macosx.nasl |
| 2012-03-19 | Name : Mozilla Products Multiple Vulnerabilities - Mar12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_mar12_win.nasl |
| 2012-03-19 | Name : Mozilla Products Multiple Vulnerabilities - Mar12 (Win 01) File : nvt/gb_mozilla_prdts_mult_vuln_mar12_win01.nasl |
| 2012-03-19 | Name : Ubuntu Update for firefox USN-1400-1 File : nvt/gb_ubuntu_USN_1400_1.nasl |
| 2012-03-19 | Name : Ubuntu Update for ubufox USN-1400-2 File : nvt/gb_ubuntu_USN_1400_2.nasl |
| 2012-03-16 | Name : RedHat Update for firefox RHSA-2012:0387-01 File : nvt/gb_RHSA-2012_0387-01_firefox.nasl |
| 2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
| 2012-03-16 | Name : Ubuntu Update for thunderbird USN-1282-1 File : nvt/gb_ubuntu_USN_1282_1.nasl |
| 2012-03-16 | Name : Ubuntu Update for thunderbird USN-1343-1 File : nvt/gb_ubuntu_USN_1343_1.nasl |
| 2012-03-16 | Name : Ubuntu Update for thunderbird USN-1369-1 File : nvt/gb_ubuntu_USN_1369_1.nasl |
| 2012-03-12 | Name : Debian Security Advisory DSA 2410-1 (libpng) File : nvt/deb_2410_1.nasl |
| 2012-03-12 | Name : Debian Security Advisory DSA 2412-1 (libvorbis) File : nvt/deb_2412_1.nasl |
| 2012-03-12 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium7.nasl |
| 2012-03-12 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox64.nasl |
| 2012-03-12 | Name : Gentoo Security Advisory GLSA 201203-02 (cURL) File : nvt/glsa_201203_02.nasl |
| 2012-03-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2012-1721 File : nvt/gb_fedora_2012_1721_java-1.6.0-openjdk_fc15.nasl |
| 2012-03-09 | Name : Mandriva Update for libpng MDVSA-2012:022 (libpng) File : nvt/gb_mandriva_MDVSA_2012_022.nasl |
| 2012-03-07 | Name : Fedora Update for xulrunner FEDORA-2012-1845 File : nvt/gb_fedora_2012_1845_xulrunner_fc15.nasl |
| 2012-03-07 | Name : Fedora Update for libpng FEDORA-2012-1930 File : nvt/gb_fedora_2012_1930_libpng_fc15.nasl |
| 2012-03-07 | Name : Fedora Update for libpng10 FEDORA-2012-2008 File : nvt/gb_fedora_2012_2008_libpng10_fc15.nasl |
| 2012-03-07 | Name : Mandriva Update for mozilla MDVSA-2012:022-1 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_022_1.nasl |
| 2012-02-21 | Name : RedHat Update for libvorbis RHSA-2012:0136-01 File : nvt/gb_RHSA-2012_0136-01_libvorbis.nasl |
| 2012-02-21 | Name : RedHat Update for firefox RHSA-2012:0142-01 File : nvt/gb_RHSA-2012_0142-01_firefox.nasl |
| 2012-02-21 | Name : RedHat Update for xulrunner RHSA-2012:0143-01 File : nvt/gb_RHSA-2012_0143-01_xulrunner.nasl |
| 2012-02-21 | Name : RedHat Update for libpng RHSA-2012:0317-01 File : nvt/gb_RHSA-2012_0317-01_libpng.nasl |
| 2012-02-21 | Name : Google Chrome Multiple Vulnerabilities - February 12 (Linux 01) File : nvt/gb_google_chrome_mult_vuln_feb12_lin01.nasl |
| 2012-02-21 | Name : Google Chrome Multiple Vulnerabilities - February 12 (MAC OS X 01) File : nvt/gb_google_chrome_mult_vuln_feb12_macosx01.nasl |
| 2012-02-21 | Name : Google Chrome Multiple Vulnerabilities - February 12 (Windows 01) File : nvt/gb_google_chrome_mult_vuln_feb12_win01.nasl |
| 2012-02-21 | Name : Ubuntu Update for firefox USN-1360-1 File : nvt/gb_ubuntu_USN_1360_1.nasl |
| 2012-02-21 | Name : Ubuntu Update for libpng USN-1367-1 File : nvt/gb_ubuntu_USN_1367_1.nasl |
| 2012-02-21 | Name : Ubuntu Update for firefox USN-1367-2 File : nvt/gb_ubuntu_USN_1367_2.nasl |
| 2012-02-21 | Name : Ubuntu Update for thunderbird USN-1367-3 File : nvt/gb_ubuntu_USN_1367_3.nasl |
| 2012-02-21 | Name : Ubuntu Update for xulrunner-1.9.2 USN-1367-4 File : nvt/gb_ubuntu_USN_1367_4.nasl |
| 2012-02-21 | Name : Ubuntu Update for libvorbis USN-1370-1 File : nvt/gb_ubuntu_USN_1370_1.nasl |
| 2012-02-14 | Name : Mozilla Products XBL Binding Memory Corruption Vulnerability - (MAC OS X) File : nvt/gb_mozilla_prdts_xbl_bind_mem_crptn_vuln_macosx.nasl |
| 2012-02-14 | Name : Mozilla Products XBL Binding Memory Corruption Vulnerability - (Windows) File : nvt/gb_mozilla_prdts_xbl_bind_mem_crptn_vuln_win.nasl |
| 2012-02-13 | Name : Debian Security Advisory DSA 2341-1 (iceweasel) File : nvt/deb_2341_1.nasl |
| 2012-02-13 | Name : Mandriva Update for firefox MDVSA-2012:017 (firefox) File : nvt/gb_mandriva_MDVSA_2012_017.nasl |
| 2012-02-13 | Name : Ubuntu Update for thunderbird USN-1350-1 File : nvt/gb_ubuntu_USN_1350_1.nasl |
| 2012-02-13 | Name : Ubuntu Update for xulrunner-1.9.2 USN-1353-1 File : nvt/gb_ubuntu_USN_1353_1.nasl |
| 2012-02-12 | Name : Debian Security Advisory DSA 2398-1 (curl) File : nvt/deb_2398_1.nasl |
| 2012-02-12 | Name : Debian Security Advisory DSA 2400-1 (iceweasel) File : nvt/deb_2400_1.nasl |
| 2012-02-12 | Name : Debian Security Advisory DSA 2402-1 (iceape) File : nvt/deb_2402_1.nasl |
| 2012-02-12 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox62.nasl |
| 2012-02-12 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox63.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-05 (gnutls) File : nvt/glsa_201110_05.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-02 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201111_02.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2339-1 (nss) File : nvt/deb_2339_1.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2342-1 (iceape) File : nvt/deb_2342_1.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2356-1 (openjdk-6) File : nvt/deb_2356_1.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2358-1 (openjdk-6) File : nvt/deb_2358_1.nasl |
| 2012-02-11 | Name : Debian Security Advisory DSA 2368-1 (lighttpd) File : nvt/deb_2368_1.nasl |
| 2012-02-06 | Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl |
| 2012-02-06 | Name : Mandriva Update for mozilla MDVSA-2012:013 (mozilla) File : nvt/gb_mandriva_MDVSA_2012_013.nasl |
| 2012-02-06 | Name : Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X 01) File : nvt/gb_mozilla_prdts_mult_vuln_macosx01_feb12.nasl |
| 2012-02-06 | Name : Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X) File : nvt/gb_mozilla_prdts_mult_vuln_macosx_feb12.nasl |
| 2012-02-06 | Name : Mozilla Products 'Firefox Recovery Key.html' Information Disclosure Vulnerabi... File : nvt/gb_mozilla_prdts_recovery_key_info_disc_vuln_macosx.nasl |
| 2012-02-06 | Name : Ubuntu Update for firefox USN-1355-1 File : nvt/gb_ubuntu_USN_1355_1.nasl |
| 2012-02-06 | Name : Ubuntu Update for mozvoikko USN-1355-2 File : nvt/gb_ubuntu_USN_1355_2.nasl |
| 2012-02-06 | Name : Ubuntu Update for ubufox USN-1355-3 File : nvt/gb_ubuntu_USN_1355_3.nasl |
| 2012-02-03 | Name : RedHat Update for seamonkey RHSA-2012:0084-01 File : nvt/gb_RHSA-2012_0084-01_seamonkey.nasl |
| 2012-02-03 | Name : RedHat Update for thunderbird RHSA-2012:0085-01 File : nvt/gb_RHSA-2012_0085-01_thunderbird.nasl |
| 2012-02-03 | Name : Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vuln... File : nvt/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_macosx.nasl |
| 2012-02-03 | Name : Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vuln... File : nvt/gb_mozilla_prdts_ipv6_literal_syntax_info_disc_vuln_win.nasl |
| 2012-02-03 | Name : Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows 01) File : nvt/gb_mozilla_prdts_mult_vuln_win01_feb12.nasl |
| 2012-02-03 | Name : Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_feb12.nasl |
| 2012-02-01 | Name : RedHat Update for firefox RHSA-2012:0079-01 File : nvt/gb_RHSA-2012_0079-01_firefox.nasl |
| 2012-01-25 | Name : Ubuntu Update for openjdk-6 USN-1263-2 File : nvt/gb_ubuntu_USN_1263_2.nasl |
| 2012-01-23 | Name : Fedora Update for firefox FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_firefox_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for gnome-python2-extras FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_gnome-python2-extras_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for nspr FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nspr_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for nss-softokn FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nss-softokn_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for nss-util FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nss-util_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for nss FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_nss_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_perl-Gtk2-MozEmbed_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for thunderbird-lightning FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_thunderbird-lightning_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for thunderbird FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_thunderbird_fc15.nasl |
| 2012-01-23 | Name : Fedora Update for xulrunner FEDORA-2011-17399 File : nvt/gb_fedora_2011_17399_xulrunner_fc15.nasl |
| 2012-01-11 | Name : Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584) File : nvt/secpod_ms12-006.nasl |
| 2012-01-09 | Name : Ubuntu Update for firefox USN-1306-1 File : nvt/gb_ubuntu_USN_1306_1.nasl |
| 2012-01-09 | Name : Ubuntu Update for mozvoikko USN-1306-2 File : nvt/gb_ubuntu_USN_1306_2.nasl |
| 2011-12-23 | Name : Ubuntu Update for thunderbird USN-1254-1 File : nvt/gb_ubuntu_USN_1254_1.nasl |
| 2011-12-22 | Name : Mozilla Products DOMAttrModified Memory Corruption Vulnerability (MAC OS X) File : nvt/secpod_mozilla_prdts_domattr_modified_mem_crptn_vuln_macosx.nasl |
| 2011-12-22 | Name : Mozilla Products DOMAttrModified Memory Corruption Vulnerability (Windows) File : nvt/secpod_mozilla_prdts_domattr_modified_mem_crptn_vuln_win.nasl |
| 2011-12-22 | Name : Mozilla Products Multiple Vulnerabilities - Dec 11 (MAC OS X) File : nvt/secpod_mozilla_prdts_mult_vuln_macosx_dec11.nasl |
| 2011-12-22 | Name : Mozilla Products Multiple Vulnerabilities - Dec 11 (Windows) File : nvt/secpod_mozilla_prdts_mult_vuln_win_dec11.nasl |
| 2011-12-09 | Name : Mozilla Firefox Cache Objects History Enumeration Weakness Vulnerability (MAC... File : nvt/gb_mozilla_firefox_cache_obj_enum_weakness_vuln_macosx.nasl |
| 2011-12-09 | Name : Mozilla Firefox Cache Objects History Enumeration Weakness Vulnerability (Win... File : nvt/gb_mozilla_firefox_cache_obj_enum_weakness_vuln_win.nasl |
| 2011-12-09 | Name : Mozilla Products Multiple Information Disclosure Vulnerabilities - MAC OS X File : nvt/gb_mozilla_prdts_mult_info_disc_vuln_macosx.nasl |
| 2011-12-09 | Name : Mozilla Products Multiple Information Disclosure Vulnerabilities - (Windows) File : nvt/gb_mozilla_prdts_mult_info_disc_vuln_win.nasl |
| 2011-11-25 | Name : Ubuntu Update for firefox USN-1277-1 File : nvt/gb_ubuntu_USN_1277_1.nasl |
| 2011-11-25 | Name : Ubuntu Update for mozvoikko USN-1277-2 File : nvt/gb_ubuntu_USN_1277_2.nasl |
| 2011-11-18 | Name : Ubuntu Update for icedtea-web USN-1263-1 File : nvt/gb_ubuntu_USN_1263_1.nasl |
| 2011-11-14 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:170 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_170.nasl |
| 2011-11-14 | Name : Mozilla Products Multiple Unspecified Vulnerabilities (MAC OS X) File : nvt/gb_mozilla_prdts_mult_unspecified_vuln_macosx.nasl |
| 2011-11-14 | Name : Mozilla Products Multiple Vulnerabilities (MAC OS X) File : nvt/gb_mozilla_prdts_mult_vuln_nov11_macosx.nasl |
| 2011-11-14 | Name : Mozilla Products Privilege Escalation Vulnerabily (MAC OS X) File : nvt/gb_mozilla_prdts_priv_esc_vuln_macosx.nasl |
| 2011-11-14 | Name : Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Mac OS X) File : nvt/gb_mozilla_prdts_wrapper_priv_esc_vuln_macosx.nasl |
| 2011-11-14 | Name : Mozilla Products XSS and Memory Corruption Vulnerabilities (MAC OS X) File : nvt/gb_mozilla_prdts_xss_n_mem_crptn_vuln_macosx.nasl |
| 2011-11-14 | Name : Mozilla Products XSS and Memory Corruption Vulnerabilities (Windows) File : nvt/gb_mozilla_prdts_xss_n_mem_crptn_vuln_win.nasl |
| 2011-11-11 | Name : CentOS Update for firefox CESA-2011:1437 centos4 i386 File : nvt/gb_CESA-2011_1437_firefox_centos4_i386.nasl |
| 2011-11-11 | Name : CentOS Update for firefox CESA-2011:1437 centos5 i386 File : nvt/gb_CESA-2011_1437_firefox_centos5_i386.nasl |
| 2011-11-11 | Name : CentOS Update for thunderbird CESA-2011:1438 centos4 i386 File : nvt/gb_CESA-2011_1438_thunderbird_centos4_i386.nasl |
| 2011-11-11 | Name : CentOS Update for thunderbird CESA-2011:1438 centos5 i386 File : nvt/gb_CESA-2011_1438_thunderbird_centos5_i386.nasl |
| 2011-11-11 | Name : CentOS Update for seamonkey CESA-2011:1440 centos4 i386 File : nvt/gb_CESA-2011_1440_seamonkey_centos4_i386.nasl |
| 2011-11-11 | Name : RedHat Update for firefox RHSA-2011:1437-01 File : nvt/gb_RHSA-2011_1437-01_firefox.nasl |
| 2011-11-11 | Name : RedHat Update for thunderbird RHSA-2011:1438-01 File : nvt/gb_RHSA-2011_1438-01_thunderbird.nasl |
| 2011-11-11 | Name : RedHat Update for seamonkey RHSA-2011:1440-01 File : nvt/gb_RHSA-2011_1440-01_seamonkey.nasl |
| 2011-11-11 | Name : Mandriva Update for mozilla MDVSA-2011:169 (mozilla) File : nvt/gb_mandriva_MDVSA_2011_169.nasl |
| 2011-11-11 | Name : Mozilla Products Browser Engine Denial of Service Vulnerabilities (Windows) File : nvt/gb_mozilla_prdts_browser_engine_dos_vuln_win.nasl |
| 2011-11-11 | Name : Mozilla Products Multiple Vulnerabilities (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_nov11_win.nasl |
| 2011-11-11 | Name : Mozilla Products Privilege Escalation Vulnerabily (Windows) File : nvt/gb_mozilla_prdts_priv_esc_vuln_win.nasl |
| 2011-11-11 | Name : Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows) File : nvt/gb_mozilla_prdts_wrapper_priv_esc_vuln_win.nasl |
| 2011-11-11 | Name : Ubuntu Update for firefox USN-1251-1 File : nvt/gb_ubuntu_USN_1251_1.nasl |
| 2011-11-03 | Name : Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerab... File : nvt/gb_google_chrome_nss_priv_escalation_vuln_macosx.nasl |
| 2011-11-03 | Name : Google Chrome Mozilla Network Security Services Privilege Escalation Vulnerab... File : nvt/gb_google_chrome_nss_priv_escalation_vuln_win.nasl |
| 2011-11-03 | Name : Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4) File : nvt/gb_mandriva_MDVSA_2011_162.nasl |
| 2011-10-21 | Name : CentOS Update for java CESA-2011:1380 centos5 i386 File : nvt/gb_CESA-2011_1380_java_centos5_i386.nasl |
| 2011-10-21 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:1380-01 File : nvt/gb_RHSA-2011_1380-01_java-1.6.0-openjdk.nasl |
| 2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14638 File : nvt/gb_fedora_2011_14638_java-1.6.0-openjdk_fc14.nasl |
| 2011-10-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-14648 File : nvt/gb_fedora_2011_14648_java-1.6.0-openjdk_fc15.nasl |
| 2011-10-21 | Name : Ubuntu Update for libvoikko USN-1192-3 File : nvt/gb_ubuntu_USN_1192_3.nasl |
| 2011-10-20 | Name : Apple iTunes Multiple Vulnerabilities - Oct 11 File : nvt/gb_apple_itunes_mult_vuln_oct11_win.nasl |
| 2011-10-16 | Name : Debian Security Advisory DSA 2312-1 (iceape) File : nvt/deb_2312_1.nasl |
| 2011-10-16 | Name : Debian Security Advisory DSA 2313-1 (iceweasel) File : nvt/deb_2313_1.nasl |
| 2011-10-16 | Name : Debian Security Advisory DSA 2317-1 (icedove) File : nvt/deb_2317_1.nasl |
| 2011-10-16 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox59.nasl |
| 2011-10-14 | Name : Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (MAC ... File : nvt/gb_mozilla_firefox_mem_corrpt_n_int_underflow_vuln_macosx.nasl |
| 2011-10-14 | Name : Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (MAC OS X) File : nvt/gb_mozilla_prdts_browser_engine_mult_vuln_macosx.nasl |
| 2011-10-14 | Name : Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption... File : nvt/gb_mozilla_prdts_dialog_bypass_n_use_after_free_mem_crptn_vuln_macosx.nasl |
| 2011-10-14 | Name : Mozilla Firefox and SeaMonkey 'loadSubScript()' Security Bypass Vulnerability... File : nvt/gb_mozilla_prdts_load_subscript_sec_bypass_vuln_macosx.nasl |
| 2011-10-14 | Name : Mozilla Products Multiple Vulnerabilities - (MAC OS X) File : nvt/gb_mozilla_prdts_mult_vuln_macosx.nasl |
| 2011-10-14 | Name : Mozilla Products Multiple Vulnerabilities - Oct 2011 (MAC OS X) File : nvt/gb_mozilla_prdts_mult_vuln_macosx_oct11.nasl |
| 2011-10-14 | Name : Mozilla Products Same Origin Policy Bypass Vulnerability (MAC OS X) File : nvt/gb_mozilla_prdts_sec_bypass_vuln_macosx.nasl |
| 2011-10-14 | Name : Mozilla Products 'YARR' Code Execution Vulnerability (MAC OS X) File : nvt/gb_mozilla_prdts_yarr_code_exec_vuln_macosx.nasl |
| 2011-10-10 | Name : Ubuntu Update for mozvoikko USN-1222-2 File : nvt/gb_ubuntu_USN_1222_2.nasl |
| 2011-10-04 | Name : Mandriva Update for firefox MDVSA-2011:139 (firefox) File : nvt/gb_mandriva_MDVSA_2011_139.nasl |
| 2011-10-04 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2011:140 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2011_140.nasl |
| 2011-10-04 | Name : Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (Wind... File : nvt/gb_mozilla_firefox_mem_corrpt_n_int_underflow_vuln_win.nasl |
| 2011-10-04 | Name : Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities (Windows) File : nvt/gb_mozilla_prdts_browser_engine_mult_vuln_win.nasl |
| 2011-10-04 | Name : Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption... File : nvt/gb_mozilla_prdts_dialog_bypass_n_use_after_free_mem_crptn_vuln_win.nasl |
| 2011-10-04 | Name : Mozilla Firefox and SeaMonkey 'loadSubScript()' Security Bypass Vulnerability File : nvt/gb_mozilla_prdts_load_subscript_sec_bypass_vuln_win.nasl |
| 2011-10-04 | Name : Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows 01) File : nvt/gb_mozilla_prdts_mult_vuln_win01_oct11.nasl |
| 2011-10-04 | Name : Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_oct11.nasl |
| 2011-10-04 | Name : Mozilla Products Same Origin Policy Bypass Vulnerability (Windows) File : nvt/gb_mozilla_prdts_sec_bypass_vuln_win.nasl |
| 2011-10-04 | Name : Mozilla Products 'YARR' Code Execution Vulnerability (Windows) File : nvt/gb_mozilla_prdts_yarr_code_exec_vuln_win.nasl |
| 2011-09-30 | Name : CentOS Update for firefox CESA-2011:1341 centos4 i386 File : nvt/gb_CESA-2011_1341_firefox_centos4_i386.nasl |
| 2011-09-30 | Name : CentOS Update for firefox CESA-2011:1341 centos5 i386 File : nvt/gb_CESA-2011_1341_firefox_centos5_i386.nasl |
| 2011-09-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos4 i386 File : nvt/gb_CESA-2011_1343_thunderbird_centos4_i386.nasl |
| 2011-09-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos5 i386 File : nvt/gb_CESA-2011_1343_thunderbird_centos5_i386.nasl |
| 2011-09-30 | Name : CentOS Update for seamonkey CESA-2011:1344 centos4 i386 File : nvt/gb_CESA-2011_1344_seamonkey_centos4_i386.nasl |
| 2011-09-30 | Name : RedHat Update for firefox RHSA-2011:1341-01 File : nvt/gb_RHSA-2011_1341-01_firefox.nasl |
| 2011-09-30 | Name : RedHat Update for thunderbird RHSA-2011:1343-01 File : nvt/gb_RHSA-2011_1343-01_thunderbird.nasl |
| 2011-09-30 | Name : RedHat Update for seamonkey RHSA-2011:1344-01 File : nvt/gb_RHSA-2011_1344-01_seamonkey.nasl |
| 2011-09-30 | Name : Ubuntu Update for firefox USN-1210-1 File : nvt/gb_ubuntu_USN_1210_1.nasl |
| 2011-09-30 | Name : Ubuntu Update for thunderbird USN-1213-1 File : nvt/gb_ubuntu_USN_1213_1.nasl |
| 2011-09-30 | Name : Ubuntu Update for firefox USN-1222-1 File : nvt/gb_ubuntu_USN_1222_1.nasl |
| 2011-09-23 | Name : CentOS Update for firefox CESA-2011:1164 centos5 i386 File : nvt/gb_CESA-2011_1164_firefox_centos5_i386.nasl |
| 2011-09-23 | Name : CentOS Update for xulrunner CESA-2011:1164 centos5 i386 File : nvt/gb_CESA-2011_1164_xulrunner_centos5_i386.nasl |
| 2011-09-23 | Name : CentOS Update for thunderbird CESA-2011:1165 centos5 i386 File : nvt/gb_CESA-2011_1165_thunderbird_centos5_i386.nasl |
| 2011-09-21 | Name : Debian Security Advisory DSA 2295-1 (iceape) File : nvt/deb_2295_1.nasl |
| 2011-09-21 | Name : Debian Security Advisory DSA 2296-1 (iceweasel) File : nvt/deb_2296_1.nasl |
| 2011-09-21 | Name : Debian Security Advisory DSA 2297-1 (icedove) File : nvt/deb_2297_1.nasl |
| 2011-09-21 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox58.nasl |
| 2011-09-09 | Name : Mozilla Firefox Untrusted Search Path Vulnerability (Windows) File : nvt/gb_mozilla_firefox_untrusted_search_path_vuln_win.nasl |
| 2011-09-09 | Name : Mozilla Products Multiple Vulnerabilities (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_sep11_win.nasl |
| 2011-09-09 | Name : Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_sep11_win01.nasl |
| 2011-09-09 | Name : Mozilla Products Multiple Vulnerabilities - Sep 11 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_sep11_win02.nasl |
| 2011-09-09 | Name : Mozilla Products Information Disclosure and Security Bypass Vulnerabilities (... File : nvt/gb_mozilla_prdts_sec_bypass_n_info_disc_vuln_win.nasl |
| 2011-09-09 | Name : Mozilla Products 'SVG' Code Execution Vulnerability (Windows) File : nvt/gb_mozilla_prdts_svg_code_exec_vuln_win.nasl |
| 2011-09-09 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Mac OS X) File : nvt/gb_opera_extented_validation_info_disc_vuln_macosx.nasl |
| 2011-09-09 | Name : Opera Extended Validation Information Disclosure Vulnerabilities (Windows) File : nvt/gb_opera_extented_validation_info_disc_vuln_win.nasl |
| 2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
| 2011-09-07 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2011:037 File : nvt/gb_suse_2011_037.nasl |
| 2011-08-27 | Name : Ubuntu Update for thunderbird USN-1185-1 File : nvt/gb_ubuntu_USN_1185_1.nasl |
| 2011-08-26 | Name : Apple iTunes Multiple Vulnerabilities (Mac OS X) File : nvt/secpod_itunes_mult_vuln_macosx.nasl |
| 2011-08-24 | Name : Ubuntu Update for firefox USN-1184-1 File : nvt/gb_ubuntu_USN_1184_1.nasl |
| 2011-08-19 | Name : CentOS Update for firefox CESA-2011:1164 centos4 i386 File : nvt/gb_CESA-2011_1164_firefox_centos4_i386.nasl |
| 2011-08-19 | Name : CentOS Update for thunderbird CESA-2011:1165 centos4 i386 File : nvt/gb_CESA-2011_1165_thunderbird_centos4_i386.nasl |
| 2011-08-19 | Name : CentOS Update for seamonkey CESA-2011:1167 centos4 i386 File : nvt/gb_CESA-2011_1167_seamonkey_centos4_i386.nasl |
| 2011-08-19 | Name : RedHat Update for firefox RHSA-2011:1164-01 File : nvt/gb_RHSA-2011_1164-01_firefox.nasl |
| 2011-08-19 | Name : RedHat Update for thunderbird RHSA-2011:1165-01 File : nvt/gb_RHSA-2011_1165-01_thunderbird.nasl |
| 2011-08-19 | Name : RedHat Update for seamonkey RHSA-2011:1167-01 File : nvt/gb_RHSA-2011_1167-01_seamonkey.nasl |
| 2011-08-19 | Name : Fedora Update for firefox FEDORA-2011-11106 File : nvt/gb_fedora_2011_11106_firefox_fc15.nasl |
| 2011-08-19 | Name : Fedora Update for gnome-python2-extras FEDORA-2011-11106 File : nvt/gb_fedora_2011_11106_gnome-python2-extras_fc15.nasl |
| 2011-08-19 | Name : Fedora Update for mozvoikko FEDORA-2011-11106 File : nvt/gb_fedora_2011_11106_mozvoikko_fc15.nasl |
| 2011-08-19 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-11106 File : nvt/gb_fedora_2011_11106_perl-Gtk2-MozEmbed_fc15.nasl |
| 2011-08-19 | Name : Fedora Update for xulrunner FEDORA-2011-11106 File : nvt/gb_fedora_2011_11106_xulrunner_fc15.nasl |
| 2011-08-19 | Name : Mandriva Update for mozilla MDVSA-2011:127 (mozilla) File : nvt/gb_mandriva_MDVSA_2011_127.nasl |
| 2011-08-19 | Name : Ubuntu Update for firefox USN-1192-1 File : nvt/gb_ubuntu_USN_1192_1.nasl |
| 2011-08-19 | Name : Ubuntu Update for mozvoikko USN-1192-2 File : nvt/gb_ubuntu_USN_1192_2.nasl |
| 2011-08-18 | Name : CentOS Update for firefox CESA-2011:0885 centos4 i386 File : nvt/gb_CESA-2011_0885_firefox_centos4_i386.nasl |
| 2011-08-18 | Name : CentOS Update for thunderbird CESA-2011:0887 centos4 i386 File : nvt/gb_CESA-2011_0887_thunderbird_centos4_i386.nasl |
| 2011-08-18 | Name : CentOS Update for seamonkey CESA-2011:0888 centos4 i386 File : nvt/gb_CESA-2011_0888_seamonkey_centos4_i386.nasl |
| 2011-08-18 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird SUSE-SA:2011:028 File : nvt/gb_suse_2011_028.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:0002 centos4 i386 File : nvt/gb_CESA-2009_0002_thunderbird_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:0002 centos5 i386 File : nvt/gb_CESA-2009_0002_thunderbird_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:0256 centos4 i386 File : nvt/gb_CESA-2009_0256_firefox_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:0256 centos5 i386 File : nvt/gb_CESA-2009_0256_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0257-01 centos2 i386 File : nvt/gb_CESA-2009_0257-01_seamonkey_centos2_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0257 centos3 i386 File : nvt/gb_CESA-2009_0257_seamonkey_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0257 centos4 i386 File : nvt/gb_CESA-2009_0257_seamonkey_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:0258 centos4 i386 File : nvt/gb_CESA-2009_0258_thunderbird_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:0258 centos5 i386 File : nvt/gb_CESA-2009_0258_thunderbird_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:0315 centos4 i386 File : nvt/gb_CESA-2009_0315_firefox_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:0315 centos5 i386 File : nvt/gb_CESA-2009_0315_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0325-01 centos2 i386 File : nvt/gb_CESA-2009_0325-01_seamonkey_centos2_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0325 centos3 i386 File : nvt/gb_CESA-2009_0325_seamonkey_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0325 centos4 i386 File : nvt/gb_CESA-2009_0325_seamonkey_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:0397 centos4 i386 File : nvt/gb_CESA-2009_0397_firefox_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for xulrunner CESA-2009:0397 centos5 i386 File : nvt/gb_CESA-2009_0397_xulrunner_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0398-01 centos2 i386 File : nvt/gb_CESA-2009_0398-01_seamonkey_centos2_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0398 centos3 i386 File : nvt/gb_CESA-2009_0398_seamonkey_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:0436 centos4 i386 File : nvt/gb_CESA-2009_0436_firefox_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:0436 centos5 i386 File : nvt/gb_CESA-2009_0436_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0437-02 centos2 i386 File : nvt/gb_CESA-2009_0437-02_seamonkey_centos2_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:0437 centos4 i386 File : nvt/gb_CESA-2009_0437_seamonkey_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:0449 centos4 i386 File : nvt/gb_CESA-2009_0449_firefox_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:0449 centos5 i386 File : nvt/gb_CESA-2009_0449_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:1095 centos5 i386 File : nvt/gb_CESA-2009_1095_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1096 centos3 i386 File : nvt/gb_CESA-2009_1096_seamonkey_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2009:1126 centos5 i386 File : nvt/gb_CESA-2009_1126_thunderbird_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1134 centos3 i386 File : nvt/gb_CESA-2009_1134_seamonkey_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:1162 centos5 i386 File : nvt/gb_CESA-2009_1162_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1163 centos3 i386 File : nvt/gb_CESA-2009_1163_seamonkey_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1185 centos3 i386 File : nvt/gb_CESA-2009_1185_seamonkey_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:1430 centos4 i386 File : nvt/gb_CESA-2009_1430_firefox_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:1430 centos5 i386 File : nvt/gb_CESA-2009_1430_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1431 centos4 i386 File : nvt/gb_CESA-2009_1431_seamonkey_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1432 centos3 i386 File : nvt/gb_CESA-2009_1432_seamonkey_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:1530 centos4 i386 File : nvt/gb_CESA-2009_1530_firefox_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1531 centos3 i386 File : nvt/gb_CESA-2009_1531_seamonkey_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1531 centos4 i386 File : nvt/gb_CESA-2009_1531_seamonkey_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for libvorbis CESA-2009:1561 centos3 i386 File : nvt/gb_CESA-2009_1561_libvorbis_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for libvorbis CESA-2009:1561 centos4 i386 File : nvt/gb_CESA-2009_1561_libvorbis_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for libvorbis CESA-2009:1561 centos5 i386 File : nvt/gb_CESA-2009_1561_libvorbis_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for httpd CESA-2009:1579 centos3 i386 File : nvt/gb_CESA-2009_1579_httpd_centos3_i386.nasl |
| 2011-08-09 | Name : CentOS Update for httpd CESA-2009:1579 centos5 i386 File : nvt/gb_CESA-2009_1579_httpd_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for httpd CESA-2009:1580 centos4 i386 File : nvt/gb_CESA-2009_1580_httpd_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2009:1673 centos4 i386 File : nvt/gb_CESA-2009_1673_seamonkey_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:1674 centos4 i386 File : nvt/gb_CESA-2009_1674_firefox_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2009:1674 centos5 i386 File : nvt/gb_CESA-2009_1674_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2010:0112 centos5 i386 File : nvt/gb_CESA-2010_0112_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386 File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for openssl CESA-2010:0162 centos5 i386 File : nvt/gb_CESA-2010_0162_openssl_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for openssl097a CESA-2010:0164 centos5 i386 File : nvt/gb_CESA-2010_0164_openssl097a_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for nspr CESA-2010:0165 centos5 i386 File : nvt/gb_CESA-2010_0165_nspr_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for gnutls CESA-2010:0166 centos5 i386 File : nvt/gb_CESA-2010_0166_gnutls_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2010:0339 centos5 i386 File : nvt/gb_CESA-2010_0339_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for devhelp CESA-2010:0501 centos5 i386 File : nvt/gb_CESA-2010_0501_devhelp_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for libpng CESA-2010:0534 centos5 i386 File : nvt/gb_CESA-2010_0534_libpng_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0545 centos5 i386 File : nvt/gb_CESA-2010_0545_thunderbird_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2010:0547 centos5 i386 File : nvt/gb_CESA-2010_0547_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2010:0556 centos5 i386 File : nvt/gb_CESA-2010_0556_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2010:0681 centos5 i386 File : nvt/gb_CESA-2010_0681_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0682 centos5 i386 File : nvt/gb_CESA-2010_0682_thunderbird_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for java CESA-2010:0768 centos5 i386 File : nvt/gb_CESA-2010_0768_java_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0780 centos5 i386 File : nvt/gb_CESA-2010_0780_thunderbird_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2010:0782 centos5 i386 File : nvt/gb_CESA-2010_0782_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2011:0471 centos4 i386 File : nvt/gb_CESA-2011_0471_firefox_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2011:0471 centos5 i386 File : nvt/gb_CESA-2011_0471_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for seamonkey CESA-2011:0473 centos4 i386 File : nvt/gb_CESA-2011_0473_seamonkey_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2011:0474 centos4 i386 File : nvt/gb_CESA-2011_0474_thunderbird_centos4_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2011:0474 centos5 i386 File : nvt/gb_CESA-2011_0474_thunderbird_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for firefox CESA-2011:0885 centos5 i386 File : nvt/gb_CESA-2011_0885_firefox_centos5_i386.nasl |
| 2011-08-09 | Name : CentOS Update for thunderbird CESA-2011:0887 centos5 i386 File : nvt/gb_CESA-2011_0887_thunderbird_centos5_i386.nasl |
| 2011-08-03 | Name : Debian Security Advisory DSA 2235-1 (icedove) File : nvt/deb_2235_1.nasl |
| 2011-08-03 | Name : Debian Security Advisory DSA 2268-1 (iceweasel) File : nvt/deb_2268_1.nasl |
| 2011-08-03 | Name : Debian Security Advisory DSA 2269-1 (iceape) File : nvt/deb_2269_1.nasl |
| 2011-08-03 | Name : Debian Security Advisory DSA 2273-1 (icedove) File : nvt/deb_2273_1.nasl |
| 2011-08-03 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox57.nasl |
| 2011-07-18 | Name : Ubuntu Update for thunderbird USN-1150-1 File : nvt/gb_ubuntu_USN_1150_1.nasl |
| 2011-07-08 | Name : Ubuntu Update for firefox USN-1149-2 File : nvt/gb_ubuntu_USN_1149_2.nasl |
| 2011-07-07 | Name : Mozilla Firefox Multiple Vulnerabilities July-11 (Windows) File : nvt/gb_mozilla_firefox_mult_vuln_win_jul11.nasl |
| 2011-07-07 | Name : Mozilla Firefox Security Bypass Vulnerability July-11 (Windows) File : nvt/gb_mozilla_firefox_sec_bypass_vuln_win_jul11.nasl |
| 2011-07-07 | Name : Mozilla Products Multiple Denial of Service Vulnerabilities July-11 (Windows) File : nvt/gb_mozilla_prdts_mult_dos_vuln_win_jul11.nasl |
| 2011-07-07 | Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01 File : nvt/gb_mozilla_prdts_mult_vuln_win01_jul11.nasl |
| 2011-07-07 | Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02 File : nvt/gb_mozilla_prdts_mult_vuln_win02_jul11.nasl |
| 2011-07-07 | Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03 File : nvt/gb_mozilla_prdts_mult_vuln_win03_jul11.nasl |
| 2011-07-07 | Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 04 File : nvt/gb_mozilla_prdts_mult_vuln_win04_jul11.nasl |
| 2011-07-07 | Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_jul11.nasl |
| 2011-06-24 | Name : RedHat Update for firefox RHSA-2011:0885-01 File : nvt/gb_RHSA-2011_0885-01_firefox.nasl |
| 2011-06-24 | Name : RedHat Update for thunderbird RHSA-2011:0887-01 File : nvt/gb_RHSA-2011_0887-01_thunderbird.nasl |
| 2011-06-24 | Name : RedHat Update for seamonkey RHSA-2011:0888-01 File : nvt/gb_RHSA-2011_0888-01_seamonkey.nasl |
| 2011-06-24 | Name : Mandriva Update for mozilla MDVSA-2011:111 (mozilla) File : nvt/gb_mandriva_MDVSA_2011_111.nasl |
| 2011-06-24 | Name : Ubuntu Update for firefox USN-1149-1 File : nvt/gb_ubuntu_USN_1149_1.nasl |
| 2011-06-24 | Name : Ubuntu Update for firefox USN-1157-1 File : nvt/gb_ubuntu_USN_1157_1.nasl |
| 2011-06-24 | Name : Ubuntu Update for mozvoikko USN-1157-2 File : nvt/gb_ubuntu_USN_1157_2.nasl |
| 2011-06-24 | Name : Ubuntu Update for firefox USN-1157-3 File : nvt/gb_ubuntu_USN_1157_3.nasl |
| 2011-06-13 | Name : Mozilla Firefox SSL Certificate Spoofing Vulnerability (Windows) File : nvt/gb_mozilla_firefox_ssl_cert_spoofing_vuln_win.nasl |
| 2011-06-10 | Name : Ubuntu Update for thunderbird USN-1122-3 File : nvt/gb_ubuntu_USN_1122_3.nasl |
| 2011-05-18 | Name : Mozilla Firefox Multiple Unspecified Vulnerabilities May-11 (Windows) File : nvt/gb_mozilla_firefox_mult_unspecified_vuln_win_may11.nasl |
| 2011-05-18 | Name : Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 01 File : nvt/gb_mozilla_prdts_mult_vuln_win01_may11.nasl |
| 2011-05-18 | Name : Mozilla Products Multiple Vulnerabilities May-11 (Windows) - 02 File : nvt/gb_mozilla_prdts_mult_vuln_win02_may11.nasl |
| 2011-05-18 | Name : Mozilla Products Multiple Vulnerabilities May-11 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_may11.nasl |
| 2011-05-18 | Name : Mozilla Products Unspecified Vulnerability May-11 (Windows) File : nvt/gb_mozilla_prdts_unspecified_vuln_win_may11.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2186-1 (iceweasel) File : nvt/deb_2186_1.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2187-1 (icedove) File : nvt/deb_2187_1.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2227-1 (iceape) File : nvt/deb_2227_1.nasl |
| 2011-05-12 | Name : Debian Security Advisory DSA 2228-1 (iceweasel) File : nvt/deb_2228_1.nasl |
| 2011-05-12 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox56.nasl |
| 2011-05-10 | Name : Mandriva Update for tcl-sqlite3 MDVA-2011:019 (tcl-sqlite3) File : nvt/gb_mandriva_MDVA_2011_019.nasl |
| 2011-05-10 | Name : SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2011:022 File : nvt/gb_suse_2011_022.nasl |
| 2011-05-10 | Name : Ubuntu Update for firefox USN-1112-1 File : nvt/gb_ubuntu_USN_1112_1.nasl |
| 2011-05-10 | Name : Ubuntu Update for firefox USN-1121-1 File : nvt/gb_ubuntu_USN_1121_1.nasl |
| 2011-05-10 | Name : Ubuntu Update for thunderbird USN-1122-1 File : nvt/gb_ubuntu_USN_1122_1.nasl |
| 2011-05-10 | Name : Ubuntu Update for thunderbird USN-1122-2 File : nvt/gb_ubuntu_USN_1122_2.nasl |
| 2011-05-10 | Name : Ubuntu Update for xulrunner-1.9.1 USN-1123-1 File : nvt/gb_ubuntu_USN_1123_1.nasl |
| 2011-05-05 | Name : RedHat Update for firefox RHSA-2011:0471-01 File : nvt/gb_RHSA-2011_0471-01_firefox.nasl |
| 2011-05-05 | Name : RedHat Update for seamonkey RHSA-2011:0473-01 File : nvt/gb_RHSA-2011_0473-01_seamonkey.nasl |
| 2011-05-05 | Name : RedHat Update for thunderbird RHSA-2011:0474-01 File : nvt/gb_RHSA-2011_0474-01_thunderbird.nasl |
| 2011-05-05 | Name : Mandriva Update for firefox MDVSA-2011:079 (firefox) File : nvt/gb_mandriva_MDVSA_2011_079.nasl |
| 2011-05-05 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2011:080 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2011_080.nasl |
| 2011-04-22 | Name : Mozilla Firefox Information Disclosure Vulnerability (Windows) File : nvt/gb_firefox_info_disc_vuln.nasl |
| 2011-03-16 | Name : Google Chrome Multiple Vulnerabilities - March 11(Linux) File : nvt/gb_google_chrome_mult_dos_vuln_mar11_lin.nasl |
| 2011-03-16 | Name : Google Chrome Multiple Vulnerabilities - March 11(Windows) File : nvt/gb_google_chrome_mult_dos_vuln_mar11_win.nasl |
| 2011-03-15 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2011:042 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2011_042.nasl |
| 2011-03-15 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-2 File : nvt/gb_ubuntu_USN_1049_2.nasl |
| 2011-03-10 | Name : Mozilla Products Browser Engine Multiple Unspecified Vulnerabilities March-11... File : nvt/gb_mozilla_prdts_be_mult_unspecified_vuln_win_mar11.nasl |
| 2011-03-10 | Name : Mozilla Products Buffer Overflow Vulnerability March-11 (Windows) File : nvt/gb_mozilla_prdts_bof_vuln_win_mar11.nasl |
| 2011-03-10 | Name : Mozilla Products Multiple Unspecified Vulnerabilities March-11 (Windows) File : nvt/gb_mozilla_prdts_mult_unspecified_vuln_win_mar11.nasl |
| 2011-03-10 | Name : Mozilla Products Multiple Vulnerabilities March-11 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_mar11.nasl |
| 2011-03-09 | Name : Debian Security Advisory DSA 2180-1 (iceape) File : nvt/deb_2180_1.nasl |
| 2011-03-09 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox54.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-j... File : nvt/glsa_201006_18.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201010-01 (libpng) File : nvt/glsa_201010_01.nasl |
| 2011-03-08 | Name : Mandriva Update for firefox MDVSA-2011:041 (firefox) File : nvt/gb_mandriva_MDVSA_2011_041.nasl |
| 2011-03-07 | Name : Debian Security Advisory DSA 2161-2 (openjdk-6) File : nvt/deb_2161_2.nasl |
| 2011-03-07 | Name : CentOS Update for firefox CESA-2011:0310 centos4 i386 File : nvt/gb_CESA-2011_0310_firefox_centos4_i386.nasl |
| 2011-03-07 | Name : CentOS Update for thunderbird CESA-2011:0312 centos4 i386 File : nvt/gb_CESA-2011_0312_thunderbird_centos4_i386.nasl |
| 2011-03-07 | Name : CentOS Update for seamonkey CESA-2011:0313 centos4 i386 File : nvt/gb_CESA-2011_0313_seamonkey_centos4_i386.nasl |
| 2011-03-07 | Name : RedHat Update for firefox RHSA-2011:0310-01 File : nvt/gb_RHSA-2011_0310-01_firefox.nasl |
| 2011-03-07 | Name : RedHat Update for thunderbird RHSA-2011:0312-01 File : nvt/gb_RHSA-2011_0312-01_thunderbird.nasl |
| 2011-03-07 | Name : RedHat Update for seamonkey RHSA-2011:0313-01 File : nvt/gb_RHSA-2011_0313-01_seamonkey.nasl |
| 2011-03-07 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-1 File : nvt/gb_ubuntu_USN_1049_1.nasl |
| 2011-03-07 | Name : Ubuntu Update for thunderbird vulnerabilities USN-1050-1 File : nvt/gb_ubuntu_USN_1050_1.nasl |
| 2011-01-31 | Name : CentOS Update for firefox CESA-2010:0966 centos4 i386 File : nvt/gb_CESA-2010_0966_firefox_centos4_i386.nasl |
| 2011-01-31 | Name : CentOS Update for seamonkey CESA-2010:0967 centos4 i386 File : nvt/gb_CESA-2010_0967_seamonkey_centos4_i386.nasl |
| 2011-01-31 | Name : CentOS Update for thunderbird CESA-2010:0968 centos4 i386 File : nvt/gb_CESA-2010_0968_thunderbird_centos4_i386.nasl |
| 2011-01-24 | Name : Debian Security Advisory DSA 2132-1 (xulrunner) File : nvt/deb_2132_1.nasl |
| 2011-01-24 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox53.nasl |
| 2011-01-11 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,Seamonkey SUSE-SA:2011:003 File : nvt/gb_suse_2011_003.nasl |
| 2011-01-04 | Name : HP-UX Update for Java HPSBUX02608 File : nvt/gb_hp_ux_HPSBUX02608.nasl |
| 2010-12-28 | Name : Fedora Update for firefox FEDORA-2010-18773 File : nvt/gb_fedora_2010_18773_firefox_fc14.nasl |
| 2010-12-28 | Name : Fedora Update for galeon FEDORA-2010-18773 File : nvt/gb_fedora_2010_18773_galeon_fc14.nasl |
| 2010-12-28 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-18773 File : nvt/gb_fedora_2010_18773_gnome-python2-extras_fc14.nasl |
| 2010-12-28 | Name : Fedora Update for gnome-web-photo FEDORA-2010-18773 File : nvt/gb_fedora_2010_18773_gnome-web-photo_fc14.nasl |
| 2010-12-28 | Name : Fedora Update for mozvoikko FEDORA-2010-18773 File : nvt/gb_fedora_2010_18773_mozvoikko_fc14.nasl |
| 2010-12-28 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-18773 File : nvt/gb_fedora_2010_18773_perl-Gtk2-MozEmbed_fc14.nasl |
| 2010-12-28 | Name : Fedora Update for xulrunner FEDORA-2010-18773 File : nvt/gb_fedora_2010_18773_xulrunner_fc14.nasl |
| 2010-12-28 | Name : Fedora Update for firefox FEDORA-2010-18775 File : nvt/gb_fedora_2010_18775_firefox_fc13.nasl |
| 2010-12-28 | Name : Fedora Update for galeon FEDORA-2010-18775 File : nvt/gb_fedora_2010_18775_galeon_fc13.nasl |
| 2010-12-28 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-18775 File : nvt/gb_fedora_2010_18775_gnome-python2-extras_fc13.nasl |
| 2010-12-28 | Name : Fedora Update for gnome-web-photo FEDORA-2010-18775 File : nvt/gb_fedora_2010_18775_gnome-web-photo_fc13.nasl |
| 2010-12-28 | Name : Fedora Update for mozvoikko FEDORA-2010-18775 File : nvt/gb_fedora_2010_18775_mozvoikko_fc13.nasl |
| 2010-12-28 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-18775 File : nvt/gb_fedora_2010_18775_perl-Gtk2-MozEmbed_fc13.nasl |
| 2010-12-28 | Name : Fedora Update for xulrunner FEDORA-2010-18775 File : nvt/gb_fedora_2010_18775_xulrunner_fc13.nasl |
| 2010-12-28 | Name : Fedora Update for thunderbird FEDORA-2010-18777 File : nvt/gb_fedora_2010_18777_thunderbird_fc14.nasl |
| 2010-12-28 | Name : Fedora Update for thunderbird FEDORA-2010-18778 File : nvt/gb_fedora_2010_18778_thunderbird_fc13.nasl |
| 2010-12-28 | Name : Mandriva Update for firefox MDVSA-2010:251-1 (firefox) File : nvt/gb_mandriva_MDVSA_2010_251_1.nasl |
| 2010-12-28 | Name : Mandriva Update for firefox MDVSA-2010:251-2 (firefox) File : nvt/gb_mandriva_MDVSA_2010_251_2.nasl |
| 2010-12-28 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:258 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2010_258.nasl |
| 2010-12-27 | Name : Mozilla Products Multiple Vulnerabilities dec-10 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win01_dec10.nasl |
| 2010-12-27 | Name : Mozilla Products Multiple Vulnerabilities dec-10 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win02_dec10.nasl |
| 2010-12-27 | Name : Mozilla Products Multiple Vulnerabilities dec-10 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_dec10.nasl |
| 2010-12-23 | Name : RedHat Update for firefox RHSA-2010:0966-01 File : nvt/gb_RHSA-2010_0966-01_firefox.nasl |
| 2010-12-23 | Name : RedHat Update for seamonkey RHSA-2010:0967-01 File : nvt/gb_RHSA-2010_0967-01_seamonkey.nasl |
| 2010-12-23 | Name : RedHat Update for thunderbird RHSA-2010:0968-01 File : nvt/gb_RHSA-2010_0968-01_thunderbird.nasl |
| 2010-12-23 | Name : Mandriva Update for firefox MDVSA-2010:251 (firefox) File : nvt/gb_mandriva_MDVSA_2010_251.nasl |
| 2010-12-23 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1019-1 File : nvt/gb_ubuntu_USN_1019_1.nasl |
| 2010-12-23 | Name : Ubuntu Update for Thunderbird vulnerabilities USN-1020-1 File : nvt/gb_ubuntu_USN_1020_1.nasl |
| 2010-12-13 | Name : Mozilla Firefox Browser Security Bypass Vulnerabilities - Win File : nvt/gb_firefox_sec_bypass_vuln_win.nasl |
| 2010-12-02 | Name : Fedora Update for nss-softokn FEDORA-2010-15897 File : nvt/gb_fedora_2010_15897_nss-softokn_fc14.nasl |
| 2010-12-02 | Name : Fedora Update for nss-util FEDORA-2010-15897 File : nvt/gb_fedora_2010_15897_nss-util_fc14.nasl |
| 2010-12-02 | Name : Fedora Update for nss FEDORA-2010-15897 File : nvt/gb_fedora_2010_15897_nss_fc14.nasl |
| 2010-12-02 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16312 File : nvt/gb_fedora_2010_16312_java-1.6.0-openjdk_fc14.nasl |
| 2010-12-02 | Name : Fedora Update for firefox FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_firefox_fc14.nasl |
| 2010-12-02 | Name : Fedora Update for galeon FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_galeon_fc14.nasl |
| 2010-12-02 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_gnome-python2-extras_fc14.nasl |
| 2010-12-02 | Name : Fedora Update for gnome-web-photo FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_gnome-web-photo_fc14.nasl |
| 2010-12-02 | Name : Fedora Update for mozvoikko FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_mozvoikko_fc14.nasl |
| 2010-12-02 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_perl-Gtk2-MozEmbed_fc14.nasl |
| 2010-12-02 | Name : Fedora Update for xulrunner FEDORA-2010-16897 File : nvt/gb_fedora_2010_16897_xulrunner_fc14.nasl |
| 2010-11-23 | Name : Fedora Update for openssl FEDORA-2010-17826 File : nvt/gb_fedora_2010_17826_openssl_fc12.nasl |
| 2010-11-17 | Name : Debian Security Advisory DSA 2123-1 (nss) File : nvt/deb_2123_1.nasl |
| 2010-11-17 | Name : Debian Security Advisory DSA 2124-1 (xulrunner) File : nvt/deb_2124_1.nasl |
| 2010-11-17 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox51.nasl |
| 2010-11-17 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox52.nasl |
| 2010-11-16 | Name : CentOS Update for thunderbird CESA-2010:0812 centos4 i386 File : nvt/gb_CESA-2010_0812_thunderbird_centos4_i386.nasl |
| 2010-11-16 | Name : Fedora Update for nss-softokn FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss-softokn_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for nss-util FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss-util_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for nss FEDORA-2010-15989 File : nvt/gb_fedora_2010_15989_nss_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for firefox FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_firefox_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for galeon FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_galeon_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_gnome-python2-extras_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for gnome-web-photo FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_gnome-web-photo_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for mozvoikko FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_mozvoikko_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_perl-Gtk2-MozEmbed_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for xulrunner FEDORA-2010-16885 File : nvt/gb_fedora_2010_16885_xulrunner_fc12.nasl |
| 2010-11-16 | Name : Fedora Update for proftpd FEDORA-2010-17220 File : nvt/gb_fedora_2010_17220_proftpd_fc12.nasl |
| 2010-11-16 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:219 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2010_219.nasl |
| 2010-11-16 | Name : SuSE Update for MozillaFirefox,seamonkey,MozillaThunderbird SUSE-SA:2010:056 File : nvt/gb_suse_2010_056.nasl |
| 2010-11-04 | Name : CentOS Update for thunderbird CESA-2010:0780 centos4 i386 File : nvt/gb_CESA-2010_0780_thunderbird_centos4_i386.nasl |
| 2010-11-04 | Name : CentOS Update for seamonkey CESA-2010:0781 centos3 i386 File : nvt/gb_CESA-2010_0781_seamonkey_centos3_i386.nasl |
| 2010-11-04 | Name : CentOS Update for seamonkey CESA-2010:0781 centos4 i386 File : nvt/gb_CESA-2010_0781_seamonkey_centos4_i386.nasl |
| 2010-11-04 | Name : CentOS Update for firefox CESA-2010:0782 centos4 i386 File : nvt/gb_CESA-2010_0782_firefox_centos4_i386.nasl |
| 2010-11-04 | Name : CentOS Update for firefox CESA-2010:0808 centos4 i386 File : nvt/gb_CESA-2010_0808_firefox_centos4_i386.nasl |
| 2010-11-04 | Name : CentOS Update for seamonkey CESA-2010:0810 centos3 i386 File : nvt/gb_CESA-2010_0810_seamonkey_centos3_i386.nasl |
| 2010-11-04 | Name : CentOS Update for seamonkey CESA-2010:0810 centos4 i386 File : nvt/gb_CESA-2010_0810_seamonkey_centos4_i386.nasl |
| 2010-11-04 | Name : RedHat Update for firefox RHSA-2010:0808-01 File : nvt/gb_RHSA-2010_0808-01_firefox.nasl |
| 2010-11-04 | Name : RedHat Update for xulrunner RHSA-2010:0809-01 File : nvt/gb_RHSA-2010_0809-01_xulrunner.nasl |
| 2010-11-04 | Name : RedHat Update for seamonkey RHSA-2010:0810-01 File : nvt/gb_RHSA-2010_0810-01_seamonkey.nasl |
| 2010-11-04 | Name : RedHat Update for thunderbird RHSA-2010:0812-01 File : nvt/gb_RHSA-2010_0812-01_thunderbird.nasl |
| 2010-11-04 | Name : Fedora Update for nss-softokn FEDORA-2010-15520 File : nvt/gb_fedora_2010_15520_nss-softokn_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for nss-util FEDORA-2010-15520 File : nvt/gb_fedora_2010_15520_nss-util_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for nss FEDORA-2010-15520 File : nvt/gb_fedora_2010_15520_nss_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for firefox FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_firefox_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for galeon FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_galeon_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_gnome-python2-extras_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for gnome-web-photo FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_gnome-web-photo_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for mozvoikko FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_mozvoikko_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_perl-Gtk2-MozEmbed_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for xulrunner FEDORA-2010-16593 File : nvt/gb_fedora_2010_16593_xulrunner_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for firefox FEDORA-2010-16883 File : nvt/gb_fedora_2010_16883_firefox_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for galeon FEDORA-2010-16883 File : nvt/gb_fedora_2010_16883_galeon_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-16883 File : nvt/gb_fedora_2010_16883_gnome-python2-extras_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for gnome-web-photo FEDORA-2010-16883 File : nvt/gb_fedora_2010_16883_gnome-web-photo_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for mozvoikko FEDORA-2010-16883 File : nvt/gb_fedora_2010_16883_mozvoikko_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-16883 File : nvt/gb_fedora_2010_16883_perl-Gtk2-MozEmbed_fc13.nasl |
| 2010-11-04 | Name : Fedora Update for xulrunner FEDORA-2010-16883 File : nvt/gb_fedora_2010_16883_xulrunner_fc13.nasl |
| 2010-11-04 | Name : Mandriva Update for xulrunner MDVSA-2010:213 (xulrunner) File : nvt/gb_mandriva_MDVSA_2010_213.nasl |
| 2010-11-04 | Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerabilities USN-1010-1 File : nvt/gb_ubuntu_USN_1010_1.nasl |
| 2010-11-04 | Name : Ubuntu Update for Firefox vulnerability USN-1011-1 File : nvt/gb_ubuntu_USN_1011_1.nasl |
| 2010-11-04 | Name : Ubuntu Update for thunderbird vulnerability USN-1011-2 File : nvt/gb_ubuntu_USN_1011_2.nasl |
| 2010-11-04 | Name : Ubuntu Update for Xulrunner vulnerability USN-1011-3 File : nvt/gb_ubuntu_USN_1011_3.nasl |
| 2010-11-02 | Name : Mozilla Firefox Unspecified Vulnerability Oct-10 (Windows) File : nvt/gb_firefox_unspecified_vuln_oct10_win.nasl |
| 2010-10-28 | Name : Mozilla Products Multiple Unspecified Vulnerabilities (Windows) File : nvt/gb_mozilla_prdts_mult_unspecified_vuln_win.nasl |
| 2010-10-28 | Name : Mozilla Products Multiple Unspecified Vulnerabilities October-10(Windows) File : nvt/gb_mozilla_prdts_mult_unspecified_vuln_win01.nasl |
| 2010-10-28 | Name : Mozilla Products Multiple Vulnerabilities October-10 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_oct10.nasl |
| 2010-10-28 | Name : Mozilla Products Multiple Cross-site Scripting Vulnerabilities (Windows) File : nvt/gb_mozilla_prdts_mult_xss_vuln_win.nasl |
| 2010-10-28 | Name : Mozilla Products Unspecified Vulnerability (Windows) File : nvt/gb_mozilla_prdts_unspecified_vuln_win.nasl |
| 2010-10-26 | Name : Mandriva Update for firefox MDVSA-2010:210 (firefox) File : nvt/gb_mandriva_MDVSA_2010_210.nasl |
| 2010-10-26 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:211 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2010_211.nasl |
| 2010-10-22 | Name : RedHat Update for thunderbird RHSA-2010:0780-01 File : nvt/gb_RHSA-2010_0780-01_thunderbird.nasl |
| 2010-10-22 | Name : RedHat Update for seamonkey RHSA-2010:0781-01 File : nvt/gb_RHSA-2010_0781-01_seamonkey.nasl |
| 2010-10-22 | Name : RedHat Update for firefox RHSA-2010:0782-01 File : nvt/gb_RHSA-2010_0782-01_firefox.nasl |
| 2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16240 File : nvt/gb_fedora_2010_16240_java-1.6.0-openjdk_fc12.nasl |
| 2010-10-22 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-16294 File : nvt/gb_fedora_2010_16294_java-1.6.0-openjdk_fc13.nasl |
| 2010-10-22 | Name : Ubuntu Update for nss vulnerabilities USN-1007-1 File : nvt/gb_ubuntu_USN_1007_1.nasl |
| 2010-10-22 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-997-1 File : nvt/gb_ubuntu_USN_997_1.nasl |
| 2010-10-22 | Name : Ubuntu Update for thunderbird vulnerabilities USN-998-1 File : nvt/gb_ubuntu_USN_998_1.nasl |
| 2010-10-19 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0768-01 File : nvt/gb_RHSA-2010_0768-01_java-1.6.0-openjdk.nasl |
| 2010-10-19 | Name : Mandriva Update for libesmtp MDVSA-2010:195 (libesmtp) File : nvt/gb_mandriva_MDVSA_2010_195.nasl |
| 2010-10-19 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2010:049 File : nvt/gb_suse_2010_049.nasl |
| 2010-10-10 | Name : Debian Security Advisory DSA 2106-1 (xulrunner) File : nvt/deb_2106_1.nasl |
| 2010-10-10 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox50.nasl |
| 2010-09-27 | Name : Ubuntu Update for openssl vulnerability USN-990-1 File : nvt/gb_ubuntu_USN_990_1.nasl |
| 2010-09-27 | Name : Ubuntu Update for apache2 vulnerability USN-990-2 File : nvt/gb_ubuntu_USN_990_2.nasl |
| 2010-09-22 | Name : Ubuntu Update for Firefox and Xulrunner regression USN-975-2 File : nvt/gb_ubuntu_USN_975_2.nasl |
| 2010-09-22 | Name : Ubuntu Update for thunderbird regression USN-978-2 File : nvt/gb_ubuntu_USN_978_2.nasl |
| 2010-09-21 | Name : Mozilla Firefox Information Disclosure Vulnerability (Windows) File : nvt/secpod_mozilla_firefox_info_disc_vuln_win.nasl |
| 2010-09-21 | Name : Mozilla Products 'js_InitRandom' Information Disclosure Vulnerability (Windows) File : nvt/secpod_mozilla_prdts_info_disc_vuln_win_sep10.nasl |
| 2010-09-14 | Name : Mandriva Update for firefox MDVSA-2010:173 (firefox) File : nvt/gb_mandriva_MDVSA_2010_173.nasl |
| 2010-09-10 | Name : CentOS Update for seamonkey CESA-2010:0680 centos3 i386 File : nvt/gb_CESA-2010_0680_seamonkey_centos3_i386.nasl |
| 2010-09-10 | Name : CentOS Update for seamonkey CESA-2010:0680 centos4 i386 File : nvt/gb_CESA-2010_0680_seamonkey_centos4_i386.nasl |
| 2010-09-10 | Name : CentOS Update for firefox CESA-2010:0681 centos4 i386 File : nvt/gb_CESA-2010_0681_firefox_centos4_i386.nasl |
| 2010-09-10 | Name : CentOS Update for thunderbird CESA-2010:0682 centos4 i386 File : nvt/gb_CESA-2010_0682_thunderbird_centos4_i386.nasl |
| 2010-09-10 | Name : RedHat Update for seamonkey RHSA-2010:0680-01 File : nvt/gb_RHSA-2010_0680-01_seamonkey.nasl |
| 2010-09-10 | Name : RedHat Update for firefox RHSA-2010:0681-01 File : nvt/gb_RHSA-2010_0681-01_firefox.nasl |
| 2010-09-10 | Name : RedHat Update for thunderbird RHSA-2010:0682-01 File : nvt/gb_RHSA-2010_0682-01_thunderbird.nasl |
| 2010-09-10 | Name : Fedora Update for firefox FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_firefox_fc12.nasl |
| 2010-09-10 | Name : Fedora Update for galeon FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_galeon_fc12.nasl |
| 2010-09-10 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_gnome-python2-extras_fc12.nasl |
| 2010-09-10 | Name : Fedora Update for gnome-web-photo FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_gnome-web-photo_fc12.nasl |
| 2010-09-10 | Name : Fedora Update for mozvoikko FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_mozvoikko_fc12.nasl |
| 2010-09-10 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_perl-Gtk2-MozEmbed_fc12.nasl |
| 2010-09-10 | Name : Fedora Update for xulrunner FEDORA-2010-14362 File : nvt/gb_fedora_2010_14362_xulrunner_fc12.nasl |
| 2010-09-10 | Name : Mozilla Products Multiple Vulnerabilities sep-10 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_sep10.nasl |
| 2010-09-10 | Name : Mozilla Products 'SJOW' Arbitrary Code Execution Vulnerability (Windows) File : nvt/gb_mozilla_prdts_sjow_arbitrary_code_exec_vuln_win.nasl |
| 2010-09-10 | Name : Mozilla Products 'SJOW' Multiple Vulnerabilities (Windows) File : nvt/gb_mozilla_prdts_sjow_mult_vuln_win.nasl |
| 2010-09-10 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-975-1 File : nvt/gb_ubuntu_USN_975_1.nasl |
| 2010-09-10 | Name : Ubuntu Update for thunderbird vulnerabilities USN-978-1 File : nvt/gb_ubuntu_USN_978_1.nasl |
| 2010-09-07 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:169 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2010_169.nasl |
| 2010-09-01 | Name : Mozilla Products Insecure Library Loading Vulnerability (Windows) File : nvt/secpod_mozilla_prdts_insecure_lib_load_vuln_win.nasl |
| 2010-08-21 | Name : Debian Security Advisory DSA 2072-1 (libpng) File : nvt/deb_2072_1.nasl |
| 2010-08-21 | Name : Debian Security Advisory DSA 2075-1 (xulrunner) File : nvt/deb_2075_1.nasl |
| 2010-08-21 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox48.nasl |
| 2010-08-21 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox49.nasl |
| 2010-08-20 | Name : CentOS Update for seamonkey CESA-2010:0499 centos3 i386 File : nvt/gb_CESA-2010_0499_seamonkey_centos3_i386.nasl |
| 2010-08-20 | Name : CentOS Update for libpng10 CESA-2010:0534 centos3 i386 File : nvt/gb_CESA-2010_0534_libpng10_centos3_i386.nasl |
| 2010-08-20 | Name : CentOS Update for seamonkey CESA-2010:0546 centos3 i386 File : nvt/gb_CESA-2010_0546_seamonkey_centos3_i386.nasl |
| 2010-08-20 | Name : CentOS Update for seamonkey CESA-2010:0557 centos3 i386 File : nvt/gb_CESA-2010_0557_seamonkey_centos3_i386.nasl |
| 2010-08-13 | Name : Mandriva Update for firefox MDVSA-2010:147 (firefox) File : nvt/gb_mandriva_MDVSA_2010_147.nasl |
| 2010-08-11 | Name : Remote Code Execution Vulnerabilities in SChannel (980436) File : nvt/secpod_ms10-049.nasl |
| 2010-08-06 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2010:032 File : nvt/gb_suse_2010_032.nasl |
| 2010-07-30 | Name : Fedora Update for mingw32-libpng FEDORA-2010-10776 File : nvt/gb_fedora_2010_10776_mingw32-libpng_fc12.nasl |
| 2010-07-30 | Name : Fedora Update for mingw32-libpng FEDORA-2010-10793 File : nvt/gb_fedora_2010_10793_mingw32-libpng_fc13.nasl |
| 2010-07-30 | Name : Fedora Update for xulrunner FEDORA-2010-11452 File : nvt/gb_fedora_2010_11452_xulrunner_fc12.nasl |
| 2010-07-30 | Name : Fedora Update for xulrunner FEDORA-2010-11472 File : nvt/gb_fedora_2010_11472_xulrunner_fc13.nasl |
| 2010-07-30 | Name : Ubuntu Update for Firefox and Xulrunner vulnerability USN-930-6 File : nvt/gb_ubuntu_USN_930_6.nasl |
| 2010-07-30 | Name : Ubuntu Update for Firefox and Xulrunner vulnerability USN-957-2 File : nvt/gb_ubuntu_USN_957_2.nasl |
| 2010-07-30 | Name : Ubuntu Update for thunderbird vulnerabilities USN-958-1 File : nvt/gb_ubuntu_USN_958_1.nasl |
| 2010-07-26 | Name : RedHat Update for firefox RHSA-2010:0556-01 File : nvt/gb_RHSA-2010_0556-01_firefox.nasl |
| 2010-07-26 | Name : RedHat Update for seamonkey RHSA-2010:0557-01 File : nvt/gb_RHSA-2010_0557-01_seamonkey.nasl |
| 2010-07-26 | Name : RedHat Update for firefox RHSA-2010:0558-01 File : nvt/gb_RHSA-2010_0558-01_firefox.nasl |
| 2010-07-26 | Name : Mozilla Products Multiple Vulnerabilitie july-10 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win01_jul10.nasl |
| 2010-07-26 | Name : Mozilla Products Multiple Vulnerabilitie jul-10 (Win) File : nvt/gb_mozilla_prdts_mult_vuln_win02_jul10.nasl |
| 2010-07-26 | Name : Mozilla Products Multiple Vulnerabilities jul-10 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_jul10.nasl |
| 2010-07-26 | Name : Ubuntu Update for nss vulnerability USN-927-6 File : nvt/gb_ubuntu_USN_927_6.nasl |
| 2010-07-26 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-4 File : nvt/gb_ubuntu_USN_930_4.nasl |
| 2010-07-26 | Name : Ubuntu Update USN-930-5 File : nvt/gb_ubuntu_USN_930_5.nasl |
| 2010-07-26 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-957-1 File : nvt/gb_ubuntu_USN_957_1.nasl |
| 2010-07-23 | Name : RedHat Update for thunderbird RHSA-2010:0544-01 File : nvt/gb_RHSA-2010_0544-01_thunderbird.nasl |
| 2010-07-23 | Name : RedHat Update for seamonkey RHSA-2010:0546-01 File : nvt/gb_RHSA-2010_0546-01_seamonkey.nasl |
| 2010-07-23 | Name : RedHat Update for firefox RHSA-2010:0547-01 File : nvt/gb_RHSA-2010_0547-01_firefox.nasl |
| 2010-07-23 | Name : Fedora Update for libpng10 FEDORA-2010-10823 File : nvt/gb_fedora_2010_10823_libpng10_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for libpng10 FEDORA-2010-10833 File : nvt/gb_fedora_2010_10833_libpng10_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for seamonkey FEDORA-2010-11327 File : nvt/gb_fedora_2010_11327_seamonkey_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for firefox FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_firefox_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for galeon FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_galeon_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_gnome-python2-extras_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for gnome-web-photo FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_gnome-web-photo_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for mozvoikko FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_mozvoikko_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_perl-Gtk2-MozEmbed_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for xulrunner FEDORA-2010-11345 File : nvt/gb_fedora_2010_11345_xulrunner_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for sunbird FEDORA-2010-11361 File : nvt/gb_fedora_2010_11361_sunbird_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for thunderbird FEDORA-2010-11361 File : nvt/gb_fedora_2010_11361_thunderbird_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for seamonkey FEDORA-2010-11363 File : nvt/gb_fedora_2010_11363_seamonkey_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for firefox FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_firefox_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for galeon FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_galeon_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_gnome-python2-extras_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for gnome-web-photo FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_gnome-web-photo_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for mozvoikko FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_mozvoikko_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_perl-Gtk2-MozEmbed_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for xulrunner FEDORA-2010-11375 File : nvt/gb_fedora_2010_11375_xulrunner_fc12.nasl |
| 2010-07-23 | Name : Fedora Update for sunbird FEDORA-2010-11379 File : nvt/gb_fedora_2010_11379_sunbird_fc13.nasl |
| 2010-07-23 | Name : Fedora Update for thunderbird FEDORA-2010-11379 File : nvt/gb_fedora_2010_11379_thunderbird_fc13.nasl |
| 2010-07-23 | Name : SuSE Update for MozillaFirefox,mozilla-xulrunner191 SUSE-SA:2010:030 File : nvt/gb_suse_2010_030.nasl |
| 2010-07-16 | Name : RedHat Update for libpng RHSA-2010:0534-01 File : nvt/gb_RHSA-2010_0534-01_libpng.nasl |
| 2010-07-16 | Name : Fedora Update for qt FEDORA-2010-11011 File : nvt/gb_fedora_2010_11011_qt_fc13.nasl |
| 2010-07-16 | Name : Fedora Update for qt FEDORA-2010-11020 File : nvt/gb_fedora_2010_11020_qt_fc12.nasl |
| 2010-07-16 | Name : Mandriva Update for libpng MDVSA-2010:133 (libpng) File : nvt/gb_mandriva_MDVSA_2010_133.nasl |
| 2010-07-12 | Name : Ubuntu Update for thunderbird vulnerabilities USN-943-1 File : nvt/gb_ubuntu_USN_943_1.nasl |
| 2010-07-12 | Name : Ubuntu Update for libpng vulnerabilities USN-960-1 File : nvt/gb_ubuntu_USN_960_1.nasl |
| 2010-07-06 | Name : Debian Security Advisory DSA 2064-1 (xulrunner) File : nvt/deb_2064_1.nasl |
| 2010-07-06 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox47.nasl |
| 2010-07-06 | Name : FreeBSD Ports: png File : nvt/freebsd_png4.nasl |
| 2010-07-06 | Name : Fedora Update for libpng FEDORA-2010-10592 File : nvt/gb_fedora_2010_10592_libpng_fc12.nasl |
| 2010-07-02 | Name : Fedora Update for libpng FEDORA-2010-10557 File : nvt/gb_fedora_2010_10557_libpng_fc13.nasl |
| 2010-07-02 | Name : Ubuntu Update for nss vulnerability USN-927-4 File : nvt/gb_ubuntu_USN_927_4.nasl |
| 2010-07-02 | Name : Ubuntu Update for nspr update USN-927-5 File : nvt/gb_ubuntu_USN_927_5.nasl |
| 2010-07-02 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-930-1 File : nvt/gb_ubuntu_USN_930_1.nasl |
| 2010-07-02 | Name : Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea... File : nvt/gb_ubuntu_USN_930_2.nasl |
| 2010-07-02 | Name : Ubuntu Update for firefox regression USN-930-3 File : nvt/gb_ubuntu_USN_930_3.nasl |
| 2010-07-02 | Name : Mozilla Firefox Address Bar Spoofing Vulnerability june-10 (Win) File : nvt/secpod_mozilla_firefox_spoofing_vuln_win_jun10.nasl |
| 2010-07-01 | Name : Mozilla Firefox Multiple Unspecified Vulnerabilities june-10 (Win) File : nvt/secpod_mozilla_firefox_mult_unspecified_vuln_win.nasl |
| 2010-07-01 | Name : Mozilla Products Firefox/Seamonkey Multiple Vulnerabilities june-10 (Win) File : nvt/secpod_mozilla_prdts_mult_vuln_win01_jun10.nasl |
| 2010-07-01 | Name : Mozilla Products Multiple Vulnerabilities june-10 (Windows) File : nvt/secpod_mozilla_prdts_mult_vuln_win_jun10.nasl |
| 2010-07-01 | Name : Mozilla Products Unspecified Vulnerability june-10 (Win) File : nvt/secpod_mozilla_prdts_unspecified_vuln_win_jun10.nasl |
| 2010-06-28 | Name : RedHat Update for seamonkey RHSA-2010:0499-01 File : nvt/gb_RHSA-2010_0499-01_seamonkey.nasl |
| 2010-06-28 | Name : RedHat Update for firefox RHSA-2010:0501-01 File : nvt/gb_RHSA-2010_0501-01_firefox.nasl |
| 2010-06-28 | Name : Fedora Update for gnutls FEDORA-2010-9487 File : nvt/gb_fedora_2010_9487_gnutls_fc12.nasl |
| 2010-06-25 | Name : RedHat Update for firefox RHSA-2010:0500-01 File : nvt/gb_RHSA-2010_0500-01_firefox.nasl |
| 2010-06-25 | Name : Fedora Update for seamonkey FEDORA-2010-10329 File : nvt/gb_fedora_2010_10329_seamonkey_fc12.nasl |
| 2010-06-25 | Name : Fedora Update for firefox FEDORA-2010-10344 File : nvt/gb_fedora_2010_10344_firefox_fc12.nasl |
| 2010-06-25 | Name : Fedora Update for galeon FEDORA-2010-10344 File : nvt/gb_fedora_2010_10344_galeon_fc12.nasl |
| 2010-06-25 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-10344 File : nvt/gb_fedora_2010_10344_gnome-python2-extras_fc12.nasl |
| 2010-06-25 | Name : Fedora Update for gnome-web-photo FEDORA-2010-10344 File : nvt/gb_fedora_2010_10344_gnome-web-photo_fc12.nasl |
| 2010-06-25 | Name : Fedora Update for mozvoikko FEDORA-2010-10344 File : nvt/gb_fedora_2010_10344_mozvoikko_fc12.nasl |
| 2010-06-25 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-10344 File : nvt/gb_fedora_2010_10344_perl-Gtk2-MozEmbed_fc12.nasl |
| 2010-06-25 | Name : Fedora Update for xulrunner FEDORA-2010-10344 File : nvt/gb_fedora_2010_10344_xulrunner_fc12.nasl |
| 2010-06-25 | Name : Fedora Update for firefox FEDORA-2010-10361 File : nvt/gb_fedora_2010_10361_firefox_fc13.nasl |
| 2010-06-25 | Name : Fedora Update for galeon FEDORA-2010-10361 File : nvt/gb_fedora_2010_10361_galeon_fc13.nasl |
| 2010-06-25 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-10361 File : nvt/gb_fedora_2010_10361_gnome-python2-extras_fc13.nasl |
| 2010-06-25 | Name : Fedora Update for gnome-web-photo FEDORA-2010-10361 File : nvt/gb_fedora_2010_10361_gnome-web-photo_fc13.nasl |
| 2010-06-25 | Name : Fedora Update for mozvoikko FEDORA-2010-10361 File : nvt/gb_fedora_2010_10361_mozvoikko_fc13.nasl |
| 2010-06-25 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-10361 File : nvt/gb_fedora_2010_10361_perl-Gtk2-MozEmbed_fc13.nasl |
| 2010-06-25 | Name : Fedora Update for xulrunner FEDORA-2010-10361 File : nvt/gb_fedora_2010_10361_xulrunner_fc13.nasl |
| 2010-06-25 | Name : Fedora Update for seamonkey FEDORA-2010-10363 File : nvt/gb_fedora_2010_10363_seamonkey_fc13.nasl |
| 2010-06-25 | Name : Fedora Update for openssl FEDORA-2010-9421 File : nvt/gb_fedora_2010_9421_openssl_fc11.nasl |
| 2010-06-25 | Name : Fedora Update for gnutls FEDORA-2010-9518 File : nvt/gb_fedora_2010_9518_gnutls_fc13.nasl |
| 2010-06-25 | Name : Mandriva Update for firefox MDVSA-2010:125 (firefox) File : nvt/gb_mandriva_MDVSA_2010_125.nasl |
| 2010-06-25 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:126 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2010_126.nasl |
| 2010-06-18 | Name : Fedora Update for openssl FEDORA-2010-9639 File : nvt/gb_fedora_2010_9639_openssl_fc12.nasl |
| 2010-06-11 | Name : Fedora Update for libannodex FEDORA-2010-9774 File : nvt/gb_fedora_2010_9774_libannodex_fc13.nasl |
| 2010-06-11 | Name : Fedora Update for libfishsound FEDORA-2010-9774 File : nvt/gb_fedora_2010_9774_libfishsound_fc13.nasl |
| 2010-06-11 | Name : Fedora Update for liboggz FEDORA-2010-9774 File : nvt/gb_fedora_2010_9774_liboggz_fc13.nasl |
| 2010-06-11 | Name : Fedora Update for mod_annodex FEDORA-2010-9774 File : nvt/gb_fedora_2010_9774_mod_annodex_fc13.nasl |
| 2010-06-11 | Name : Fedora Update for sonic-visualiser FEDORA-2010-9774 File : nvt/gb_fedora_2010_9774_sonic-visualiser_fc13.nasl |
| 2010-06-07 | Name : Fedora Update for httpd FEDORA-2010-6055 File : nvt/gb_fedora_2010_6055_httpd_fc12.nasl |
| 2010-06-07 | Name : Fedora Update for liboggz FEDORA-2010-9253 File : nvt/gb_fedora_2010_9253_liboggz_fc12.nasl |
| 2010-06-07 | Name : HP-UX Update for Java HPSBUX02524 File : nvt/gb_hp_ux_HPSBUX02524.nasl |
| 2010-06-03 | Name : Debian Security Advisory DSA 2045-1 (libtheora) File : nvt/deb_2045_1.nasl |
| 2010-05-28 | Name : Fedora Update for openssl FEDORA-2010-8742 File : nvt/gb_fedora_2010_8742_openssl_fc12.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.5 Update 7 File : nvt/macosx_java_for_10_5_upd_7.nasl |
| 2010-05-28 | Name : Java for Mac OS X 10.6 Update 2 File : nvt/macosx_java_for_10_6_upd_2.nasl |
| 2010-05-17 | Name : Fedora Update for qt FEDORA-2010-8360 File : nvt/gb_fedora_2010_8360_qt_fc12.nasl |
| 2010-05-17 | Name : Fedora Update for qt FEDORA-2010-8379 File : nvt/gb_fedora_2010_8379_qt_fc11.nasl |
| 2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
| 2010-05-07 | Name : Fedora Update for httpd FEDORA-2010-6131 File : nvt/gb_fedora_2010_6131_httpd_fc11.nasl |
| 2010-05-04 | Name : Mozilla Firefox Code Execution Vulnerability (Win) - May10 File : nvt/gb_firefox_code_exe_vuln_win_may10.nasl |
| 2010-04-30 | Name : HP-UX Update for OpenSSL HPSBUX02517 File : nvt/gb_hp_ux_HPSBUX02517.nasl |
| 2010-04-30 | Name : Mandriva Update for gdm MDVA-2010:133 (gdm) File : nvt/gb_mandriva_MDVA_2010_133.nasl |
| 2010-04-30 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2010_084.nasl |
| 2010-04-29 | Name : Fedora Update for seamonkey FEDORA-2010-7100 File : nvt/gb_fedora_2010_7100_seamonkey_fc11.nasl |
| 2010-04-29 | Name : Mandriva Update for ldetect-lst MDVA-2010:125 (ldetect-lst) File : nvt/gb_mandriva_MDVA_2010_125.nasl |
| 2010-04-29 | Name : Mandriva Update for totem MDVA-2010:126 (totem) File : nvt/gb_mandriva_MDVA_2010_126.nasl |
| 2010-04-29 | Name : Mandriva Update for firefox MDVSA-2010:070-1 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070_1.nasl |
| 2010-04-29 | Name : Mandriva Update for openssl MDVSA-2010:076-1 (openssl) File : nvt/gb_mandriva_MDVSA_2010_076_1.nasl |
| 2010-04-29 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey,mozilla-nss SUSE-... File : nvt/gb_suse_2010_021.nasl |
| 2010-04-21 | Name : Debian Security Advisory DSA 2027-1 (xulrunner) File : nvt/deb_2027_1.nasl |
| 2010-04-21 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox46.nasl |
| 2010-04-19 | Name : Fedora Update for openssl FEDORA-2010-5357 File : nvt/gb_fedora_2010_5357_openssl_fc11.nasl |
| 2010-04-19 | Name : Mandriva Update for firefox MDVA-2010:121 (firefox) File : nvt/gb_mandriva_MDVA_2010_121.nasl |
| 2010-04-19 | Name : Mandriva Update for openssl MDVSA-2010:076 (openssl) File : nvt/gb_mandriva_MDVSA_2010_076.nasl |
| 2010-04-16 | Name : Mandriva Update for firefox-ext-plasmanotify MDVA-2010:118 (firefox-ext-plasm... File : nvt/gb_mandriva_MDVA_2010_118.nasl |
| 2010-04-16 | Name : Mandriva Update for firefox MDVSA-2010:070 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070.nasl |
| 2010-04-16 | Name : Ubuntu Update for Firefox 3.0 and Xulrunner vulnerabilities USN-920-1 File : nvt/gb_ubuntu_USN_920_1.nasl |
| 2010-04-16 | Name : Ubuntu Update for Firefox 3.5 and Xulrunner vulnerabilities USN-921-1 File : nvt/gb_ubuntu_USN_921_1.nasl |
| 2010-04-16 | Name : Ubuntu Update for nss vulnerability USN-927-1 File : nvt/gb_ubuntu_USN_927_1.nasl |
| 2010-04-13 | Name : Mozilla Products Firebug Code Execution Vulnerability (Windows) File : nvt/gb_mozilla_prdts_firebug_code_exec_vuln_win.nasl |
| 2010-04-13 | Name : Mozilla Products Denial of Service Vulnerability (Windows) File : nvt/gb_mozilla_prdts_mailto_dos_vuln_win.nasl |
| 2010-04-13 | Name : Mozilla Products Multiple vulnerabilities apr-10 (Win) File : nvt/gb_mozilla_prdts_mult_code_exec_vuln_win.nasl |
| 2010-04-13 | Name : Mozilla Products Multiple Code Execution vulnerabilities (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win01_apr10.nasl |
| 2010-04-13 | Name : Mozilla Products Multiple Vulnerabilitie Apr-10 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_apr10.nasl |
| 2010-04-13 | Name : Mozilla Products 'nsTreeSelection' Denial of Service vulnerability (Windows) File : nvt/gb_mozilla_prdts_ns_tree_code_exec_vuln_win.nasl |
| 2010-04-09 | Name : CentOS Update for firefox CESA-2010:0332 centos4 i386 File : nvt/gb_CESA-2010_0332_firefox_centos4_i386.nasl |
| 2010-04-09 | Name : CentOS Update for seamonkey CESA-2010:0333 centos3 i386 File : nvt/gb_CESA-2010_0333_seamonkey_centos3_i386.nasl |
| 2010-04-09 | Name : CentOS Update for seamonkey CESA-2010:0333 centos4 i386 File : nvt/gb_CESA-2010_0333_seamonkey_centos4_i386.nasl |
| 2010-04-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-6025 File : nvt/gb_fedora_2010_6025_java-1.6.0-openjdk_fc12.nasl |
| 2010-04-09 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2010-6039 File : nvt/gb_fedora_2010_6039_java-1.6.0-openjdk_fc11.nasl |
| 2010-04-09 | Name : Mandriva Update for nss MDVSA-2010:069 (nss) File : nvt/gb_mandriva_MDVSA_2010_069.nasl |
| 2010-04-09 | Name : Ubuntu Update for openjdk-6 vulnerabilities USN-923-1 File : nvt/gb_ubuntu_USN_923_1.nasl |
| 2010-04-07 | Name : Oracle Java SE Multiple Vulnerabilities (Linux) File : nvt/gb_oracle_java_se_mult_vuln_lin_apr10.nasl |
| 2010-04-07 | Name : Oracle Java SE Multiple Vulnerabilities (Windows) File : nvt/gb_oracle_java_se_mult_vuln_win_apr10.nasl |
| 2010-04-06 | Name : Debian Security Advisory DSA 2025-1 (icedove) File : nvt/deb_2025_1.nasl |
| 2010-04-06 | Name : FreeBSD Ports: seamonkey File : nvt/freebsd_seamonkey0.nasl |
| 2010-04-06 | Name : RedHat Update for firefox RHSA-2010:0332-01 File : nvt/gb_RHSA-2010_0332-01_firefox.nasl |
| 2010-04-06 | Name : RedHat Update for seamonkey RHSA-2010:0333-01 File : nvt/gb_RHSA-2010_0333-01_seamonkey.nasl |
| 2010-04-06 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2010:0339-01 File : nvt/gb_RHSA-2010_0339-01_java-1.6.0-openjdk.nasl |
| 2010-04-06 | Name : Fedora Update for Miro FEDORA-2010-5506 File : nvt/gb_fedora_2010_5506_Miro_fc12.nasl |
| 2010-04-06 | Name : Fedora Update for firefox FEDORA-2010-5506 File : nvt/gb_fedora_2010_5506_firefox_fc12.nasl |
| 2010-04-06 | Name : Fedora Update for galeon FEDORA-2010-5506 File : nvt/gb_fedora_2010_5506_galeon_fc12.nasl |
| 2010-04-06 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-5506 File : nvt/gb_fedora_2010_5506_gnome-python2-extras_fc12.nasl |
| 2010-04-06 | Name : Fedora Update for gnome-web-photo FEDORA-2010-5506 File : nvt/gb_fedora_2010_5506_gnome-web-photo_fc12.nasl |
| 2010-04-06 | Name : Fedora Update for mozvoikko FEDORA-2010-5506 File : nvt/gb_fedora_2010_5506_mozvoikko_fc12.nasl |
| 2010-04-06 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-5506 File : nvt/gb_fedora_2010_5506_perl-Gtk2-MozEmbed_fc12.nasl |
| 2010-04-06 | Name : Fedora Update for xulrunner FEDORA-2010-5506 File : nvt/gb_fedora_2010_5506_xulrunner_fc12.nasl |
| 2010-04-06 | Name : Fedora Update for Miro FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_Miro_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for blam FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_blam_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for chmsee FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_chmsee_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for epiphany-extensions FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_epiphany-extensions_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for epiphany FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_epiphany_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for evolution-rss FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_evolution-rss_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for firefox FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_firefox_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for galeon FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_galeon_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_gnome-python2-extras_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for gnome-web-photo FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_gnome-web-photo_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for google-gadgets FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_google-gadgets_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for hulahop FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_hulahop_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for kazehakase FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_kazehakase_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for mozvoikko FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_mozvoikko_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for pcmanx-gtk2 FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_pcmanx-gtk2_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_perl-Gtk2-MozEmbed_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for xulrunner FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_xulrunner_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for yelp FEDORA-2010-5515 File : nvt/gb_fedora_2010_5515_yelp_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for sunbird FEDORA-2010-5526 File : nvt/gb_fedora_2010_5526_sunbird_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for thunderbird FEDORA-2010-5526 File : nvt/gb_fedora_2010_5526_thunderbird_fc11.nasl |
| 2010-04-06 | Name : Fedora Update for sunbird FEDORA-2010-5539 File : nvt/gb_fedora_2010_5539_sunbird_fc12.nasl |
| 2010-04-06 | Name : Fedora Update for thunderbird FEDORA-2010-5539 File : nvt/gb_fedora_2010_5539_thunderbird_fc12.nasl |
| 2010-04-06 | Name : Fedora Update for seamonkey FEDORA-2010-5840 File : nvt/gb_fedora_2010_5840_seamonkey_fc12.nasl |
| 2010-04-06 | Name : Mac OS X Security Update 2010-001 File : nvt/macosx_secupd_2010-001.nasl |
| 2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos3 i386 File : nvt/gb_CESA-2010_0163_openssl_centos3_i386.nasl |
| 2010-03-31 | Name : CentOS Update for openssl CESA-2010:0163 centos4 i386 File : nvt/gb_CESA-2010_0163_openssl_centos4_i386.nasl |
| 2010-03-31 | Name : CentOS Update for nspr CESA-2010:0165 centos4 i386 File : nvt/gb_CESA-2010_0165_nspr_centos4_i386.nasl |
| 2010-03-31 | Name : CentOS Update for gnutls CESA-2010:0167 centos4 i386 File : nvt/gb_CESA-2010_0167_gnutls_centos4_i386.nasl |
| 2010-03-31 | Name : RedHat Update for openssl RHSA-2010:0162-01 File : nvt/gb_RHSA-2010_0162-01_openssl.nasl |
| 2010-03-31 | Name : RedHat Update for openssl RHSA-2010:0163-01 File : nvt/gb_RHSA-2010_0163-01_openssl.nasl |
| 2010-03-31 | Name : RedHat Update for openssl097a RHSA-2010:0164-01 File : nvt/gb_RHSA-2010_0164-01_openssl097a.nasl |
| 2010-03-31 | Name : RedHat Update for nss RHSA-2010:0165-01 File : nvt/gb_RHSA-2010_0165-01_nss.nasl |
| 2010-03-31 | Name : RedHat Update for gnutls RHSA-2010:0166-01 File : nvt/gb_RHSA-2010_0166-01_gnutls.nasl |
| 2010-03-31 | Name : RedHat Update for gnutls RHSA-2010:0167-01 File : nvt/gb_RHSA-2010_0167-01_gnutls.nasl |
| 2010-03-31 | Name : Fedora Update for nss FEDORA-2010-3905 File : nvt/gb_fedora_2010_3905_nss_fc11.nasl |
| 2010-03-30 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox45.nasl |
| 2010-03-30 | Name : FreeBSD Ports: seamonkey, linux-seamonkey File : nvt/freebsd_seamonkey.nasl |
| 2010-03-30 | Name : Mozilla Firefox 'JavaScript' Security Bypass Vulnerability File : nvt/secpod_firefox_javascript_sec_bypass_vuln_win.nasl |
| 2010-03-30 | Name : Firefox Multiple Vulnerabilities Mar-10 (Linux) File : nvt/secpod_firefox_mult_vuln_mar10_lin.nasl |
| 2010-03-30 | Name : Firefox Multiple Vulnerabilities Mar-10 (Win) File : nvt/secpod_firefox_mult_vuln_mar10_win.nasl |
| 2010-03-30 | Name : Mozilla Products Denial Of Service Vulnerability (Linux) File : nvt/secpod_mozilla_prdts_dos_vuln_lin_mar10.nasl |
| 2010-03-30 | Name : Mozilla Products Denial Of Service Vulnerability (Win) File : nvt/secpod_mozilla_prdts_dos_vuln_win_mar10.nasl |
| 2010-03-30 | Name : Mozilla Products Multiple Vulnerabilities Mar-10 (Linux) File : nvt/secpod_mozilla_prdts_mult_vuln_mar10_lin.nasl |
| 2010-03-30 | Name : Mozilla Products Multiple Vulnerabilities Mar-10 (Windows) File : nvt/secpod_mozilla_prdts_mult_vuln_mar10_win.nasl |
| 2010-03-23 | Name : Mozilla Firefox Unspecified Vulnerability (Windows) File : nvt/secpod_firefox_unspecified_vuln.nasl |
| 2010-03-22 | Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386 File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl |
| 2010-03-22 | Name : RedHat Update for thunderbird RHSA-2010:0154-02 File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl |
| 2010-03-22 | Name : Ubuntu Update for thunderbird vulnerabilities USN-915-1 File : nvt/gb_ubuntu_USN_915_1.nasl |
| 2010-03-12 | Name : Mandriva Update for cacti MDVA-2010:089 (cacti) File : nvt/gb_mandriva_MDVA_2010_089.nasl |
| 2010-03-12 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:051 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2010_051.nasl |
| 2010-03-05 | Name : Fedora Update for sunbird FEDORA-2010-3230 File : nvt/gb_fedora_2010_3230_sunbird_fc12.nasl |
| 2010-03-05 | Name : Fedora Update for thunderbird FEDORA-2010-3230 File : nvt/gb_fedora_2010_3230_thunderbird_fc12.nasl |
| 2010-03-05 | Name : Fedora Update for sunbird FEDORA-2010-3267 File : nvt/gb_fedora_2010_3267_sunbird_fc11.nasl |
| 2010-03-05 | Name : Fedora Update for thunderbird FEDORA-2010-3267 File : nvt/gb_fedora_2010_3267_thunderbird_fc11.nasl |
| 2010-03-05 | Name : SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2010:015 File : nvt/gb_suse_2010_015.nasl |
| 2010-03-02 | Name : Fedora Update for httpd FEDORA-2009-12747 File : nvt/gb_fedora_2009_12747_httpd_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for nss FEDORA-2010-1127 File : nvt/gb_fedora_2010_1127_nss_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for blam FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_blam_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for firefox FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_firefox_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for galeon FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_galeon_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_gnome-python2-extras_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for gnome-web-photo FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_gnome-web-photo_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for mozvoikko FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_mozvoikko_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_perl-Gtk2-MozEmbed_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for xulrunner FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_xulrunner_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for seamonkey FEDORA-2010-1932 File : nvt/gb_fedora_2010_1932_seamonkey_fc12.nasl |
| 2010-03-02 | Name : Fedora Update for Miro FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_Miro_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for blam FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_blam_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for chmsee FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_chmsee_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for eclipse FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_eclipse_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for epiphany-extensions FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_epiphany-extensions_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for epiphany FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_epiphany_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for evolution-rss FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_evolution-rss_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for firefox FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_firefox_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for galeon FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_galeon_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_gnome-python2-extras_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for gnome-web-photo FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_gnome-web-photo_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for google-gadgets FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_google-gadgets_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for hulahop FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_hulahop_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for kazehakase FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_kazehakase_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for monodevelop FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_monodevelop_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for mozvoikko FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_mozvoikko_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for pcmanx-gtk2 FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_pcmanx-gtk2_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_perl-Gtk2-MozEmbed_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for ruby-gnome2 FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_ruby-gnome2_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for xulrunner FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_xulrunner_fc11.nasl |
| 2010-03-02 | Name : Fedora Update for yelp FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_yelp_fc11.nasl |
| 2010-03-02 | Name : Mandriva Update for rsh MDVA-2010:076 (rsh) File : nvt/gb_mandriva_MDVA_2010_076.nasl |
| 2010-03-02 | Name : Mandriva Update for x11-driver-video-ati MDVA-2010:084 (x11-driver-video-ati) File : nvt/gb_mandriva_MDVA_2010_084.nasl |
| 2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Linux) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_lin.nasl |
| 2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Lin) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_lin01.nasl |
| 2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Windows) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_win.nasl |
| 2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Win) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_win01.nasl |
| 2010-02-25 | Name : Debian Security Advisory DSA 1999-1 (xulrunner) File : nvt/deb_1999_1.nasl |
| 2010-02-22 | Name : Mandriva Update for blogtk MDVA-2010:070-1 (blogtk) File : nvt/gb_mandriva_MDVA_2010_070_1.nasl |
| 2010-02-22 | Name : Mandriva Update for firefox MDVSA-2010:042 (firefox) File : nvt/gb_mandriva_MDVSA_2010_042.nasl |
| 2010-02-22 | Name : Mandriva Update for libtheora MDVSA-2010:043 (libtheora) File : nvt/gb_mandriva_MDVSA_2010_043.nasl |
| 2010-02-22 | Name : Firefox Multiple Vulnerabilities Feb-10 (Linux) File : nvt/secpod_firefox_mult_vuln_feb10_lin.nasl |
| 2010-02-22 | Name : Firefox Multiple Vulnerabilities Feb-10 (Win) File : nvt/secpod_firefox_mult_vuln_feb10_win.nasl |
| 2010-02-19 | Name : CentOS Update for firefox CESA-2010:0112 centos4 i386 File : nvt/gb_CESA-2010_0112_firefox_centos4_i386.nasl |
| 2010-02-19 | Name : CentOS Update for seamonkey CESA-2010:0113 centos3 i386 File : nvt/gb_CESA-2010_0113_seamonkey_centos3_i386.nasl |
| 2010-02-19 | Name : CentOS Update for seamonkey CESA-2010:0113 centos4 i386 File : nvt/gb_CESA-2010_0113_seamonkey_centos4_i386.nasl |
| 2010-02-19 | Name : RedHat Update for firefox RHSA-2010:0112-01 File : nvt/gb_RHSA-2010_0112-01_firefox.nasl |
| 2010-02-19 | Name : RedHat Update for seamonkey RHSA-2010:0113-01 File : nvt/gb_RHSA-2010_0113-01_seamonkey.nasl |
| 2010-02-19 | Name : Mandriva Update for mandriva-release MDVA-2010:069 (mandriva-release) File : nvt/gb_mandriva_MDVA_2010_069.nasl |
| 2010-02-19 | Name : Mandriva Update for blogtk MDVA-2010:070 (blogtk) File : nvt/gb_mandriva_MDVA_2010_070.nasl |
| 2010-02-19 | Name : Ubuntu Update for Firefox 3.0 and Xulrunner 1.9 vulnerabilities USN-895-1 File : nvt/gb_ubuntu_USN_895_1.nasl |
| 2010-02-19 | Name : Ubuntu Update for Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities USN-896-1 File : nvt/gb_ubuntu_USN_896_1.nasl |
| 2010-02-18 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox44.nasl |
| 2010-02-15 | Name : Mandriva Update for mmc-web-base MDVA-2010:051 (mmc-web-base) File : nvt/gb_mandriva_MDVA_2010_051.nasl |
| 2010-02-11 | Name : Microsoft Windows TLS/SSL Spoofing Vulnerability (977377) File : nvt/gb_ms_tls_ssl_spoofing_vuln.nasl |
| 2010-01-29 | Name : Mandriva Update for urpmi MDVA-2010:042 (urpmi) File : nvt/gb_mandriva_MDVA_2010_042.nasl |
| 2010-01-29 | Name : Mandriva Update for pciutils MDVA-2010:043 (pciutils) File : nvt/gb_mandriva_MDVA_2010_043.nasl |
| 2010-01-29 | Name : Mandriva Update for openldap MDVSA-2010:026 (openldap) File : nvt/gb_mandriva_MDVSA_2010_026.nasl |
| 2010-01-29 | Name : Mandriva Update for kdelibs4 MDVSA-2010:027 (kdelibs4) File : nvt/gb_mandriva_MDVSA_2010_027.nasl |
| 2010-01-29 | Name : Mandriva Update for kdelibs4 MDVSA-2010:028 (kdelibs4) File : nvt/gb_mandriva_MDVSA_2010_028.nasl |
| 2010-01-19 | Name : Mandriva Update for sendmail MDVSA-2010:003 (sendmail) File : nvt/gb_mandriva_MDVSA_2010_003.nasl |
| 2010-01-15 | Name : Mandriva Update for firefox MDVSA-2010:000 (firefox) File : nvt/gb_mandriva_MDVSA_2010_000.nasl |
| 2010-01-15 | Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-877-1 File : nvt/gb_ubuntu_USN_877_1.nasl |
| 2010-01-15 | Name : Ubuntu Update for firefox-3.5, xulrunner-1.9.1 regression USN-878-1 File : nvt/gb_ubuntu_USN_878_1.nasl |
| 2010-01-13 | Name : Firefox 'nsObserverList::FillObserverArray' DOS Vulnerability (Win) File : nvt/gb_firefox_dos_vuln_win_jan10.nasl |
| 2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1673 File : nvt/RHSA_2009_1673.nasl |
| 2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1674 File : nvt/RHSA_2009_1674.nasl |
| 2009-12-30 | Name : Debian Security Advisory DSA 1956-1 (xulrunner) File : nvt/deb_1956_1.nasl |
| 2009-12-30 | Name : Fedora Core 12 FEDORA-2009-12229 (tomcat-native) File : nvt/fcore_2009_12229.nasl |
| 2009-12-30 | Name : Fedora Core 11 FEDORA-2009-12305 (tomcat-native) File : nvt/fcore_2009_12305.nasl |
| 2009-12-30 | Name : Fedora Core 12 FEDORA-2009-12606 (httpd) File : nvt/fcore_2009_12606.nasl |
| 2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13236 (proftpd) File : nvt/fcore_2009_13236.nasl |
| 2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13250 (proftpd) File : nvt/fcore_2009_13250.nasl |
| 2009-12-30 | Name : Fedora Core 11 FEDORA-2009-13333 (firefox) File : nvt/fcore_2009_13333.nasl |
| 2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13362 (seamonkey) File : nvt/fcore_2009_13362.nasl |
| 2009-12-30 | Name : Fedora Core 12 FEDORA-2009-13366 (gnome-python2-extras) File : nvt/fcore_2009_13366.nasl |
| 2009-12-30 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox43.nasl |
| 2009-12-30 | Name : FreeBSD Ports: postgresql-client, postgresql-server File : nvt/freebsd_postgresql-client.nasl |
| 2009-12-30 | Name : Mandriva Security Advisory MDVSA-2009:339 (firefox) File : nvt/mdksa_2009_339.nasl |
| 2009-12-30 | Name : CentOS Security Advisory CESA-2009:1673 (seamonkey) File : nvt/ovcesa2009_1673.nasl |
| 2009-12-30 | Name : CentOS Security Advisory CESA-2009:1674 (firefox) File : nvt/ovcesa2009_1674.nasl |
| 2009-12-30 | Name : SuSE Security Advisory SUSE-SA:2009:063 (MozillaFirefox) File : nvt/suse_sa_2009_063.nasl |
| 2009-12-30 | Name : Ubuntu USN-873-1 (xulrunner-1.9) File : nvt/ubuntu_873_1.nasl |
| 2009-12-30 | Name : Ubuntu USN-874-1 (xulrunner-1.9.1) File : nvt/ubuntu_874_1.nasl |
| 2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_firefox_mult_vuln_dec09_lin01.nasl |
| 2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_firefox_mult_vuln_dec09_lin02.nasl |
| 2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_firefox_mult_vuln_dec09_win01.nasl |
| 2009-12-23 | Name : Firefox Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_firefox_mult_vuln_dec09_win02.nasl |
| 2009-12-23 | Name : Seamonkey Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_seamonkey_mult_vuln_dec09_lin.nasl |
| 2009-12-23 | Name : Seamonkey Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_seamonkey_mult_vuln_dec09_win.nasl |
| 2009-12-23 | Name : Thunderbird Multiple Vulnerabilities Dec-09 (Linux) File : nvt/secpod_thunderbird_mult_vuln_dec09_lin.nasl |
| 2009-12-23 | Name : Thunderbird Multiple Vulnerabilities Dec-09 (Win) File : nvt/secpod_thunderbird_mult_vuln_dec09_win.nasl |
| 2009-12-14 | Name : Fedora Core 10 FEDORA-2009-12604 (httpd) File : nvt/fcore_2009_12604.nasl |
| 2009-12-14 | Name : Fedora Core 12 FEDORA-2009-12968 (nss-util) File : nvt/fcore_2009_12968.nasl |
| 2009-12-14 | Name : Gentoo Security Advisory GLSA 200912-01 (openssl) File : nvt/glsa_200912_01.nasl |
| 2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:330 (kdelibs) File : nvt/mdksa_2009_330.nasl |
| 2009-12-10 | Name : Fedora Core 12 FEDORA-2009-12750 (nginx) File : nvt/fcore_2009_12750.nasl |
| 2009-12-10 | Name : Fedora Core 10 FEDORA-2009-12775 (nginx) File : nvt/fcore_2009_12775.nasl |
| 2009-12-10 | Name : Fedora Core 11 FEDORA-2009-12782 (nginx) File : nvt/fcore_2009_12782.nasl |
| 2009-12-10 | Name : FreeBSD Security Advisory (FreeBSD-SA-09:15.ssl.asc) File : nvt/freebsdsa_ssl.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:197-3 (nss) File : nvt/mdksa_2009_197_3.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:201-1 (fetchmail) File : nvt/mdksa_2009_201_1.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:203-1 (curl) File : nvt/mdksa_2009_203_1.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:206-1 (wget) File : nvt/mdksa_2009_206_1.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:217-3 (mozilla-thunderbird) File : nvt/mdksa_2009_217_3.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:290-1 (firefox) File : nvt/mdksa_2009_290_1.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:315 (libneon) File : nvt/mdksa_2009_315.nasl |
| 2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:323 (apache) File : nvt/mdksa_2009_323.nasl |
| 2009-12-03 | Name : Debian Security Advisory DSA 1939-1 (libvorbis) File : nvt/deb_1939_1.nasl |
| 2009-12-03 | Name : FreeBSD Ports: libvorbis File : nvt/freebsd_libvorbis1.nasl |
| 2009-12-03 | Name : Ubuntu USN-861-1 (libvorbis) File : nvt/ubuntu_861_1.nasl |
| 2009-11-23 | Name : SLES9: Security update for OpenSSL File : nvt/sles9p5062661.nasl |
| 2009-11-23 | Name : SuSE Security Advisory SUSE-SA:2009:057 (openssl) File : nvt/suse_sa_2009_057.nasl |
| 2009-11-23 | Name : Ubuntu USN-853-1 (xulrunner-1.9.1) File : nvt/ubuntu_853_1.nasl |
| 2009-11-20 | Name : Mozilla Firefox 'GIF' File DoS Vulnerability - Nov09 (Linux) File : nvt/secpod_firefox_gif_dos_vuln_nov09_lin.nasl |
| 2009-11-20 | Name : Mozilla Firefox 'GIF' File DoS Vulnerability - Nov09 (Win) File : nvt/secpod_firefox_gif_dos_vuln_nov09_win.nasl |
| 2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1579 File : nvt/RHSA_2009_1579.nasl |
| 2009-11-17 | Name : RedHat Security Advisory RHSA-2009:1580 File : nvt/RHSA_2009_1580.nasl |
| 2009-11-17 | Name : Fedora Core 10 FEDORA-2009-11169 (libvorbis) File : nvt/fcore_2009_11169.nasl |
| 2009-11-17 | Name : Fedora Core 11 FEDORA-2009-11243 (libvorbis) File : nvt/fcore_2009_11243.nasl |
| 2009-11-17 | Name : CentOS Security Advisory CESA-2009:1579 (httpd) File : nvt/ovcesa2009_1579.nasl |
| 2009-11-17 | Name : CentOS Security Advisory CESA-2009:1580 (httpd) File : nvt/ovcesa2009_1580.nasl |
| 2009-11-17 | Name : SLES10: Security update for OpenSSL File : nvt/sles10_compat-openssl02.nasl |
| 2009-11-17 | Name : SLES10: Security update for OpenSSL File : nvt/sles10_openssl3.nasl |
| 2009-11-17 | Name : SLES11: Security update for libopenssl File : nvt/sles11_libopenssl0_9_82.nasl |
| 2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1530 File : nvt/RHSA_2009_1530.nasl |
| 2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1531 File : nvt/RHSA_2009_1531.nasl |
| 2009-11-11 | Name : RedHat Security Advisory RHSA-2009:1561 File : nvt/RHSA_2009_1561.nasl |
| 2009-11-11 | Name : Debian Security Advisory DSA 1922-1 (xulrunner) File : nvt/deb_1922_1.nasl |
| 2009-11-11 | Name : Debian Security Advisory DSA 1931-1 (nspr) File : nvt/deb_1931_1.nasl |
| 2009-11-11 | Name : Fedora Core 11 FEDORA-2009-10878 (chmsee) File : nvt/fcore_2009_10878.nasl |
| 2009-11-11 | Name : Fedora Core 10 FEDORA-2009-10981 (blam) File : nvt/fcore_2009_10981.nasl |
| 2009-11-11 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox42.nasl |
| 2009-11-11 | Name : Mandriva Security Advisory MDVSA-2009:290 (firefox) File : nvt/mdksa_2009_290.nasl |
| 2009-11-11 | Name : CentOS Security Advisory CESA-2009:1530 (firefox) File : nvt/ovcesa2009_1530.nasl |
| 2009-11-11 | Name : CentOS Security Advisory CESA-2009:1531 (seamonkey) File : nvt/ovcesa2009_1531.nasl |
| 2009-11-11 | Name : CentOS Security Advisory CESA-2009:1561 (libvorbis) File : nvt/ovcesa2009_1561.nasl |
| 2009-11-11 | Name : SLES10: Security update for Mozilla Firefox File : nvt/sles10_MozillaFirefox7.nasl |
| 2009-11-11 | Name : SLES10: Security update for Mozilla XULRunner File : nvt/sles10_mozilla-xulrunn0.nasl |
| 2009-11-11 | Name : SLES10: Security update for neon File : nvt/sles10_neon.nasl |
| 2009-11-11 | Name : SLES11: Security update for Mozilla Firefox File : nvt/sles11_MozillaFirefox7.nasl |
| 2009-11-11 | Name : SLES11: Security update for libneon File : nvt/sles11_libneon27.nasl |
| 2009-11-11 | Name : SLES11: Security update for Mozilla XULRunner File : nvt/sles11_mozilla-xulrunn1.nasl |
| 2009-11-11 | Name : SuSE Security Advisory SUSE-SA:2009:052 (MozillaFirefox) File : nvt/suse_sa_2009_052.nasl |
| 2009-11-11 | Name : SuSE Security Summary SUSE-SR:2009:018 File : nvt/suse_sr_2009_018.nasl |
| 2009-11-04 | Name : Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Linux) File : nvt/gb_seamonkey_mult_vuln_nov09_lin.nasl |
| 2009-11-04 | Name : Mozilla Seamonkey Multiple Vulnerabilities Nov-09 (Win) File : nvt/gb_seamonkey_mult_vuln_nov09_win.nasl |
| 2009-11-02 | Name : Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Linux) File : nvt/gb_firefox_dos_vuln_nov09_lin.nasl |
| 2009-11-02 | Name : Mozilla Firefox Denial Of Service Vulnerability Nov-09 (Win) File : nvt/gb_firefox_dos_vuln_nov09_win.nasl |
| 2009-11-02 | Name : Mozilla Firefox Multiple Memory Corruption Vulnerabilities Nov-09 (Linux) File : nvt/gb_firefox_mult_mem_crptn_vuln_nov09_lin.nasl |
| 2009-11-02 | Name : Mozilla Firefox Multiple Memory Corruption Vulnerabilities Nov-09 (Win) File : nvt/gb_firefox_mult_mem_crptn_vuln_nov09_win.nasl |
| 2009-11-02 | Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Linux) File : nvt/gb_firefox_mult_vuln_nov09_lin.nasl |
| 2009-11-02 | Name : Mozilla Firefox Multiple Vulnerabilities Nov-09 (Win) File : nvt/gb_firefox_mult_vuln_nov09_win.nasl |
| 2009-10-27 | Name : Mandrake Security Advisory MDVSA-2009:288 (proftpd) File : nvt/mdksa_2009_288.nasl |
| 2009-10-27 | Name : SLES10: Security update for Mozilla Firefox File : nvt/sles10_firefox35upgrad.nasl |
| 2009-10-27 | Name : SLES10: Security update for Mozilla NSS File : nvt/sles10_mozilla-nspr.nasl |
| 2009-10-27 | Name : SLES9: Security update for epiphany File : nvt/sles9p5060741.nasl |
| 2009-10-27 | Name : SuSE Security Advisory SUSE-SA:2009:048 (MozillaFirefox) File : nvt/suse_sa_2009_048.nasl |
| 2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
| 2009-10-13 | Name : Mandrake Security Advisory MDVSA-2009:217-1 (mozilla-thunderbird) File : nvt/mdksa_2009_217_1.nasl |
| 2009-10-13 | Name : Mandrake Security Advisory MDVSA-2009:217-2 (mozilla-thunderbird) File : nvt/mdksa_2009_217_2.nasl |
| 2009-10-13 | Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox.nasl |
| 2009-10-13 | Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox0.nasl |
| 2009-10-13 | Name : SLES10: Security update for Mozilla Firefox File : nvt/sles10_MozillaFirefox2.nasl |
| 2009-10-13 | Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox3.nasl |
| 2009-10-13 | Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox4.nasl |
| 2009-10-13 | Name : SLES10: Security update for MozillaFirefox File : nvt/sles10_MozillaFirefox6.nasl |
| 2009-10-13 | Name : SLES10: Security update for Epiphany File : nvt/sles10_epiphany.nasl |
| 2009-10-13 | Name : SLES10: Security update for Mozilla File : nvt/sles10_gecko-sdk.nasl |
| 2009-10-13 | Name : SLES10: Security update for gecko-sdk and mozilla-xulrunner File : nvt/sles10_gecko-sdk0.nasl |
| 2009-10-13 | Name : SLES10: Security update for mutt File : nvt/sles10_mutt.nasl |
| 2009-10-13 | Name : SLES10: Security update for OpenLDAP2 File : nvt/sles10_openldap2.nasl |
| 2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox.nasl |
| 2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox0.nasl |
| 2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox1.nasl |
| 2009-10-11 | Name : SLES11: Security update for Mozilla Firefox File : nvt/sles11_MozillaFirefox2.nasl |
| 2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox3.nasl |
| 2009-10-11 | Name : SLES11: Security update for MozillaFirefox File : nvt/sles11_MozillaFirefox4.nasl |
| 2009-10-11 | Name : SLES11: Security update for Mozilla Firefox File : nvt/sles11_MozillaFirefox5.nasl |
| 2009-10-11 | Name : SLES11: Security update for Firefox File : nvt/sles11_MozillaFirefox6.nasl |
| 2009-10-11 | Name : SLES11: Security update for Mozilla Firefox File : nvt/sles11_libfreebl3.nasl |
| 2009-10-11 | Name : SLES11: Security update for OpenLDAP2 File : nvt/sles11_libldap-2_4-2.nasl |
| 2009-10-11 | Name : SLES11: Security update for Mozilla File : nvt/sles11_mozilla-xulrunn.nasl |
| 2009-10-11 | Name : SLES11: Security update for Mozilla File : nvt/sles11_mozilla-xulrunn0.nasl |
| 2009-10-11 | Name : SLES11: Security update for mutt File : nvt/sles11_mutt.nasl |
| 2009-10-10 | Name : SLES9: Security update for Epiphany and Mozilla File : nvt/sles9p5036604.nasl |
| 2009-10-10 | Name : SLES9: Security update for Epiphany File : nvt/sles9p5040940.nasl |
| 2009-10-10 | Name : SLES9: Security update for mutt File : nvt/sles9p5058752.nasl |
| 2009-10-10 | Name : SLES9: Security update for OpenLDAP2 File : nvt/sles9p5058840.nasl |
| 2009-10-10 | Name : SLES9: Security update for epiphany File : nvt/sles9p5059920.nasl |
| 2009-09-23 | Name : Insecure Saving Of Downloadable File In Mozilla Firefox (Linux) File : nvt/secpod_firefox_insecure_saving_download_file.nasl |
| 2009-09-21 | Name : Mandrake Security Advisory MDVSA-2009:236 (firefox) File : nvt/mdksa_2009_236.nasl |
| 2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1430 File : nvt/RHSA_2009_1430.nasl |
| 2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1431 File : nvt/RHSA_2009_1431.nasl |
| 2009-09-15 | Name : RedHat Security Advisory RHSA-2009:1432 File : nvt/RHSA_2009_1432.nasl |
| 2009-09-15 | Name : Debian Security Advisory DSA 1885-1 (xulrunner) File : nvt/deb_1885_1.nasl |
| 2009-09-15 | Name : Debian Security Advisory DSA 1886-1 (iceweasel) File : nvt/deb_1886_1.nasl |
| 2009-09-15 | Name : Fedora Core 10 FEDORA-2009-9494 (epiphany) File : nvt/fcore_2009_9494.nasl |
| 2009-09-15 | Name : Fedora Core 11 FEDORA-2009-9505 (epiphany-extensions) File : nvt/fcore_2009_9505.nasl |
| 2009-09-15 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox41.nasl |
| 2009-09-15 | Name : Mandrake Security Advisory MDVSA-2009:197-2 (nss) File : nvt/mdksa_2009_197_2.nasl |
| 2009-09-15 | Name : Mandrake Security Advisory MDVSA-2009:225 (qt4) File : nvt/mdksa_2009_225.nasl |
| 2009-09-15 | Name : Mandrake Security Advisory MDVSA-2009:228 (libneon) File : nvt/mdksa_2009_228.nasl |
| 2009-09-15 | Name : CentOS Security Advisory CESA-2009:1430 (seamonkey) File : nvt/ovcesa2009_1430.nasl |
| 2009-09-15 | Name : CentOS Security Advisory CESA-2009:1431 (seamonkey) File : nvt/ovcesa2009_1431.nasl |
| 2009-09-15 | Name : CentOS Security Advisory CESA-2009:1432 (seamonkey) File : nvt/ovcesa2009_1432.nasl |
| 2009-09-15 | Name : Ubuntu USN-821-1 (xulrunner-1.9) File : nvt/ubuntu_821_1.nasl |
| 2009-09-11 | Name : Mozilla Firefox Denial Of Service Vulnerability - Sep09 (Linux) File : nvt/secpod_firefox_dos_vuln_sep09_lin.nasl |
| 2009-09-11 | Name : Mozilla Firefox Denial Of Service Vulnerability - Sep09 (Win) File : nvt/secpod_firefox_dos_vuln_sep09_win.nasl |
| 2009-09-11 | Name : Mozilla Firefox 'JavaScript' DoS Vulnerabilities - Sep09 (Linux) File : nvt/secpod_firefox_js_dos_vuln_sep09_lin.nasl |
| 2009-09-11 | Name : Mozilla Firefox 'JavaScript' DoS Vulnerabilities - Sep09 (Win) File : nvt/secpod_firefox_js_dos_vuln_sep09_win.nasl |
| 2009-09-11 | Name : Mozilla Firefox Multiple Denial Of Service Vulnerabilities - Sep09 (Linux) File : nvt/secpod_firefox_mult_dos_vuln_sep09_lin.nasl |
| 2009-09-11 | Name : Mozilla Firefox Multiple Denial Of Service Vulnerabilities - Sep09 (Win) File : nvt/secpod_firefox_mult_dos_vuln_sep09_win.nasl |
| 2009-09-11 | Name : Mozilla Firefox Multiple Vulnerabilities - Sep09 (Linux) File : nvt/secpod_firefox_mult_vuln_sep09_lin.nasl |
| 2009-09-11 | Name : Mozilla Firefox Multiple Vulnerabilities - Sep09 (Win) File : nvt/secpod_firefox_mult_vuln_sep09_win.nasl |
| 2009-09-02 | Name : Debian Security Advisory DSA 1873-1 (xulrunner) File : nvt/deb_1873_1.nasl |
| 2009-09-02 | Name : Debian Security Advisory DSA 1874-1 (nss) File : nvt/deb_1874_1.nasl |
| 2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:203 (curl) File : nvt/mdksa_2009_203.nasl |
| 2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:206 (wget) File : nvt/mdksa_2009_206.nasl |
| 2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:216 (mozilla-thunderbird) File : nvt/mdksa_2009_216.nasl |
| 2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:217 (mozilla-thunderbird) File : nvt/mdksa_2009_217.nasl |
| 2009-09-02 | Name : Mandrake Security Advisory MDVSA-2009:221 (libneon0.27) File : nvt/mdksa_2009_221.nasl |
| 2009-08-19 | Name : Mozilla Products Information Disclosure Vulnerability (Linux) File : nvt/secpod_mozilla_prdts_info_disc_vuln_lin.nasl |
| 2009-08-19 | Name : Mozilla Products Information Disclosure Vulnerability (Win) File : nvt/secpod_mozilla_prdts_info_disc_vuln_win.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1184 File : nvt/RHSA_2009_1184.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1185 File : nvt/RHSA_2009_1185.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1186 File : nvt/RHSA_2009_1186.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1190 File : nvt/RHSA_2009_1190.nasl |
| 2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1207 File : nvt/RHSA_2009_1207.nasl |
| 2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8279 (xulrunner) File : nvt/fcore_2009_8279.nasl |
| 2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8288 (perl-Gtk2-MozEmbed) File : nvt/fcore_2009_8288.nasl |
| 2009-08-17 | Name : FreeBSD Ports: fetchmail File : nvt/freebsd_fetchmail12.nasl |
| 2009-08-17 | Name : FreeBSD Ports: firefox, linux-firefox-devel File : nvt/freebsd_firefox40.nasl |
| 2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:182 (firefox) File : nvt/mdksa_2009_182.nasl |
| 2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:185 (firefox) File : nvt/mdksa_2009_185.nasl |
| 2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:197 (nss) File : nvt/mdksa_2009_197.nasl |
| 2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:198 (firefox) File : nvt/mdksa_2009_198.nasl |
| 2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:201 (fetchmail) File : nvt/mdksa_2009_201.nasl |
| 2009-08-17 | Name : CentOS Security Advisory CESA-2009:1185 (seamonkey) File : nvt/ovcesa2009_1185.nasl |
| 2009-08-17 | Name : Ubuntu USN-810-1 (nss) File : nvt/ubuntu_810_1.nasl |
| 2009-08-17 | Name : Ubuntu USN-810-2 (fixed) File : nvt/ubuntu_810_2.nasl |
| 2009-08-17 | Name : Ubuntu USN-811-1 (xulrunner-1.9) File : nvt/ubuntu_811_1.nasl |
| 2009-08-11 | Name : Multiple Products NSS Library Buffer Overflow Vulnerability File : nvt/gb_mult_prdts_nss_lib_bof_vuln.nasl |
| 2009-08-07 | Name : Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 (Linux) File : nvt/gb_firefox_chrome_priv_esc_vuln_aug09_lin.nasl |
| 2009-08-07 | Name : Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 (Win) File : nvt/gb_firefox_chrome_priv_esc_vuln_aug09_win.nasl |
| 2009-08-07 | Name : Mozilla Firefox Multiple Memory Corruption Vulnerabilities Aug-09 (Linux) File : nvt/gb_firefox_mult_mem_crptn_vuln_aug09_lin.nasl |
| 2009-08-07 | Name : Mozilla Firefox Multiple Memory Corruption Vulnerabilities Aug-09 (Win) File : nvt/gb_firefox_mult_mem_crptn_vuln_aug09_win.nasl |
| 2009-08-07 | Name : Mozilla Firefox SOCKS5 Proxy Server DoS Vulnerability Aug-09 (Linux) File : nvt/gb_firefox_socks5_proxy_dos_vuln_aug09_lin.nasl |
| 2009-08-07 | Name : Mozilla Firefox SOCKS5 Proxy Server DoS Vulnerability Aug-09 (Win) File : nvt/gb_firefox_socks5_proxy_dos_vuln_aug09_win.nasl |
| 2009-08-05 | Name : Firefox SSL Server Spoofing Vulnerability (Win) File : nvt/gb_firefox_ssl_spoof_vuln_win.nasl |
| 2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1162 File : nvt/RHSA_2009_1162.nasl |
| 2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1163 File : nvt/RHSA_2009_1163.nasl |
| 2009-07-29 | Name : Debian Security Advisory DSA 1830-1 (icedove) File : nvt/deb_1830_1.nasl |
| 2009-07-29 | Name : Debian Security Advisory DSA 1840-1 (xulrunner) File : nvt/deb_1840_1.nasl |
| 2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7567 (seamonkey) File : nvt/fcore_2009_7567.nasl |
| 2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7614 (seamonkey) File : nvt/fcore_2009_7614.nasl |
| 2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7898 (firefox) File : nvt/fcore_2009_7898.nasl |
| 2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7961 (blam) File : nvt/fcore_2009_7961.nasl |
| 2009-07-29 | Name : FreeBSD Ports: firefox35 File : nvt/freebsd_firefox350.nasl |
| 2009-07-29 | Name : CentOS Security Advisory CESA-2009:1162 (firefox) File : nvt/ovcesa2009_1162.nasl |
| 2009-07-29 | Name : CentOS Security Advisory CESA-2009:1163 (seamonkey) File : nvt/ovcesa2009_1163.nasl |
| 2009-07-29 | Name : SuSE Security Advisory SUSE-SA:2009:039 (MozillaFirefox) File : nvt/suse_sa_2009_039.nasl |
| 2009-07-29 | Name : Ubuntu USN-798-1 (xulrunner-1.9) File : nvt/ubuntu_798_1.nasl |
| 2009-07-29 | Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl |
| 2009-07-29 | Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl |
| 2009-07-29 | Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl |
| 2009-07-29 | Name : Ubuntu USN-805-1 (ruby1.9) File : nvt/ubuntu_805_1.nasl |
| 2009-07-23 | Name : Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Linux) File : nvt/secpod_firefox_code_exec_vuln_jul09_lin.nasl |
| 2009-07-23 | Name : Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Win) File : nvt/secpod_firefox_code_exec_vuln_jul09_win.nasl |
| 2009-07-23 | Name : Mozilla Firefox Multiple Vulnerabilities July-09 (Linux) File : nvt/secpod_firefox_mult_vuln_jul09_lin.nasl |
| 2009-07-23 | Name : Mozilla Firefox Multiple Vulnerabilities July-09 (Win) File : nvt/secpod_firefox_mult_vuln_jul09_win.nasl |
| 2009-07-23 | Name : Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Linux) File : nvt/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl |
| 2009-07-23 | Name : Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Win) File : nvt/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl |
| 2009-07-22 | Name : Mozilla Products 'select()' Denial Of Service Vulnerability (Linux) File : nvt/gb_mozilla_prdts_dos_vuln_jul09_lin.nasl |
| 2009-07-22 | Name : Mozilla Products 'select()' Denial Of Service Vulnerability (Win) File : nvt/gb_mozilla_prdts_dos_vuln_jul09_win.nasl |
| 2009-07-18 | Name : Mozilla Firefox Buffer Overflow Vulnerability - July09 (Linux) File : nvt/gb_firefox_bof_vuln_jul09_lin.nasl |
| 2009-07-18 | Name : Mozilla Firefox Buffer Overflow Vulnerability - July09 (Win) File : nvt/gb_firefox_bof_vuln_jul09_win.nasl |
| 2009-07-17 | Name : Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Linux) File : nvt/gb_firefox_js_compiler_code_exec_vuln_lin.nasl |
| 2009-07-17 | Name : Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Win) File : nvt/gb_firefox_js_compiler_code_exec_vuln_win.nasl |
| 2009-07-06 | Name : RedHat Security Advisory RHSA-2009:1134 File : nvt/RHSA_2009_1134.nasl |
| 2009-07-06 | Name : CentOS Security Advisory CESA-2009:1134 (seamonkey) File : nvt/ovcesa2009_1134.nasl |
| 2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1125 File : nvt/RHSA_2009_1125.nasl |
| 2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1126 File : nvt/RHSA_2009_1126.nasl |
| 2009-06-30 | Name : Mandrake Security Advisory MDVSA-2009:141 (mozilla-thunderbird) File : nvt/mdksa_2009_141.nasl |
| 2009-06-30 | Name : CentOS Security Advisory CESA-2009:1126 (thunderbird) File : nvt/ovcesa2009_1126.nasl |
| 2009-06-30 | Name : Mozilla Thunderbird/Seamonkey DoS Vulnerability June-09 (Linux) File : nvt/secpod_mozilla_prdts_dos_vuln_jun09_lin.nasl |
| 2009-06-30 | Name : Mozilla Products DoS Vulnerability June-09 (Win) File : nvt/secpod_mozilla_prdts_dos_vuln_jun09_win.nasl |
| 2009-06-30 | Name : Ubuntu USN-782-1 (thunderbird) File : nvt/ubuntu_782_1.nasl |
| 2009-06-30 | Name : Ubuntu USN-792-1 (openssl) File : nvt/ubuntu_792_1.nasl |
| 2009-06-23 | Name : Debian Security Advisory DSA 1820-1 (xulrunner) File : nvt/deb_1820_1.nasl |
| 2009-06-23 | Name : Fedora Core 10 FEDORA-2009-6366 (firefox) File : nvt/fcore_2009_6366.nasl |
| 2009-06-23 | Name : Fedora Core 9 FEDORA-2009-6411 (firefox) File : nvt/fcore_2009_6411.nasl |
| 2009-06-23 | Name : Mandrake Security Advisory MDVSA-2009:134 (firefox) File : nvt/mdksa_2009_134.nasl |
| 2009-06-23 | Name : CentOS Security Advisory CESA-2009:1095 (firefox) File : nvt/ovcesa2009_1095.nasl |
| 2009-06-23 | Name : SuSE Security Advisory SUSE-SA:2009:034 (MozillaFirefox) File : nvt/suse_sa_2009_034.nasl |
| 2009-06-23 | Name : Ubuntu USN-779-1 (xulrunner-1.9) File : nvt/ubuntu_779_1.nasl |
| 2009-06-16 | Name : Mozilla Firefox Multiple Vulnerability Jun-09 (Linux) File : nvt/gb_firefox_mult_vuln_jun09_lin.nasl |
| 2009-06-16 | Name : Mozilla Firefox Multiple Vulnerability Jun-09 (Win) File : nvt/gb_firefox_mult_vuln_jun09_win.nasl |
| 2009-06-16 | Name : Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux) File : nvt/gb_seamonkey_mult_vuln_jun09_lin.nasl |
| 2009-06-16 | Name : Mozilla Seamonkey Multiple Vulnerability Jun-09 (Win) File : nvt/gb_seamonkey_mult_vuln_jun09_win.nasl |
| 2009-06-16 | Name : Mozilla Thunderbird Multiple Vulnerability Jun-09 (Linux) File : nvt/gb_thunderbird_mult_vuln_jun09_lin.nasl |
| 2009-06-16 | Name : Mozilla Thunderbird Multiple Vulnerability Jun-09 (Win) File : nvt/gb_thunderbird_mult_vuln_jun09_win.nasl |
| 2009-06-15 | Name : RedHat Security Advisory RHSA-2009:1095 File : nvt/RHSA_2009_1095.nasl |
| 2009-06-15 | Name : RedHat Security Advisory RHSA-2009:1096 File : nvt/RHSA_2009_1096.nasl |
| 2009-06-15 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox39.nasl |
| 2009-06-15 | Name : CentOS Security Advisory CESA-2009:1096 (seamonkey) File : nvt/ovcesa2009_1096.nasl |
| 2009-06-05 | Name : Mandrake Security Advisory MDVSA-2009:111 (firefox) File : nvt/mdksa_2009_111.nasl |
| 2009-06-05 | Name : Ubuntu USN-707-1 (cupsys) File : nvt/ubuntu_707_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-723-1 (git-core) File : nvt/ubuntu_723_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-761-2 (php5) File : nvt/ubuntu_761_2.nasl |
| 2009-06-05 | Name : Ubuntu USN-763-1 (xine-lib) File : nvt/ubuntu_763_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-764-1 (xulrunner-1.9) File : nvt/ubuntu_764_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-765-1 (xulrunner-1.9) File : nvt/ubuntu_765_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-766-1 (acpid) File : nvt/ubuntu_766_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-767-1 (freetype) File : nvt/ubuntu_767_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-771-1 (libmodplug) File : nvt/ubuntu_771_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-772-1 (mpfr) File : nvt/ubuntu_772_1.nasl |
| 2009-06-05 | Name : Ubuntu USN-773-1 (pango1.0) File : nvt/ubuntu_773_1.nasl |
| 2009-06-04 | Name : Mozilla Firefox 'keygen' HTML Tag DOS Vulnerability (Linux) File : nvt/gb_firefox_keygen_dos_vuln_lin.nasl |
| 2009-06-04 | Name : Mozilla Firefox 'keygen' HTML Tag DOS Vulnerability (Win) File : nvt/gb_firefox_keygen_dos_vuln_win.nasl |
| 2009-06-03 | Name : Solaris Update for Mozilla 1.7 125539-06 File : nvt/gb_solaris_125539_06.nasl |
| 2009-06-03 | Name : Solaris Update for Mozilla Firefox Web browser 125540-06 File : nvt/gb_solaris_125540_06.nasl |
| 2009-06-03 | Name : Solaris Update for Mozilla 1.7 125541-04 File : nvt/gb_solaris_125541_04.nasl |
| 2009-06-03 | Name : Solaris Update for Mozilla Thunderbird email client 125542-04 File : nvt/gb_solaris_125542_04.nasl |
| 2009-05-25 | Name : CentOS Security Advisory CESA-2009:0437 (seamonkey) File : nvt/ovcesa2009_0437.nasl |
| 2009-05-20 | Name : Mandrake Security Advisory MDVSA-2009:111-1 (firefox) File : nvt/mdksa_2009_111_1.nasl |
| 2009-05-20 | Name : CentOS Security Advisory CESA-2009:0258 (thunderbird) File : nvt/ovcesa2009_0258.nasl |
| 2009-05-20 | Name : SuSE Security Summary SUSE-SR:2009:010 File : nvt/suse_sr_2009_010.nasl |
| 2009-05-11 | Name : Debian Security Advisory DSA 1797-1 (xulrunner) File : nvt/deb_1797_1.nasl |
| 2009-05-07 | Name : Mozilla Firefox DoS Vulnerability May-09 (Linux) File : nvt/gb_firefox_dos_vuln_may09_lin.nasl |
| 2009-05-07 | Name : Mozilla Firefox DoS Vulnerability May-09 (Win) File : nvt/gb_firefox_dos_vuln_may09_win.nasl |
| 2009-05-05 | Name : RedHat Security Advisory RHSA-2009:0449 File : nvt/RHSA_2009_0449.nasl |
| 2009-05-05 | Name : Fedora Core 9 FEDORA-2009-4078 (xulrunner) File : nvt/fcore_2009_4078.nasl |
| 2009-05-05 | Name : Fedora Core 10 FEDORA-2009-4083 (epiphany) File : nvt/fcore_2009_4083.nasl |
| 2009-05-05 | Name : CentOS Security Advisory CESA-2009:0449 (firefox) File : nvt/ovcesa2009_0449.nasl |
| 2009-04-30 | Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_firefox_mult_vuln_apr09_lin.nasl |
| 2009-04-30 | Name : Mozilla Firefox Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_firefox_mult_vuln_apr09_win.nasl |
| 2009-04-30 | Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_seamonkey_mult_vuln_apr09_lin.nasl |
| 2009-04-30 | Name : Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_seamonkey_mult_vuln_apr09_win.nasl |
| 2009-04-30 | Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Linux) File : nvt/secpod_thunderbird_mult_vuln_apr09_lin.nasl |
| 2009-04-30 | Name : Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Win) File : nvt/secpod_thunderbird_mult_vuln_apr09_win.nasl |
| 2009-04-28 | Name : RedHat Security Advisory RHSA-2009:0436 File : nvt/RHSA_2009_0436.nasl |
| 2009-04-28 | Name : RedHat Security Advisory RHSA-2009:0437 File : nvt/RHSA_2009_0437.nasl |
| 2009-04-28 | Name : Fedora Core 9 FEDORA-2009-3875 (firefox) File : nvt/fcore_2009_3875.nasl |
| 2009-04-28 | Name : Fedora Core 10 FEDORA-2009-3893 (epiphany) File : nvt/fcore_2009_3893.nasl |
| 2009-04-28 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox38.nasl |
| 2009-04-28 | Name : CentOS Security Advisory CESA-2009:0436 (firefox) File : nvt/ovcesa2009_0436.nasl |
| 2009-04-28 | Name : CentOS Security Advisory CESA-2009:0437-02 (seamonkey) File : nvt/ovcesa2009_0437_02.nasl |
| 2009-04-20 | Name : SuSE Security Advisory SUSE-SA:2009:022 (MozillaFirefox) File : nvt/suse_sa_2009_022.nasl |
| 2009-04-20 | Name : SuSE Security Advisory SUSE-SA:2009:023 (MozillaFirefox) File : nvt/suse_sa_2009_023.nasl |
| 2009-04-15 | Name : CentOS Security Advisory CESA-2009:0397 (firefox) File : nvt/ovcesa2009_0397.nasl |
| 2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:205 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_205.nasl |
| 2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:206 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2008_206.nasl |
| 2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:228 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_228.nasl |
| 2009-04-09 | Name : Mandriva Update for firefox MDVSA-2008:230 (firefox) File : nvt/gb_mandriva_MDVSA_2008_230.nasl |
| 2009-04-09 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2008:235 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2008_235.nasl |
| 2009-04-09 | Name : Mandriva Update for mozilla-firefox MDVSA-2008:244 (mozilla-firefox) File : nvt/gb_mandriva_MDVSA_2008_244.nasl |
| 2009-04-09 | Name : Mandriva Update for firefox MDVSA-2008:245 (firefox) File : nvt/gb_mandriva_MDVSA_2008_245.nasl |
| 2009-04-08 | Name : Firefox XSL Parsing Vulnerability (Linux) File : nvt/gb_firefox_xsl_parsing_vuln_lin.nasl |
| 2009-04-08 | Name : Firefox XSL Parsing Vulnerability (Win) File : nvt/gb_firefox_xsl_parsing_vuln_win.nasl |
| 2009-04-08 | Name : Mozilla Seamonkey XSL Parsing Vulnerability (Linux) File : nvt/gb_seamonkey_xsl_parsing_vuln_lin.nasl |
| 2009-04-08 | Name : Mozilla Seamonkey XSL Parsing Vulnerability (Win) File : nvt/gb_seamonkey_xsl_parsing_vuln_win.nasl |
| 2009-04-06 | Name : RedHat Security Advisory RHSA-2009:0397 File : nvt/RHSA_2009_0397.nasl |
| 2009-04-06 | Name : RedHat Security Advisory RHSA-2009:0398 File : nvt/RHSA_2009_0398.nasl |
| 2009-04-06 | Name : Debian Security Advisory DSA 1756-1 (xulrunner) File : nvt/deb_1756_1.nasl |
| 2009-04-06 | Name : Fedora Core 9 FEDORA-2009-3099 (firefox) File : nvt/fcore_2009_3099.nasl |
| 2009-04-06 | Name : Fedora Core 10 FEDORA-2009-3100 (firefox) File : nvt/fcore_2009_3100.nasl |
| 2009-04-06 | Name : Fedora Core 9 FEDORA-2009-3101 (seamonkey) File : nvt/fcore_2009_3101.nasl |
| 2009-04-06 | Name : Fedora Core 10 FEDORA-2009-3161 (seamonkey) File : nvt/fcore_2009_3161.nasl |
| 2009-04-06 | Name : Mandrake Security Advisory MDVSA-2009:083 (mozilla-thunderbird) File : nvt/mdksa_2009_083.nasl |
| 2009-04-06 | Name : Mandrake Security Advisory MDVSA-2009:084 (firefox) File : nvt/mdksa_2009_084.nasl |
| 2009-04-06 | Name : CentOS Security Advisory CESA-2009:0398 (seamonkey) File : nvt/ovcesa2009_0398.nasl |
| 2009-04-06 | Name : CentOS Security Advisory CESA-2009:0398-01 (seamonkey) File : nvt/ovcesa2009_0398_01.nasl |
| 2009-04-06 | Name : Ubuntu USN-745-1 (xulrunner-1.9) File : nvt/ubuntu_745_1.nasl |
| 2009-04-06 | Name : Ubuntu USN-749-1 (libsndfile) File : nvt/ubuntu_749_1.nasl |
| 2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0258 File : nvt/RHSA_2009_0258.nasl |
| 2009-03-31 | Name : Fedora Core 10 FEDORA-2009-2882 (thunderbird) File : nvt/fcore_2009_2882.nasl |
| 2009-03-31 | Name : Fedora Core 9 FEDORA-2009-2884 (thunderbird) File : nvt/fcore_2009_2884.nasl |
| 2009-03-31 | Name : Ubuntu USN-741-1 (thunderbird) File : nvt/ubuntu_741_1.nasl |
| 2009-03-31 | Name : Ubuntu USN-742-1 (jasper) File : nvt/ubuntu_742_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-645-1 File : nvt/gb_ubuntu_USN_645_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-645-2 File : nvt/gb_ubuntu_USN_645_2.nasl |
| 2009-03-23 | Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-645-3 File : nvt/gb_ubuntu_USN_645_3.nasl |
| 2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-647-1 File : nvt/gb_ubuntu_USN_647_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-667-1 File : nvt/gb_ubuntu_USN_667_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for mozilla-thunderbird, thunderbird vulnerabilities USN-668-1 File : nvt/gb_ubuntu_USN_668_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for firefox-3.0, xulrunner-1.9 vulnerabilities USN-690-1 File : nvt/gb_ubuntu_USN_690_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-690-2 File : nvt/gb_ubuntu_USN_690_2.nasl |
| 2009-03-23 | Name : Ubuntu Update for firefox vulnerabilities USN-690-3 File : nvt/gb_ubuntu_USN_690_3.nasl |
| 2009-03-20 | Name : Mandrake Security Advisory MDVSA-2009:075 (firefox) File : nvt/mdksa_2009_075.nasl |
| 2009-03-20 | Name : SuSE Security Advisory SUSE-SA:2009:012 (MozillaFirefox) File : nvt/suse_sa_2009_012.nasl |
| 2009-03-13 | Name : Fedora Core 9 FEDORA-2009-2421 (firefox) File : nvt/fcore_2009_2421.nasl |
| 2009-03-13 | Name : Fedora Core 10 FEDORA-2009-2422 (firefox) File : nvt/fcore_2009_2422.nasl |
| 2009-03-13 | Name : CentOS Security Advisory CESA-2009:0315 (firefox) File : nvt/ovcesa2009_0315.nasl |
| 2009-03-13 | Name : CentOS Security Advisory CESA-2009:0325-01 (seamonkey) File : nvt/ovcesa2009_0325_01.nasl |
| 2009-03-10 | Name : Mozilla Firefox Multiple Vulnerabilities Mar-09 (Linux) File : nvt/gb_firefox_mult_vuln_mar09_lin.nasl |
| 2009-03-10 | Name : Mozilla Firefox Multiple Vulnerabilities Mar-09 (Win) File : nvt/gb_firefox_mult_vuln_mar09_win.nasl |
| 2009-03-10 | Name : Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Linux) File : nvt/gb_seamonkey_mult_vuln_mar09_lin.nasl |
| 2009-03-10 | Name : Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Win) File : nvt/gb_seamonkey_mult_vuln_mar09_win.nasl |
| 2009-03-10 | Name : Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Linux) File : nvt/gb_thunderbird_mult_vuln_mar09_lin.nasl |
| 2009-03-10 | Name : Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Win) File : nvt/gb_thunderbird_mult_vuln_mar09_win.nasl |
| 2009-03-07 | Name : RedHat Security Advisory RHSA-2009:0315 File : nvt/RHSA_2009_0315.nasl |
| 2009-03-07 | Name : RedHat Security Advisory RHSA-2009:0325 File : nvt/RHSA_2009_0325.nasl |
| 2009-03-07 | Name : CentOS Security Advisory CESA-2009:0325 (seamonkey) File : nvt/ovcesa2009_0325.nasl |
| 2009-03-07 | Name : Ubuntu USN-726-1 (curl) File : nvt/ubuntu_726_1.nasl |
| 2009-03-07 | Name : Ubuntu USN-726-2 (curl) File : nvt/ubuntu_726_2.nasl |
| 2009-03-07 | Name : Ubuntu USN-727-1 (network-manager-applet) File : nvt/ubuntu_727_1.nasl |
| 2009-03-07 | Name : Ubuntu USN-727-2 (network-manager) File : nvt/ubuntu_727_2.nasl |
| 2009-03-07 | Name : Ubuntu USN-728-1 (xulrunner-1.9) File : nvt/ubuntu_728_1.nasl |
| 2009-03-07 | Name : Ubuntu USN-728-2 (firefox) File : nvt/ubuntu_728_2.nasl |
| 2009-03-07 | Name : Ubuntu USN-728-3 (firefox) File : nvt/ubuntu_728_3.nasl |
| 2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0879-01 File : nvt/gb_RHSA-2008_0879-01_firefox.nasl |
| 2009-03-06 | Name : RedHat Update for seamonkey RHSA-2008:0882-01 File : nvt/gb_RHSA-2008_0882-01_seamonkey.nasl |
| 2009-03-06 | Name : RedHat Update for thunderbird RHSA-2008:0908-01 File : nvt/gb_RHSA-2008_0908-01_thunderbird.nasl |
| 2009-03-06 | Name : RedHat Update for thunderbird RHSA-2008:0976-01 File : nvt/gb_RHSA-2008_0976-01_thunderbird.nasl |
| 2009-03-06 | Name : RedHat Update for seamonkey RHSA-2008:0977-01 File : nvt/gb_RHSA-2008_0977-01_seamonkey.nasl |
| 2009-03-06 | Name : RedHat Update for firefox RHSA-2008:0978-01 File : nvt/gb_RHSA-2008_0978-01_firefox.nasl |
| 2009-03-06 | Name : RedHat Update for firefox RHSA-2008:1036-01 File : nvt/gb_RHSA-2008_1036-01_firefox.nasl |
| 2009-03-06 | Name : RedHat Update for seamonkey RHSA-2008:1037-01 File : nvt/gb_RHSA-2008_1037-01_seamonkey.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0882-01 centos2 i386 File : nvt/gb_CESA-2008_0882-01_seamonkey_centos2_i386.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0882 centos3 i386 File : nvt/gb_CESA-2008_0882_seamonkey_centos3_i386.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0882 centos3 x86_64 File : nvt/gb_CESA-2008_0882_seamonkey_centos3_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0908 centos4 i386 File : nvt/gb_CESA-2008_0908_thunderbird_centos4_i386.nasl |
| 2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0908 centos4 x86_64 File : nvt/gb_CESA-2008_0908_thunderbird_centos4_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0976 centos4 i386 File : nvt/gb_CESA-2008_0976_thunderbird_centos4_i386.nasl |
| 2009-02-27 | Name : CentOS Update for thunderbird CESA-2008:0976 centos4 x86_64 File : nvt/gb_CESA-2008_0976_thunderbird_centos4_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0977-01 centos2 i386 File : nvt/gb_CESA-2008_0977-01_seamonkey_centos2_i386.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0977 centos3 i386 File : nvt/gb_CESA-2008_0977_seamonkey_centos3_i386.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0977 centos3 x86_64 File : nvt/gb_CESA-2008_0977_seamonkey_centos3_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0977 centos4 i386 File : nvt/gb_CESA-2008_0977_seamonkey_centos4_i386.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:0977 centos4 x86_64 File : nvt/gb_CESA-2008_0977_seamonkey_centos4_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for firefox CESA-2008:0978 centos4 i386 File : nvt/gb_CESA-2008_0978_firefox_centos4_i386.nasl |
| 2009-02-27 | Name : CentOS Update for firefox CESA-2008:0978 centos4 x86_64 File : nvt/gb_CESA-2008_0978_firefox_centos4_x86_64.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:1037-01 centos2 i386 File : nvt/gb_CESA-2008_1037-01_seamonkey_centos2_i386.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:1037 centos3 i386 File : nvt/gb_CESA-2008_1037_seamonkey_centos3_i386.nasl |
| 2009-02-27 | Name : CentOS Update for seamonkey CESA-2008:1037 centos3 x86_64 File : nvt/gb_CESA-2008_1037_seamonkey_centos3_x86_64.nasl |
| 2009-02-26 | Name : Firefox URL Spoofing And Phising Vulnerability (Linux) File : nvt/secpod_firefox_url_spoof_vuln_lin.nasl |
| 2009-02-26 | Name : Firefox URL Spoofing And Phising Vulnerability (Win) File : nvt/secpod_firefox_url_spoof_vuln_win.nasl |
| 2009-02-23 | Name : Mandrake Security Advisory MDVSA-2009:044 (firefox) File : nvt/mdksa_2009_044.nasl |
| 2009-02-20 | Name : Mozilla Firefox Multiple Vulnerabilities Feb-09 (Linux) File : nvt/secpod_firefox_mult_vuln_feb09_lin.nasl |
| 2009-02-20 | Name : Mozilla Firefox Multiple Vulnerabilities Feb-09 (Win) File : nvt/secpod_firefox_mult_vuln_feb09_win.nasl |
| 2009-02-20 | Name : Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Linux) File : nvt/secpod_seamonkey_mult_vuln_feb09_lin.nasl |
| 2009-02-20 | Name : Mozilla Seamonkey Multiple Vulnerabilities Feb-09 (Win) File : nvt/secpod_seamonkey_mult_vuln_feb09_win.nasl |
| 2009-02-20 | Name : Mozilla Thunderbird Multiple Vulnerabilities Feb-09 (Linux) File : nvt/secpod_thunderbird_mult_vuln_feb09_lin.nasl |
| 2009-02-20 | Name : Mozilla Thunderbird Multiple Vulnerabilities Feb-09 (Win) File : nvt/secpod_thunderbird_mult_vuln_feb09_win.nasl |
| 2009-02-18 | Name : SuSE Security Advisory SUSE-SA:2009:009 (MozillaFirefox) File : nvt/suse_sa_2009_009.nasl |
| 2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_Miro_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for blam FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_blam_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for cairo-dock FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_cairo-dock_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_chmsee_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_devhelp_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_epiphany-extensions_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_epiphany_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for evolution-rss FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_evolution-rss_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_firefox_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_galeon_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_gnome-python2-extras_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-web-photo FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_gnome-web-photo_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_gtkmozembedmm_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_kazehakase_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for liferea FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_liferea_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for openvrml FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_openvrml_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_ruby-gnome2_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-8399 File : nvt/gb_fedora_2008_8399_yelp_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-8401 File : nvt/gb_fedora_2008_8401_seamonkey_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_Miro_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for blam FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_blam_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for cairo-dock FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_cairo-dock_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_chmsee_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_devhelp_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_epiphany-extensions_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_epiphany_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for evolution-rss FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_evolution-rss_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_firefox_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_galeon_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_gnome-python2-extras_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-web-photo FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_gnome-web-photo_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for google-gadgets FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_google-gadgets_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_gtkmozembedmm_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_kazehakase_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for mozvoikko FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_mozvoikko_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for mugshot FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_mugshot_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_ruby-gnome2_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for totem FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_totem_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for xulrunner FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_xulrunner_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-8425 File : nvt/gb_fedora_2008_8425_yelp_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-8429 File : nvt/gb_fedora_2008_8429_seamonkey_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_Miro_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for blam FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_blam_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for cairo-dock FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_cairo-dock_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_chmsee_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_devhelp_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_epiphany-extensions_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_epiphany_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for evolution-rss FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_evolution-rss_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_firefox_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_galeon_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_gnome-python2-extras_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-web-photo FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_gnome-web-photo_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_kazehakase_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for liferea FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_liferea_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for openvrml FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_openvrml_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_ruby-gnome2_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_seamonkey_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-9667 File : nvt/gb_fedora_2008_9667_yelp_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for Miro FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_Miro_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for cairo-dock FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_cairo-dock_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for chmsee FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_chmsee_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for devhelp FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_devhelp_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany-extensions FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_epiphany-extensions_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for epiphany FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_epiphany_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for evolution-rss FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_evolution-rss_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for firefox FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_firefox_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for galeon FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_galeon_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_gnome-python2-extras_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for gnome-web-photo FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_gnome-web-photo_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for google-gadgets FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_google-gadgets_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_gtkmozembedmm_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for kazehakase FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_kazehakase_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for mozvoikko FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_mozvoikko_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for mugshot FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_mugshot_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_ruby-gnome2_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for seamonkey FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_seamonkey_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for totem FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_totem_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for xulrunner FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_xulrunner_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for yelp FEDORA-2008-9669 File : nvt/gb_fedora_2008_9669_yelp_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-9807 File : nvt/gb_fedora_2008_9807_thunderbird_fc8.nasl |
| 2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-9859 File : nvt/gb_fedora_2008_9859_thunderbird_fc9.nasl |
| 2009-02-17 | Name : Fedora Update for thunderbird FEDORA-2008-9901 File : nvt/gb_fedora_2008_9901_thunderbird_fc10.nasl |
| 2009-02-13 | Name : Fedora Core 10 FEDORA-2009-1398 (xulrunner) File : nvt/fcore_2009_1398.nasl |
| 2009-02-13 | Name : Fedora Core 9 FEDORA-2009-1399 (xulrunner) File : nvt/fcore_2009_1399.nasl |
| 2009-02-13 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox37.nasl |
| 2009-02-13 | Name : Fedora Update for seamonkey FEDORA-2008-11490 File : nvt/gb_fedora_2008_11490_seamonkey_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for Miro FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_Miro_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for blam FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_blam_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for devhelp FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_devhelp_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for epiphany-extensions FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_epiphany-extensions_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for epiphany FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_epiphany_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for evolution-rss FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_evolution-rss_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for firefox FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_firefox_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for galeon FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_galeon_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for gecko-sharp2 FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_gecko-sharp2_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_gnome-python2-extras_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for gnome-web-photo FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_gnome-web-photo_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for google-gadgets FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_google-gadgets_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for kazehakase FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_kazehakase_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for mozvoikko FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_mozvoikko_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for mugshot FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_mugshot_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for pcmanx-gtk2 FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_pcmanx-gtk2_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_ruby-gnome2_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for xulrunner FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_xulrunner_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for yelp FEDORA-2008-11511 File : nvt/gb_fedora_2008_11511_yelp_fc10.nasl |
| 2009-02-13 | Name : Fedora Update for seamonkey FEDORA-2008-11534 File : nvt/gb_fedora_2008_11534_seamonkey_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for Miro FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_Miro_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for blam FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_blam_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for cairo-dock FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_cairo-dock_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for chmsee FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_chmsee_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for devhelp FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_devhelp_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for epiphany-extensions FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_epiphany-extensions_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for epiphany FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_epiphany_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for evolution-rss FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_evolution-rss_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for firefox FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_firefox_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for galeon FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_galeon_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_gnome-python2-extras_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for gnome-web-photo FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_gnome-web-photo_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for kazehakase FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_kazehakase_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for liferea FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_liferea_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for openvrml FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_openvrml_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_ruby-gnome2_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for yelp FEDORA-2008-11551 File : nvt/gb_fedora_2008_11551_yelp_fc8.nasl |
| 2009-02-13 | Name : Fedora Update for seamonkey FEDORA-2008-11586 File : nvt/gb_fedora_2008_11586_seamonkey_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for Miro FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_Miro_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for blam FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_blam_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for cairo-dock FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_cairo-dock_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for chmsee FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_chmsee_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for devhelp FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_devhelp_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for epiphany-extensions FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_epiphany-extensions_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for epiphany FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_epiphany_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for evolution-rss FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_evolution-rss_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for firefox FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_firefox_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for galeon FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_galeon_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for gnome-python2-extras FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_gnome-python2-extras_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for gnome-web-photo FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_gnome-web-photo_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for google-gadgets FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_google-gadgets_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for gtkmozembedmm FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_gtkmozembedmm_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for kazehakase FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_kazehakase_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for mozvoikko FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_mozvoikko_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for mugshot FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_mugshot_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for ruby-gnome2 FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_ruby-gnome2_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for totem FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_totem_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for xulrunner FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_xulrunner_fc9.nasl |
| 2009-02-13 | Name : Fedora Update for yelp FEDORA-2008-11598 File : nvt/gb_fedora_2008_11598_yelp_fc9.nasl |
| 2009-02-13 | Name : Ubuntu USN-717-1 (xulrunner-1.9) File : nvt/ubuntu_717_1.nasl |
| 2009-02-13 | Name : Ubuntu USN-717-2 (firefox-3.0) File : nvt/ubuntu_717_2.nasl |
| 2009-02-13 | Name : Ubuntu USN-717-3 (firefox) File : nvt/ubuntu_717_3.nasl |
| 2009-02-10 | Name : RedHat Security Advisory RHSA-2009:0256 File : nvt/RHSA_2009_0256.nasl |
| 2009-02-10 | Name : RedHat Security Advisory RHSA-2009:0257 File : nvt/RHSA_2009_0257.nasl |
| 2009-02-10 | Name : CentOS Security Advisory CESA-2009:0256 (firefox) File : nvt/ovcesa2009_0256.nasl |
| 2009-02-10 | Name : CentOS Security Advisory CESA-2009:0257 (seamonkey) File : nvt/ovcesa2009_0257.nasl |
| 2009-02-10 | Name : CentOS Security Advisory CESA-2009:0257-01 (seamonkey) File : nvt/ovcesa2009_0257_01.nasl |
| 2009-01-28 | Name : Firefox Information Disclosure Vulnerability Jan09 (Win) File : nvt/secpod_firefox_js_info_disc_vuln_win.nasl |
| 2009-01-23 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey,mozilla SUSE-SA:... File : nvt/gb_suse_2008_050.nasl |
| 2009-01-23 | Name : SuSE Update for MozillaFirefox,MozillaThunderbird,seamonkey SUSE-SA:2008:055 File : nvt/gb_suse_2008_055.nasl |
| 2009-01-23 | Name : SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2008:058 File : nvt/gb_suse_2008_058.nasl |
| 2009-01-20 | Name : Debian Security Advisory DSA 1704-1 (xulrunner) File : nvt/deb_1704_1.nasl |
| 2009-01-20 | Name : Debian Security Advisory DSA 1707-1 (iceweasel) File : nvt/deb_1707_1.nasl |
| 2009-01-20 | Name : Mandrake Security Advisory MDVSA-2009:012 (mozilla-thunderbird) File : nvt/mdksa_2009_012.nasl |
| 2009-01-20 | Name : SuSE Security Advisory SUSE-SA:2009:002 (MozillaFirefox,MozillaThunderbird,mo... File : nvt/suse_sa_2009_002.nasl |
| 2009-01-20 | Name : Ubuntu USN-708-1 (hplip) File : nvt/ubuntu_708_1.nasl |
| 2009-01-13 | Name : Debian Security Advisory DSA 1696-1 (icedove) File : nvt/deb_1696_1.nasl |
| 2009-01-13 | Name : Debian Security Advisory DSA 1697-1 (iceape) File : nvt/deb_1697_1.nasl |
| 2009-01-13 | Name : Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Linux File : nvt/gb_firefox_null_ptr_dos_vuln_lin.nasl |
| 2009-01-13 | Name : Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Win File : nvt/gb_firefox_null_ptr_dos_vuln_win.nasl |
| 2009-01-13 | Name : CentOS Security Advisory CESA-2009:0002 (thunderbird) File : nvt/ovcesa2009_0002.nasl |
| 2009-01-13 | Name : Ubuntu USN-701-1 (thunderbird) File : nvt/ubuntu_701_1.nasl |
| 2009-01-13 | Name : Ubuntu USN-701-2 (mozilla-thunderbird) File : nvt/ubuntu_701_2.nasl |
| 2009-01-09 | Name : Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Linux File : nvt/gb_firefox_mem_leak_dos_vuln_lin.nasl |
| 2009-01-09 | Name : Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Win File : nvt/gb_firefox_mem_leak_dos_vuln_win.nasl |
| 2009-01-07 | Name : RedHat Security Advisory RHSA-2009:0002 File : nvt/RHSA_2009_0002.nasl |
| 2008-12-23 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox36.nasl |
| 2008-12-23 | Name : Mozilla Firefox Multiple Vulnerabilities December-08 (Linux) File : nvt/gb_firefox_mult_vuln_dec08_lin.nasl |
| 2008-12-23 | Name : Mozilla Firefox Multiple Vulnerabilities December-08 (Win) File : nvt/gb_firefox_mult_vuln_dec08_win.nasl |
| 2008-12-23 | Name : Mozilla Seamonkey Multiple Vulnerabilities December-08 (Linux) File : nvt/gb_seamonkey_mult_vuln_dec08_lin.nasl |
| 2008-12-23 | Name : Mozilla Seamonkey Multiple Vulnerabilities December-08 (Win) File : nvt/gb_seamonkey_mult_vuln_dec08_win.nasl |
| 2008-12-23 | Name : Mozilla Thunderbird Multiple Vulnerabilities December-08 (Linux) File : nvt/gb_thunderbird_mult_vuln_dec08_lin.nasl |
| 2008-12-23 | Name : Mozilla Thunderbird Multiple Vulnerabilities December-08 (Win) File : nvt/gb_thunderbird_mult_vuln_dec08_win.nasl |
| 2008-12-03 | Name : Debian Security Advisory DSA 1671-1 (iceweasel) File : nvt/deb_1671_1.nasl |
| 2008-11-24 | Name : Debian Security Advisory DSA 1669-1 (xulrunner) File : nvt/deb_1669_1.nasl |
| 2008-11-21 | Name : Mozilla Firefox Multiple Vulnerabilities November-08 (Linux) File : nvt/gb_firefox_mult_vuln_nov08_lin.nasl |
| 2008-11-21 | Name : Mozilla Firefox Multiple Vulnerabilities November-08 (Win) File : nvt/gb_firefox_mult_vuln_nov08_win.nasl |
| 2008-11-21 | Name : Mozilla Seamonkey Multiple Vulnerabilities November-08 (Linux) File : nvt/gb_seamonkey_mult_vuln_nov08_lin.nasl |
| 2008-11-21 | Name : Mozilla Seamonkey Multiple Vulnerabilities November-08 (Win) File : nvt/gb_seamonkey_mult_vuln_nov08_win.nasl |
| 2008-11-21 | Name : Mozilla Thunderbird Multiple Vulnerabilities November-08 (Linux) File : nvt/gb_thunderbird_mult_vuln_nov08_lin.nasl |
| 2008-11-21 | Name : Mozilla Thunderbird Multiple Vulnerabilities November-08 (Win) File : nvt/gb_thunderbird_mult_vuln_nov08_win.nasl |
| 2008-11-19 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox35.nasl |
| 2008-11-01 | Name : Debian Security Advisory DSA 1649-1 (iceweasel) File : nvt/deb_1649_1.nasl |
| 2008-10-17 | Name : Firefox .url Shortcut File Information Disclosure Vulnerability File : nvt/gb_firefox_url_file_info_dis_vuln.nasl |
| 2008-09-24 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox34.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2008-269-01 mozilla-firefox File : nvt/esoft_slk_ssa_2008_269_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2008-269-02 seamonkey File : nvt/esoft_slk_ssa_2008_269_02.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2008-270-01 mozilla-thunderbird File : nvt/esoft_slk_ssa_2008_270_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-083-02 seamonkey File : nvt/esoft_slk_ssa_2009_083_02.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-083-03 mozilla-thunderbird File : nvt/esoft_slk_ssa_2009_083_03.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-118-01 mozilla-firefox File : nvt/esoft_slk_ssa_2009_118_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-167-01 mozilla-firefox File : nvt/esoft_slk_ssa_2009_167_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-176-01 seamonkey File : nvt/esoft_slk_ssa_2009_176_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-178-01 mozilla-thunderbird File : nvt/esoft_slk_ssa_2009_178_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2009-320-01 openssl File : nvt/esoft_slk_ssa_2009_320_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2010-067-01 httpd File : nvt/esoft_slk_ssa_2010_067_01.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2010-180-01 libpng File : nvt/esoft_slk_ssa_2010_180_01.nasl |
| 0000-00-00 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox60.nasl |
| 0000-00-00 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox61.nasl |
| 0000-00-00 | Name : FreeBSD Ports: opera, linux-opera File : nvt/freebsd_opera25.nasl |
| 0000-00-00 | Name : Java for Mac OS X 10.6 Update 6 And 10.7 Update 1 File : nvt/secpod_macosx_java_10_6_upd_6_and_10_7_upd_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 77956 | Mozilla Multiple Product Large OGG <video> Element Handling Remote DoS |
| 77954 | Mozilla Multiple Product SVG Animation accessKey Event Handling Disabled Java... |
| 77953 | Mozilla Multiple Product DOMAttrModified SVG Element Handling Out-of-bounds M... |
| 77952 | Mozilla Multiple Product Multiple Unspecified Remote Memory Corruption |
| 77951 | Mozilla Multiple Product YARR Regular Expression Library Javascript Parsing R... |
| 77832 | Parallels Plesk Panel Billing System TLS Renegotiation Handshakes MiTM Plaint... |
| 77609 | Mozilla Multiple Product CSS Token Sequence Parsing Timing Attack Remote Info... |
| 77539 | Mozilla Firefox Cache Objects IFRAME Handling Browsing History Disclosure |
| 76955 | Mozilla Multiple Product NoWaiverWrappers Internal Privilege Check Weakness R... |
| 76954 | Mozilla Multiple Product WebGL GPU Memory Random Image Disclosure |
| 76953 | Mozilla Multiple Product Windows D2D Hardware Acceleration Same Origin Policy... |
| 76952 | Mozilla Multiple Product Firebug JavaScript File Profiling Remote Memory Corr... |
| 76951 | Mozilla Multiple Product Multiple Unspecified Remote Memory Corruption (2011-... |
| 76950 | Mozilla Multiple Product Unchecked Allocation Failure Remote Memory Corruption |
| 76949 | Mozilla Multiple Product SVG <mpath> Non-SVG Link Remote Memory Corruption |
| 76948 | Mozilla Multiple Product Shift-JIS XSS |
| 76947 | Mozilla Multiple Product JSSubScriptLoader loadSubScript Method XPCNativeWrap... |
| 76858 | Mozilla Network Security Services (NSS) Trojaned pkcs11.txt File Local Privil... |
| 75847 | Mozilla Multiple Product Multiple Tab Handling Keystroke Disclosure |
| 75846 | Mozilla Multiple Product Use-after-free OGG File Handling Remote Code Execution |
| 75845 | Mozilla Multiple Product loadSubScript Method XPCNativeWrappers Unwrapping Re... |
| 75844 | Mozilla Multiple Product YARR Unspecified Memory Corruption |
| 75843 | Mozilla Multiple Product WebGL Test Case Unspecified Out-of-bounds Write Memo... |
| 75842 | Mozilla Multiple Product WebGL ANGLE GrowAtomTable() Function Overflow |
| 75841 | Mozilla Multiple Product Enter Key Download Dialog Verification Bypass |
| 75840 | Mozilla Multiple Product PLUGINSPAGE Enter Key Addon Installation Verificatio... |
| 75839 | Mozilla Multiple Product Multiple Header Handling HTTP Response Splitting Wea... |
| 75838 | Mozilla Multiple Product window.location Named Frame Creation Same Origin Pol... |
| 75837 | Mozilla Firefox Regular Expression Unspecified Underflow |
| 75836 | Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2997) |
| 75835 | Mozilla Multiple Product Plugin API Unspecified Remote DoS |
| 75834 | Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2995) |
| 75622 | Blue Coat Director TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 75031 | Apple Safari libxslt functions.c xsltGenerateIdFunction Heap Memory Address I... Apple Safari contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when an error occurs in the xsltGenerateIdFunction function in functions.c in libxslt, which will disclose heap memory address information to a context-dependent attacker using an XML document which calls the XSLT generate-id XPath function. |
| 74829 | SSL Chained Initialization Vector CBC Mode MiTM Weakness |
| 74596 | Mozilla Multiple Products JAR Digital Signature Same Origin Policy Bypass Pri... Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an attacker uses malicious JavaScript, hosted on a crafted website, to call code within a signed JAR file that was cached from a trusted site. The malicious JavaScript then inherits the privileges of the JAR file and an elevation of privileges occurs, allowing a remote attacker to inherit the trust of the site hosting the JAR file and gain privileges granted to it by the user. |
| 74594 | Mozilla Multiple Products JavaScript Unspecified DoS Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw that may allow a remote denial of service. The issue is triggered when specially crafted JavaScript is processed by the browser. A memory corruption and application crash occurs which will result in loss of availability for the browser. |
| 74593 | Mozilla Multiple Products Content Security Policy (CSP) Violation Report Prox... |
| 74592 | Mozilla Multiple Products WebGL Unspecified DoS |
| 74591 | Mozilla Multiple Products WebGL Shader Compiler ShaderSource Method Overflow |
| 74590 | Mozilla Multiple Products WebGL Almost Native Graphics Layer Engine (ANGLE) S... |
| 74589 | Mozilla Multiple Products D2D API Same Origin Policy Bypass Image Data Disclo... |
| 74588 | Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2985) Multiple memory corruption flaws exist in multiple Mozilla products. The programs fail to sanitize unspecified user-supplied input, resulting in memory corruption. This may allow a context-dependent attacker to execute arbitrary code. |
| 74587 | Mozilla Multiple Products Tab Element Dropping Weakness Remote Code Execution |
| 74586 | Mozilla Multiple Products RegExp.input Property Same Origin Policy Bypass Inf... |
| 74585 | Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2982) Multiple memory corruption flaws exist in multiple Mozilla products. The programs fail to sanitize unspecified user-supplied input, resulting in memory corruption. This may allow a context-dependent attacker to execute arbitrary code. |
| 74584 | Mozilla Multiple Products Event-Management Same Origin Policy Bypass Remote C... |
| 74583 | Mozilla Multiple Products ThinkPadSensor::Startup() Function Path Subversion ... Multiple Mozilla products are prone to a flaw in the way they load dynamic-link libraries (DLL). The programs use a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an HTML file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. |
| 74582 | Mozilla Multiple Products .appendChild() Function DOM Object Handling Remote ... |
| 74581 | Mozilla Multiple Products SVGTextElement.getCharNumAtPosition() Function SVG ... |
| 74378 | Mozilla Firefox X.509 Certificate Validation Single-session Security Exceptio... |
| 74335 | Hitachi Web Server TLS Renegotiation Handshakes MiTM Plaintext Data Injection Hitachi Web Server contains a flaw related to the SSL protocol failing to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack. |
| 74319 | Mozilla Multiple Products netwerk/cookie/nsCookieService.cpp nsCookieService:... |
| 73193 | Mozilla Multiple Products Non-whitelisted Site Install Dialog Triggering Weak... |
| 73192 | Mozilla Multiple Products HTML-encoded Entities SVG Elements XSS |
| 73188 | Mozilla Multiple Products Trailing Dot Cookie Cross-domain Information Disclo... |
| 73187 | Mozilla Multiple Products nsXULCommandDispatcher.cpp Use-after-free Remote Co... |
| 73186 | Mozilla Multiple Products nsSVGPointList::AppendElement() Use-after-free Remo... |
| 73185 | Mozilla Multiple Products nsSVGPathSegList::ReplaceItem() Use-after-free Remo... |
| 73184 | Mozilla Multiple Products Array.reduceRight() Method Overflow |
| 73183 | Mozilla Multiple Products multipart/x-mixed-replace Image Handling Memory Cor... |
| 73182 | Mozilla Multiple Products XUL Document Handling Use-after-free Arbitrary Code... |
| 73181 | Mozilla Multiple Products Unspecified DoS (2011-2365) |
| 73180 | Mozilla Multiple Products Unspecified DoS (2011-2364) |
| 73179 | Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2376) |
| 73178 | Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2375) |
| 73177 | Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2374) |
| 72490 | Google Chrome libxslt functions.c xsltGenerateIdFunction Heap Memory Address ... Google Chrome contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when an error occurs in the xsltGenerateIdFunction function in functions.c in libxslt, which will disclose heap memory address information to a context-dependent attacker using an XML document which calls the XSLT generate-id XPath function. |
| 72475 | Google Chrome Cross-Origin Error Message Leak Same Origin Policy Bypass Google Chrome contains a flaw related to the leaking of cross-origin error messages which may allow a remote attacker to bypass the same origin policy. |
| 72467 | Mozilla Multiple Products Plugin Request 307 Redirect Response CSRF Mozilla Firefox and SeaMonkey contain a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application sends a 307 redirect response to plugin-initiated requests, and forwards custom headers to the new location without properly sanitizing them. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification. |
| 72466 | Mozilla Multiple Products JPEG Image Decoding Overflow Mozilla Firefox and Thunderbird are prone to an overflow condition. The programs fail to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted JPEG file, a context-dependent attacker can potentially execute arbitrary code. |
| 72465 | Mozilla Multiple Products ParanoidFragmentSink nsIScriptableUnescapeHTML.pars... Mozilla Firefox, SeaMonkey and Thunderbird contains a flaw related to the nsIScriptableUnescapeHTML.parseFragment method in ParanoidFragmentSink failing to properly sanitize HTML in chrome documents. This may allow a context-dependent attacker to execute arbitrary JavaScript code using a crafted javascript: URI. |
| 72461 | Mozilla Multiple Products Layout Objects Long Text Run Overflow Mozilla Firefox and SeaMonkey are prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted overly long string, a context-dependent attacker can potentially execute arbitrary code. |
| 72460 | Mozilla Multiple Products Web Workers Garbage Collection Use-after-free Remot... Mozilla Firefox and SeaMonkey contain a flaw related to the Web Workers implementation. The issue is triggered when a context-dependent attacker calls a deleted reference which is freed during garbage collection. This may allow an attacker to execute arbitrary code. |
| 72459 | Mozilla Multiple Products Baseline JavaScript Internal String Mapping Atom Ma... Mozilla Firefox and SeaMonkey is prone to an overflow condition. The JavaScript engine fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted string value greater than 64k, a context-dependent attacker can potentially execute arbitrary code. |
| 72458 | Mozilla Multiple Products Non-Local JavaScript Internal Memory Mapping Overflow Mozilla Firefox and SeaMonkey are prone to an overflow condition. The JavaScript engine fails to properly sanitize user-supplied input resulting in a buffer overflow. Through vectors related to the internal memory mapping of non-local JavaScript variables, a context-dependent attacker can potentially execute arbitrary code. |
| 72457 | Mozilla Multiple Products js3250.dll JSON.stringify() Method js_HasOwnPropert... Mozilla Firefox and SeaMonkey contain a flaw related to the js3250.dll library encountering an error when processing the 'JSON.stringify()' method. The issue is triggered when a context-dependent attacker uses an invalid pointer in a call to the 'js_HasOwnProperty()' function to dereference an invalid pointer. This may allow an attacker to execute arbitrary code. |
| 72456 | Mozilla Multiple Products try/catch Statement eval() Recursive Call Handling ... Mozilla Firefox contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error when handling recursive calls to 'eval()' occurs within a 'try/catch' statement, allowing a remote attacker to force a user to accept dialogs and gain elevated privileges. |
| 72454 | Mozilla Multiple Products JSObject::dropProperty Memory Corruption A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when an assertion failure relating to JSObject::dropProperty occurs, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause a denial of service or potentially have other unspecified impact. |
| 72449 | Mozilla Multiple Products jstracer.cpp TraceRecorder::box_jsval() Function Me... A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The TraceRecorder::box_jsval() function in jstracer.cpp fails to sanitize user-supplied input, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code. |
| 72448 | Mozilla Multiple Products nsUTF8ToUnicode Buffer Overrun Memory Corruption A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when nsUTF8ToUnicode::Convert writes beyond the end of a buffer when outputting a surrogate pair, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code. |
| 72447 | Mozilla Multiple Products nsEUCJPToUnicodeV2::Convert Buffer Writing Memory C... A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input the destination pointer in nsJapaneseToUnicode.cpp is incremented on line 367 and then written again on line 371, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause a denial of service or possibly have other unspecified impact. |
| 72446 | Mozilla Multiple Products AddRef() nsNPAPIPluginInstance::mOwner Deleted Obje... A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when attempting to AddRef() a deleted nsNPAPIPluginInstance::mOwner object, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause a denial of service or potentially have other unspecified impact. |
| 72445 | Mozilla Multiple Products js/src/xpconnect/src/xpcwrappednative.cpp Incorrect... A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when an incorrect scope is passed in js/src/xpconnect/src/xpcwrappednative.cpp, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code. |
| 72444 | Mozilla Multiple Products nsSHTransaction::GetPrev Memory Corruption DoS A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when nsSHTransaction::GetPrev is called, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause a denial of service or potentially have other unspecified impact. |
| 72443 | Mozilla Multiple Products Valgrind Testcase Invalid Read / Write Memory Corru... A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when an invalid read /write error occurs when testcase is run in valgrind, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code. |
| 72442 | Mozilla Multiple Products abs.pos. Continuations Style Context Memory Corruption A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when an assertion occurs in the style contexts in the abs.pos. continuations, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code. |
| 72441 | Mozilla Multiple Products v_ins->isF64() /jstracer.cpp:9347 Assertion Fail... A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when an assertion failure occurs in 'v_ins->isF64()' at '../jstracer.cpp:9347', resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code. |
| 72440 | Mozilla Multiple Products popTemplateRule Call txExecutionState.init Memory C... A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when certain errors are generated, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause a denial of service or potentially have other unspecified impact. |
| 72439 | Mozilla Multiple Products GC / OOM Reporting Title Lock Function Allocation M... A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The program fails to sanitize user-supplied input when the GC or allocation or OOM reporting occurs when an object is locked, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code. |
| 72438 | Mozilla Multiple Products nsXULTemplateBuilder/nsXULTemplateQueryProcessorXML... A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. The nsXULTemplateBuilder::AttributeChanged, nsXULTemplateBuilder::ContentRemoved and nsXULTemplateBuilder::NodeWillBeDestroyed methods fail to sanitize user-supplied input when loading data, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can have an unspecified impact, potentially causing a denial of service or executing arbitrary code. |
| 72437 | Mozilla Multiple Products jsapi.cpp JS_ResolveStandardClass String.prototype ... A memory corruption flaw exists in Mozilla Firefox, SeaMonkey and Thunderbird. JS_ResolveStandardClass in jsapi.cpp reads the wrong name element, overwriting the global slot where String.prototype is stored, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause a denial of service, or possibly have other unspecified impact. |
| 72094 | Mozilla Multiple Products XSLT generate-id() Function Heap Address Informatio... Mozilla Firefox and SeaMonkey contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when the XSLT 'generate-id()' function in functions.c in libxslt returns a string which reveals a specific valid address of an object on the memory heap to an attacker using an XML document with a call to the XSLT generate-id XPath function. This may make it easier for a context-dependent attacker to exploit a memory corruption flaw. |
| 72090 | Mozilla Multiple Products resource: Protocol Traversal Arbitrary File Access Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw that allows a context-dependent attacker to traverse outside of a restricted path. The issue is due to the programs not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the resource: protocol. This directory traversal attack would allow the attacker to access arbitrary files. |
| 72089 | Mozilla Multiple Products for Mac OS X Java Embedding Plugin Unspecified Priv... Mozilla Firefox and SeaMonkey for Mac OS X contain a flaw related to the Java Embedding Plugin that may allow a context-dependent attacker to gain elevated privileges. No further details have been provided. |
| 72088 | Mozilla Multiple Products Java Applet Form Autocomplete Form History Informat... Mozilla Firefox and SeaMonkey contain a flaw related to a Java applet mimicking form autocomplete controls interaction that may disclose form history entries to a context-dependent attacker. No further details have been provided. |
| 72087 | Mozilla Multiple Products nsTreeRange Dangling Pointer Remote Code Execution Mozilla Firefox and SeaMonkey contain a dangling pointer flaw related to 'nsTreeRange' that may allow a context-dependent attacker to execute arbitrary code. |
| 72086 | Mozilla Multiple Products OBJECT's mObserverList Use-after-free Remote Code E... Mozilla Firefox and SeaMonkey contain a user-after-free flaw related to the OBJECT's mObserverList that may allow a context-dependent attacker to execute arbitrary code. No further details have been provided. |
| 72085 | Mozilla Multiple Products OBJECT's mChannel Use-after-free Remote Code Execution Mozilla Firefox and SeaMonkey contain a user-after-free flaw related to the OBJECT's mChannel that may allow a context-dependent attacker to execute arbitrary code. No further details have been provided. |
| 72084 | Mozilla Multiple Products Unspecified Memory Corruption (2011-0072) A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 72083 | Mozilla Multiple Products Unspecified Memory Corruption (2011-0078) A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 72082 | Mozilla Multiple Products Unspecified Memory Corruption (2011-0077) A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 72081 | Mozilla Multiple Products Unspecified Memory Corruption (2011-0075) A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 72080 | Mozilla Multiple Products Unspecified Memory Corruption (2011-0074) A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 72078 | Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-0080) Multiple memory corruption flaws exist in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 72077 | Mozilla Multiple Products Unspecified Remote DoS (2011-0070) Mozilla Firefox, Thunderbird and SeaMonkey contain an unspecified flaw that may allow a context-dependent attacker to cause a denial of service. No further details have been provided. |
| 72076 | Mozilla Multiple Products Unspecified Remote DoS (2011-0069) Mozilla Firefox, Thunderbird and SeaMonkey contain an unspecified flaw that may allow a context-dependent attacker to cause a denial of service. No further details have been provided. |
| 72075 | Mozilla Multiple Products Unspecified Memory Corruption (2011-0081) A memory corruption flaw exists in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 72074 | Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-0079) Multiple memory corruption flaws exist in Mozilla Firefox, Thunderbird and SeaMonkey. The programs fail to sanitize certain unspecified user-supplied input, resulting in memory corruption. Through unspecified vectors, a context-dependent attacker can execute arbitrary code. |
| 71961 | Oracle Fusion Middleware Oracle WebLogic Server TLS Renegotiation Handshakes ... Oracle Fusion Middleware contains a flaw related to the Oracle WebLogic Server component. The component fails to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack. |
| 71951 | Oracle Multiple Products Oracle Security Service TLS Renegotiation Handshakes... Oracle Database and Fusion Middleware contain a flaw related to the Oracle Security Service component. The component fails to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack. |
| 70620 | mGuard TLS Renegotiation Handshakes MiTM Plaintext Data Injection mGuard contains a flaw related to the TLS protocol's failure to properly associate renegotiation handshakes with an existing connection. The issue is triggered when a man-in-the-middle attacker uses unauthenticated requests processed retroactively. This may allow an attacker to inject data into HTTPS sessions. |
| 70055 | Oracle Supply Chain Transportation Management TLS Renegotiation Handshakes Mi... Oracle Supply Chain contains a flaw related to the Transportation Management component. The component fails to properly associate renegotiation handshakes with an existing connection, allowing a man-in-the-middle attacker to insert data into HTTPS sessions, and possibly other sessions which are protected by TLS or SSL. The issue is triggered when a remote attacker sends an unauthenticated request which is processed retroactively by the server in a post-renegotiation context, related to a plaintext injection attack. |
| 69780 | Mozilla Multiple Products Unspecified Memory Corruption (2010-3778) Mozilla Firefox, Thunderbird and SeaMonkey contain an unspecified memory corruption vulnerability. This may allow a remote attacker to cause a denial of service and possibly execute arbitrary code via unknown vectors. No further details are available. |
| 69779 | Mozilla Multiple Products Unspecified Memory Corruption (2010-3777) Mozilla Firefox and Thunderbird contain an unspecified memory corruption vulnerability. This may allow a remote attacker to cause a denial of service and possibly execute arbitrary code via unknown vectors. No further details are available. |
| 69778 | Mozilla Multiple Products Browser Engine Unspecified Memory Corruption (2010-... Mozilla Firefox, Thunderbird and SeaMonkey contain an unspecified memory corruption vulnerability. This may allow a remote attacker to cause a denial of service and possibly execute arbitrary code via unknown vectors. No further details are available. |
| 69777 | Mozilla Multiple Products data: URL Java LiveConnect Script Redirection Weakness Mozilla Firefox and SeaMonkey contain a flaw related to the handling of redirections involving data: URLs and Java LiveConnect scripts. The issue is triggered when a context-dependent attacker uses vectors involving a refresh value in the http_equiv attribute of a META element to read arbitrary files, start processes and establish network connections. |
| 69776 | Mozilla Multiple Products netwerk/base/public/nsNetUtil.h NS_SecurityCompareU... Mozilla Firefox and SeaMonkey contain a flaw related to the 'NS_SecurityCompareURIs' function in 'netwerk/base/public/nsNetUtil.h'. The function does not properly handle about:neterror and about:certerror pages, allowing a context-dependent attacker to use a maliciously crafted web site to spoof the location bar. |
| 69775 | Mozilla Multiple Products Firebug Add-on XMLHttpRequestSpy Module Crafted HTT... Mozilla Firefox and SeaMonkey contain a flaw related to the XMLHttpRequestSpy module in the Firebug add-on's improper handling of interaction between the XMHttpRequestSpy object and chrome privileged objects. The issue is triggered when a context-dependent attacker uses a maliciously crafted HTTP response to allow the execution of arbitrary code. |
| 69774 | Mozilla Multiple Products XUL Tree Child Content Index Value Calculation Arbi... Mozilla Firefox and SeaMonkey contain a flaw related to the improper calculation of index values for certain child content in the XUL tree. This may allow a context-dependent attacker to use vectors involving a DIV element within a treechildren element to execute arbitrary code. |
| 69773 | Mozilla Multiple Products about:blank Page ISINDEX Element chrome: URI Redire... Mozilla Firefox and SeaMonkey contain a flaw related to the injection of an ISINDEX element into an about:blank page. This may allow a context-dependent attacker to use vectors related to redirection to a chrome:URI to execute arbitrary JavaScript code with chrome privileges. |
| 69772 | Mozilla Multiple Products Rendering Engine x-mac Characters XSS Mozilla Firefox and SeaMonkey contain a flaw in the rendering engine that allows a remote cross-site scripting (XSS) attack. This flaw exists because the applications do not properly validate user-supplied input from the x-mac-arabic, x-mac-farsi and x-mac hebrew character encodings. Any site that uses these character encodings becomes vulnerable to an XSS attack. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| 69771 | Mozilla Multiple Products Line-breaking document.write Call Arbitrary Code Ex... Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw related to the line-breaking implementation's handling of long strings. The issue is triggered when a context-dependent attacker uses a maliciously crafted document.write call to trigger a buffer over-read. This will allow the execution of arbitrary code. |
| 69770 | Mozilla Multiple Products Downloadable Font @font-face CSS Rule Arbitrary Cod... Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw related to proper validation of downloadable fonts before use. This may allow a context-dependent attacker to use vectors related to @font-face Cascading Style Sheets (CSS) rules to execute arbitrary code. |
| 69769 | Mozilla Multiple Products JavaScript Array NewIdArray Function Overflow Mozilla Firefox and SeaMonkey are prone to an overflow condition. The 'NewIDArray' function fails to properly handle 'JSSLOT_ARRAY_COUNT' annotation resulting in an integer overflow. With a specially crafted JavaScript array with many elements, a context-dependent attacker can potentially execute arbitrary code. |
| 69768 | Mozilla Multiple Products nsDOMAttribute Node Use-after-free Arbitrary Code E... Mozilla Firefox and SeaMonkey contain a user-after-vfree vulnerability related to the 'NodeIterator API' when handling a 'nsDOMAttribute' node. This may allow a context-dependent attacker to execute arbitrary code. |
| 69758 | Mozilla Firefox WebSockets Proxy Upgrade Negotiation Weakness Mozilla Firefox contains a flaw related to the WebSockets implementation. The program fails to properly perform proxy upgrade negotiation, allowing a remote attacker to cause an unspecified impact. No further details are available. |
| 69561 | IBM WebSphere MQ Internet Pass-Thru TLS Renegotiation Handshake MiTM Plaintex... IBM WebSphere MQ Internet Pass-Thru contains a flaw related to the TLS Renegotiation Handshake protocol. The issue is triggered when a remote attacker uses a MiTM attack to insert arbitrary plaintext into data sent by a legitimate client. |
| 69032 | Oracle Java SE / Java for Business TLS Renegotiation Handshake MiTM Plaintext... Oracle Java SE and Java for Business contains a flaw related to the JSSE component. The application fails to properly associate renegotiation handshakes with an existing connection, allowing a MiTM attacker to use an unauthenticated request to insert data into HTTPS sessions, related to a 'plaintext injection' attack |
| 68921 | Mozilla Thunderbird DOM Insertion document.write() Unspecified Overflow Thunderbird is prone to an overflow condition. The application fails to properly sanitize input caused by interactions between DOM insertions and the document.write() function resulting in a heap overflow. With a specially crafted website, a context-dependent attacker can potentially cause arbitrary code execution. |
| 68905 | Mozilla Firefox DOM Insertion document.write() Unspecified Overflow Firefox is prone to an overflow condition. The application fails to properly sanitize input caused by interactions between DOM insertions and the document.write() function resulting in a heap overflow. With a specially crafted website, a context-dependent attacker can potentially cause arbitrary code execution. |
| 68854 | Mozilla Multiple Products LookupGetterOrSetter Function window.__lookupGetter... Mozilla Firefox, SeaMonkey and Thunderbird contains a flaw related to the 'LookupGetterOrSetter()' function in 'js3250.dll' failing to properly support 'window.__lookupGetter__' function calls which lack arguments. This may allow a remote attacker to execute arbitrary code via vectors related to a dangling pointer being passed to the 'JS_ValueToId()' function. |
| 68853 | Mozilla Multiple Products on Linux Unspecified Application-launch Script LD_L... Mozilla Firefox, Thunderbird and SeaMonkey on Linux are prone to a flaw in the way they load dynamic-link libraries (DLL). The programs use a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the programs will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening the program executable file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. |
| 68851 | Mozilla Multiple Products nsBarProp Function Use-after-free Closed Window loc... Mozilla Firefox, Thunderbird and SeaMonkey contain a use-after-free vulnerability related to the 'nsBarProp' function. This may allow a remote attacker to execute arbitrary code by accessing a closed window's locationbar property. |
| 68850 | Mozilla Multiple Products Text-rendering document.write Method Long Argument ... Mozilla Firefox, Thunderbird and SeaMonkey are prone to an overflow condition. The text-rendering functionality fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted long argument to the document.write method, a remote attacker can potentially execute arbitrary code. |
| 68849 | Mozilla Multiple Products Javascript: URL Modal Call Crafted HTML Document Sa... Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw related to the failure to properly handle certain javascript: URLs modal calls which open new windows and perform cross-domain navigation. This may allow a context-dependent attacker to use a crafted HTML document to bypass the Same Origin Policy. |
| 68848 | Mozilla Multiple Products Gopher Parser Crafted File / Directory Name XSS Mozilla Firefox and SeaMonkey contain a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the file or directory names upon submission to the Gopher parser. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| 68847 | Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corrupti... Mozilla Firefox, Thunderbird and SeaMonkey contain multiple flaws related to the browser engine that may allow a remote attacker to cause a denial of service via memory corruption. It is also possible, though not yet confirmed, that this may allow the execution of arbitrary code. |
| 68846 | Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corrupti... Mozilla Firefox and Thunderbird contain a flaw related to the browser engine that may allow a remote attacker to cause a denial of service via memory corruption. It is also possible, though not yet confirmed, that this may also allow the execution of arbitrary code.. |
| 68845 | Mozilla Multiple Products Browser Engine Unspecified Memory Corruption (2010-... Mozilla Firefox contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified error in the browser engine occurs, which may be exploited by a remote attacker to cause a denial of service via memory corruption. It is possible, though not yet confirmed, that this vulnerability may allow the execution of arbitrary code as well. |
| 68844 | Mozilla Multiple Products SSL Implementation Diffie-Hellman Ephemeral Mode Mi... Mozilla Firefox, Thunderbird and SeaMonkey contain a flaw related to the SSL implementation's failure to properly set the minimum key length for Diffie-Hellman Ephemeral mode. This may allow a remote attacker to trivially brute-force the cryptographic protection. |
| 68079 | Mozilla Multiple Products SSL Certificate IP Address Wildcard Matching Weakness |
| 68048 | Mozilla Multiple Products JavaScript Implementation js_InitRandom Function Mu... |
| 68047 | Mozilla Firefox JavaScript Implementation js_InitRandom Function Multiple Poi... |
| 67913 | Mozilla Multiple Products Browser Engine Unspecified Memory Corruption |
| 67912 | Mozilla Multiple Products XUL Tree Removal Property Change Role Restriction W... |
| 67911 | Mozilla Multiple Products nsTreeContentView Function XUL Tree Node Removal De... |
| 67910 | Mozilla Multiple Products nsTextFrameUtils::TransformText Function Bidirectio... |
| 67908 | Mozilla Multiple Products on Mac OS X data: URL Crafted Font Remote DoS |
| 67907 | Mozilla Multiple Products Document Selection Addition designMode Property XSS |
| 67906 | Mozilla Multiple Products Document Charset OBJECT Element UTF-7 XSS Protectio... |
| 67905 | Mozilla Multiple Products navigator.plugins DOM Plugin Array Destruction Navi... |
| 67904 | Mozilla Multiple Products normalizeDocument Function DOM Node Removal Deleted... |
| 67903 | Mozilla Multiple Products FRAMESET Element cols Attribute Handling Overflow |
| 67902 | Mozilla Multiple Products XMLHttpRequest Object statusText Property Cross-ori... |
| 67901 | Mozilla Multiple Products SafeJSObjectWrapper XPCSafeJSObjectWrapper Class Sa... |
| 67900 | Mozilla Multiple Products SafeJSObjectWrapper XPCSafeJSObjectWrapper Class Ch... |
| 67502 | Mozilla Multiple Products Path Subversion Arbitrary DLL Injection Code Execut... Mozilla Firefox, Seamonkey and Thunderbird are prone to a flaw in the way it loads dynamic-link libraries (e.g. dwmapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a .htm, .html, .jtx or .mfp file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. |
| 67029 | HP Threat Management Services zl Module TLS Renegotiation Handshakes MiTM Pla... |
| 66786 | Mozilla Firefox layout/generic/nsObjectFrame.cpp Plugin Instance Parameter Ar... |
| 66605 | Mozilla Multiple Products Unspecified Memory Corruption (2010-1211) |
| 66604 | Mozilla Multiple Products Browser Engine js/src/jstracer.cpp Memory Corruptio... |
| 66603 | Mozilla Multiple Products SJOW Arbitrary Javascript Execution |
| 66602 | Mozilla Multiple Products nsCSSValue::Array Overflow |
| 66601 | Mozilla Multiple Products nsTreeSelection Selection Range Calculation Overflow |
| 66600 | Mozilla Multiple Products PNG File Handling Overflow |
| 66599 | Mozilla Multiple Products importScripts Web Worker Method Cross-origin Data D... |
| 66598 | Mozilla Multiple Products Canvas Context Same-Origin Bypass |
| 66597 | Mozilla Multiple Products intl/uconv/util/nsUnicodeDecodeHelper.cpp 8-bit Cha... |
| 66596 | Mozilla Multiple Products CSS Selector Cross-Domain Information Disclosure |
| 66595 | Mozilla Multiple Products Script Error Cross-origin Data Leakage |
| 66594 | Mozilla Multiple Browsers EnsureCachedAttrParamArrays Overflow |
| 66593 | Mozilla Multiple Browsers DOM Attribute Cloning Arbitrary Code Execution |
| 66592 | Mozilla Multiple Browsers NodeIterator Interface Javascript Callback Use-Afte... |
| 66591 | Mozilla Multiple Browsers HTTP 204 Location Bar Spoofing |
| 66590 | Mozilla Multiple Browsers docshell/base/nsDocShell.cpp nsDocShell::OnRedirect... |
| 66315 | HP Insight Manager TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 65852 | libpng pngpread.c PNG Image Data Height Overflow |
| 65752 | Mozilla Multiple Products JavaScript Engine Unspecified Remote DoS (2010-1203) |
| 65751 | Mozilla Multiple Products JavaScript Engine Unspecified Remote DoS (2010-1202) |
| 65750 | Mozilla Multiple Products Browser Engine Unspecified Remote DoS (2010-1201) |
| 65749 | Mozilla Multiple Products Browser Engine Unspecified Remote DoS (2010-1200) |
| 65744 | Mozilla Multiple Products XSLT Node Sorting Implementation Node Text Value Ov... |
| 65742 | Mozilla Multiple Products Multiple Plugin Instances Use-after-free Arbitrary ... |
| 65739 | Mozilla Multiple Products Content-Disposition: attachment / Content-Type: mul... |
| 65736 | Mozilla Firefox browser/base/content/browser.js startDocumentLoad Function Sa... |
| 65735 | Mozilla Multiple Products nsGenericDOMDataNode::SetTextInternal function DOM ... |
| 65734 | Mozilla Multiple Products nsCycleCollector::MarkRoots Function Menu Frame Con... |
| 65202 | OpenOffice.org (OOo) TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 64725 | HP System Management Homepage (SMH) TLS Renegotiation Handshakes MiTM Plainte... |
| 64499 | ArubaOS HTTPS WebUI Admin Interface TLS Renegotiation Handshakes MiTM Plainte... |
| 64150 | Mozilla Firefox nsIScriptableUnescapeHTML.parseFragment Method Multiple Eleme... |
| 64070 | Sun Java System Directory Server X.509 Certificate Common Name (CN) Field Han... |
| 64040 | IBM DB2 TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 63637 | Mozilla Multiple Products Firebug Add-on XMLHttpRequestSpy Module Privileged ... |
| 63620 | Mozilla Multiple Products XMLDocument::load Function nsIContentPolicy Check R... |
| 63479 | Mozilla Firefox JavaScript Implementation Hidden Frame Form Field Clickjacking |
| 63466 | Mozilla Multiple Browsers IMG SRC mailto: External Mail Program Execution |
| 63465 | Mozilla Multiple Browsers window.navigator.plugins Object nsPluginArray Dangl... |
| 63464 | Mozilla Multiple Browsers Forced URL Drag and Drop Chrome Privilege Escalation |
| 63463 | Mozilla Multiple Browsers nsTreeSelection Event Handler Manipulation Arbitrar... |
| 63462 | Mozilla Multiple Products nsTreeContentView XUL Tree optgroup Dangling Pointe... |
| 63461 | Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corrupti... |
| 63460 | Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corrupti... |
| 63457 | Mozilla Firefox Cross Document DOM Node Moving Arbitrary Code Execution (PWN2... |
| 63273 | Mozilla Firefox Authorization Prompt Implementation toolkit/components/passwo... A weakness in toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js can cause the authorization dialogs for concurrent authorization requests to become affixed to the wrong window. This could allow an attacker to spoof the dialog and potentially steal credentials. |
| 63272 | Mozilla Multiple Products Wrapped Object Multiple Function Cross-origin Keyst... |
| 63271 | Mozilla Firefox Plugins window.location Same Origin Policy Bypass XSS |
| 63270 | Mozilla Multiple Products layout/style/nsCSSLoader.cpp CSSLoaderImpl::DoSheet... |
| 63269 | Mozilla Firefox Image Pre-loading Implementation content/base/src/nsDocument.... |
| 63268 | Mozilla Multiple Products Browser Engine modules/plugin/base/src/nsNPAPIPlugi... |
| 63267 | Mozilla Multiple Products Browser Engine layout/generic/nsBlockFrame.cpp DoS |
| 63266 | Mozilla Firefox Browser Engine on Mac OS X gfx/thebes/src/gfxFont.cpp gfxText... |
| 63265 | Mozilla Firefox Browser Engine js/src/jstracer.cpp TraceRecorder::traverseSco... |
| 63264 | Mozilla Firefox libpr0n src/imgContainer.cpp imgContainer::InternalAddFrameHe... |
| 63263 | Mozilla Multiple Products Email Attachment Parser Message Indexing DoS |
| 62877 | SSH Tectia Audit Player TLS Renegotiation Handshakes MiTM Plaintext Data Inje... |
| 62536 | Blue Coat Products TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 62467 | Mozilla Firefox IFRAME Tag Handling Redirection Target Disclosure |
| 62464 | Mozilla Firefox CSS Stylesheet Cross-origin Information Disclosure |
| 62428 | Mozilla Multiple Browsers Web Worker Array Handling Heap Corruption |
| 62427 | Mozilla Multiple Browsers window.dialogArguments Same-origin Policy Bypass XSS |
| 62426 | Mozilla Multiple Browsers SVG Document Binary Content-Type Header XSS Weakness |
| 62425 | Mozilla Multiple Browsers HTML Parser Use-after-free Memory Corruption |
| 62424 | Mozilla Multiple Browsers Unspecified Memory Corruption (534082) |
| 62423 | Mozilla Multiple Browsers Unspecified Memory Corruption (501934) |
| 62422 | Mozilla Multiple Browsers Unspecified Memory Corruption (528300) |
| 62421 | Mozilla Multiple Browsers Unspecified Memory Corruption (528134) |
| 62420 | Mozilla Multiple Browsers Unspecified Memory Corruption (527567) |
| 62419 | Mozilla Multiple Browsers Unspecified Memory Corruption (467005) |
| 62418 | Mozilla Multiple Browsers Unspecified Memory Corruption (530880) |
| 62416 | Mozilla Firefox Unspecified Arbitrary Code Execution |
| 62273 | Opera TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 62210 | Aruba Mobility Controller TLS Renegotiation Handshakes MiTM Plaintext Data In... |
| 62135 | Network Security Services (NSS) TLS Renegotiation Handshakes MiTM Plaintext D... |
| 62064 | IBM Java TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 61929 | IBM WebSphere Application Server TLS Renegotiation Handshakes MiTM Plaintext ... |
| 61785 | Avaya Products Multiple Product TLS Renegotiation Handshakes MiTM Plaintext D... |
| 61784 | Sun Java System Multiple Product TLS Renegotiation Handshakes MiTM Plaintext ... |
| 61718 | IBM WebSphere DataPower TLS Renegotiation Handshakes MiTM Plaintext Data Inje... |
| 61638 | Mozilla Firefox xpcom/ds/nsObserverList.cpp nsObserverList::FillObserverArray... |
| 61234 | IBM SDK for Java TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 61103 | Mozilla Multiple Browsers libtheora Video Library Unspecified DoS |
| 61102 | Mozilla Multiple Browsers libtheora Video Library Dimension Handling Overflow |
| 61101 | Mozilla Multiple Browser NTLM Reflection Authentication Credential Disclosure |
| 61100 | Mozilla Multiple Browsers document.location 204 Response SSL Status Spoofing |
| 61099 | Mozilla Multiple Browsers document.location Blank Page Content Spoofing |
| 61098 | Mozilla Multiple Browsers liboggplay Multiple Unspecified Code Execution A memory corruption flaw exists in Mozilla. The service fails to sanitize user-supplied input resulting in memory corruption. With a specially crafted file, a remote attacker can execute arbitrary code. |
| 61097 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption |
| 61096 | Mozilla Firefox Browser Engine Unspecified Memory Corruption |
| 61095 | Mozilla Multiple Browsers Chrome window.opener Property Privilege Escalation |
| 61094 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption |
| 61093 | Mozilla Multiple Products JavaScript Engine Multiple Unspecified Memory Corru... |
| 61092 | Mozilla Multiple Browsers GeckoActiveXObject Exception Message COM Object Enu... |
| 61091 | Mozilla Multiple Products libc dtoa Implementation Floating Point Parsing Mem... |
| 60521 | Ingate Firewall/SIParator SSL / TLS Renegotiation Handshakes MiTM Plaintext D... |
| 60425 | Mozilla Firefox libpr0n decoders/gif/nsGIFDecoder2.cpp nsGIFDecoder2::GifWrit... |
| 60366 | Cisco Multiple Devices TLS Renegotiation Handshakes MiTM Plaintext Data Injec... |
| 59974 | MatrixSSL TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 59973 | Citrix Secure Gateway TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 59972 | GnuTLS TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 59971 | OpenSSL TLS Renegotiation Handshakes MiTM Plaintext Data Injection |
| 59970 | Mozilla Network Security Services (NSS) SSL / TLS Renegotiation Handshakes Mi... |
| 59969 | Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext ... |
| 59968 | Microsoft Multiple Products SSL / TLS Renegotiation Handshakes MiTM Plaintext... |
| 59395 | Mozilla Firefox Recursive JavaScript Web-workers Memory Corruption |
| 59394 | Mozilla Multiple Browsers Proxy Auto-configuration (PAC) File Regular Express... |
| 59393 | Mozilla Multiple Browsers GIF Color Map Parser Overflow |
| 59392 | Mozilla Firefox XPCOM XPCVariant::VariantDataToJS Utility Chrome Privileged J... |
| 59390 | Mozilla Firefox document.getSelection Function Cross-origin Data Disclosure |
| 59389 | Mozilla Multiple Browsers Filename Right-to-left (RTL) Override Character Dow... |
| 59388 | Mozilla Firefox liboggplay oggplay_data_handle_theora_frame Function NULL Der... |
| 59386 | Mozilla Firefox libvorbis Multiple Unspecified Code Execution Issues |
| 59385 | liboggz Unspecified Memory Corruption |
| 59384 | Mozilla Firefox Browser Engine nsCachedStyleData::GetStyleDisplay Function Me... |
| 59383 | Mozilla Firefox JavaScript Engine Multiple Unspecified Memory Corruption |
| 59382 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3... |
| 59381 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3... |
| 57980 | Mozilla Firefox FeedWriter Privileged JavaScript Execution |
| 57979 | Mozilla Firefox Tall Line-height Unicode Character Handling Address Bar Spoofing |
| 57978 | Mozilla Firefox XUL Document TreeColumn Rendering Arbitrary Code Execution |
| 57977 | Mozilla Firefox PKCS11 Module Installation Warning Dialogue Weakness |
| 57976 | Mozilla Firefox JavaScript Engine Multiple Unspecified Memory Corruption Firefox contains a flaw related to the JavaScript engine that may allow an attacker to execute arbitrary code via memory corruption. No further details have been provided. |
| 57975 | Mozilla Firefox JavaScript Engine Unspecified Remote Memory Corruption (2009-... |
| 57973 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3... |
| 57972 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3... |
| 57971 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3... Firefox contains an unspecified memory corruption flaw in the browser engine that may allow a malicious user to crash the browser or execute arbitrary code, leading to a loss of integrity and/or availability. |
| 57970 | Mozilla Firefox Browser Engine Multiple Unspecified Memory Corruption (2009-3... |
| 57844 | Mozilla Firefox on Linux Temporary File Download Manipulation Weakness |
| 57003 | Mozilla Multiple Products mailnews Multiple DOM Property Information Disclosure |
| 56782 | Mozilla Firefox feedWriter Feed Preview Multiple Function Remote Script Execu... |
| 56724 | Mozilla Multiple Products Regex Parser X.509 Certificate Common Name (CN) Fie... A remote overflow exists in Network Security Services (NSS). Network Security Services (NSS) and products containing it fail to properly parse a long domain name in the subject's Common Name (CN) field of an X.509 certificate resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity. |
| 56723 | Mozilla Multiple Products Certificate Authority (CA) Common Name Null Byte Ha... |
| 56721 | Mozilla Firefox Browser Engine /js/src/jstracer.cpp TraceRecorder::snapshot F... |
| 56719 | Mozilla Firefox JavaScript Engine /js/src/jsinterp.c JSFUN_HEAVYWEIGHT Memory... |
| 56718 | Mozilla Firefox content/base/src/nsDocument.cpp Add-on Handling Cached Securi... |
| 56717 | Mozilla Firefox window.open() Invalid URL Document Content / SSL Status Spoofing |
| 56716 | Mozilla Firefox SOCKS5 Proxy DNS Response Handling Data Corruption Issue |
| 56484 | Mozilla Firefox iFrame HTTP / HTTPS Content Detection Weakness |
| 56471 | Mozilla Firefox on Linux BODY Element BACKGROUND Attribute Handling DoS |
| 56406 | Mozilla Firefox Crafted KEYGEN Element DoS |
| 56253 | Mozilla Multiple Products Select Object Length Property Handling Memory Consu... |
| 56232 | Mozilla Firefox Multiple Method XPCCrossOriginWrapper Bypass |
| 56231 | Mozilla Firefox setTimeout XPCNativeWrappers Bypass Privileged JavaScript Exe... |
| 56230 | Mozilla Multiple Products Base64 Decoding Unspecified DoS |
| 56229 | Mozilla Multiple Products nsXULTemplateQueryProcessorRDF::CheckIsSeparator XU... |
| 56228 | Mozilla Multiple Products Double Frame Element Construction Memory Corruption |
| 56227 | Mozilla Firefox Slow Script Dialog Navigation Flash Unloading Arbitrary Code ... |
| 56226 | Mozilla Firefox SVG Element watch / __defineSetter__ Functions Memory Corruption |
| 56225 | Mozilla Multiple Products JavaScript Engine MirrorWrappedNativeParent Functio... |
| 56224 | Mozilla Multiple Products Unspecified Stack Corruption Arbitrary Code Execution |
| 56223 | Mozilla Multiple Products JS_HashTableRawLookup Function DoS |
| 56222 | Mozilla Multiple Products Browser Engine Frame Handling Multiple Function DoS |
| 56221 | Mozilla Multiple Products Browser Engine nsDOMOfflineResourceList Event Dispa... |
| 56220 | Mozilla Multiple Products Browser Engine Bidi Resolver Document Reflow DoS |
| 56219 | Mozilla Multiple Products Browser Engine Frame Chain Synchronous Event Handli... |
| 56218 | Mozilla Multiple Products Browser Engine nsContentUtils::ComparePosition id A... |
| 55932 | Mozilla Firefox Unspecified Flash Bug DoS |
| 55931 | Mozilla Firefox Write Method Unicode String Argument Handling Remote Overflow |
| 55846 | Mozilla Firefox Just-in-time (JIT) JavaScript Compiler js/src/jstracer.cpp fo... A memory corruption flaw exists in Firefox. The Just-in-Time (JIT) compiler can enter a corrupt state following native function calls resulting in memory corruption. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 55532 | Mozilla Multiple Products Crafted multipart/alternative E-mail Message Remote... |
| 55197 | Mozilla Firefox nsViewManager.cpp TinyMCE Interaction Remote DoS |
| 55164 | Mozilla Firefox xul.dll nsJSNPRuntime.cpp NPObjWrapper_NewResolve Function Ra... |
| 55163 | Mozilla Firefox Location Bar file: URL Principal Assocation Access Restrictio... |
| 55162 | Mozilla Multiple Products Invalid Unicode Character Title Bar Spoofing |
| 55161 | Mozilla Multiple Products file: Resource Cross Domain Arbitrary Cookie Access |
| 55160 | Mozilla Multiple Products Proxy Server CONNECT Response Manipulation SSL MiTM... |
| 55159 | Mozilla Multiple Products xpcwrappedjsclass.cpp JavaScript Chrome Privilege E... |
| 55158 | Mozilla Multiple Products XUL Document Script Loading Content Policy Bypass |
| 55157 | Mozilla Multiple Products Garbage-collection Implementation Crafted Event Han... |
| 55155 | Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption |
| 55154 | Mozilla Multiple Products JavaScript Engine jsinterp.c c.hasOwnProperty Memor... |
| 55153 | Mozilla Multiple Products JavaScript Engine jsxml.c ParseXMLSource Memory Cor... |
| 55152 | Mozilla Multiple Products JavaScript Engine js_LeaveSharpObject Memory Corrup... |
| 55148 | Mozilla Multiple Products Double Frame Construction Memory Corruption |
| 55147 | Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corruption |
| 55146 | Mozilla Multiple Products Browser Engine xulrunner nsWindow::SetCursor Functi... |
| 55145 | Mozilla Multiple Products Browser Engine nsHTMLEditor::HideResizers contentEd... |
| 55144 | Mozilla Multiple Products Browser Engine AtomTableClearEntry Multiple Method ... |
| 55143 | Mozilla Multiple Products Browser Engine nsListBoxBodyFrame::GetNextItemBox x... |
| 55142 | Mozilla Multiple Products Browser Engine PL_DHashTableFinish style Tag Handli... |
| 55141 | Mozilla Multiple Products Browser Engine IsPercentageAware Function Memory Co... |
| 55140 | Mozilla Multiple Products Browser Engine nsTextFrame::ClearTextRun Accessibil... |
| 55139 | Mozilla Multiple Products Browser Engine UnhookTextRunFromFrames / ClearAllTe... |
| 55138 | Mozilla Multiple Products Browser Engine nsEventStateManager::GetContentState... |
| 55133 | Mozilla Firefox HTTP Host Header Proxy Server CONNECT Response Document Conte... |
| 54174 | Mozilla Firefox layout/generic/nsTextFrameThebes.cpp nsTextFrame::ClearTextRu... |
| 53972 | Mozilla Multiple Products nsAsyncInstantiateEvent::Run() Frame Handling Memor... |
| 53971 | Mozilla Multiple Products nsSVGElement::BindToTree svg Handling Memory Corrup... |
| 53970 | Mozilla Multiple Products js_FindPropertyHelper Error Condition JavaScript En... |
| 53969 | Mozilla Multiple Products JavaScript Engine gvar Optimization JSOP_DEFVAR Hea... |
| 53968 | Mozilla Multiple Products XMLHttpRequest Document Creation Principal-based Se... |
| 53967 | Mozilla Multiple Products js_CheckRedeclaration Shared Object Handling JavaSc... |
| 53966 | Mozilla Multiple Products gfxSkipCharsIterator::SetOffsets Memory Corruption |
| 53965 | Mozilla Multiple Products nsStyleContext::Destroy() DOMAttrModified Window Ha... |
| 53964 | Mozilla Multiple Products PL_DHashTableOperate / nsEditor::EndUpdateViewBatch... |
| 53963 | Mozilla Multiple Products XSLT Stylesheet Compiling Memory Corruption |
| 53962 | Mozilla Multiple Products nsComputedDOMStyle::GetWidth Memory Corruption |
| 53961 | Mozilla Multiple Products nsXULDocument::SynchronizeBroadcastListener Memory ... |
| 53960 | Mozilla Multiple Products IsBindingAncestor Frame Handling Memory Corruption |
| 53959 | Mozilla Multiple Products XPCNativeWrapper.toString XSS |
| 53958 | Mozilla Multiple Products view-source: Scheme Adobe Flash Same-origin Policy ... |
| 53957 | Mozilla Multiple Products jar Scheme Content-disposition Header Bypass |
| 53955 | Mozilla Multiple Products Third-party Stylesheet XBL Binding XSS |
| 53954 | Mozilla Firefox MozSearch Plugins Empty Search Page Manipulation Weakness |
| 53953 | Mozilla Firefox Inner Frame Saving Cross Site POST Request Disclosure |
| 53952 | Mozilla Multiple Products Server Refresh Header XSS |
| 53341 | Mozilla Firefox JavaScript Implementation Web Site Temporary Footprint Spoofi... |
| 53307 | Libxul CLASS Attribute Handling Memory Exhaustion DoS |
| 53079 | Mozilla Multiple Products txMozillaXSLTProcessor::TransformToDoc Function Cra... |
| 52896 | Mozilla Firefox on Windows _moveToEdgeShift() XUL Tree Method Garbage Collect... |
| 52659 | Mozilla Firefox IDN Homoglyph Character Literal Rendering URI Spoofing Weakness |
| 52657 | Mozilla Firefox designMode Functionality queryCommand* Calls Remote DoS |
| 52452 | Mozilla Multiple Products Location Bar Invisible Character Decoding Spoofing ... |
| 52451 | Mozilla Multiple Products nsIRDFService Cross-domain Redirect Same-origin Pol... Multiple Mozilla products contain a flaw that may allow a malicious website operator to access private data from users redirected to another website. The issue is triggered by nsIRDFService allowing a malicious website operator to use a cross-domain redirect to steal arbitrary XML data from another domain, resulting in a loss of confidentiality. |
| 52450 | Mozilla Multiple Products Crafted Cloned XUL DOM Elements Arbitrary Code Exec... |
| 52449 | Mozilla Multiple Products JavaScript Engine Multiple Vector Unspecified DoS |
| 52448 | Mozilla Multiple Products JavaScript Engine jsopcode.cpp Multiple Vector Arbi... |
| 52447 | Mozilla Multiple Products JavaScript Engine jsarray.cpp ResizeSlots Function ... |
| 52446 | Mozilla Multiple Products Layout Engine gczeal Unspecified Code Execution |
| 52445 | Mozilla Multiple Products Layout Engine nsCSSStyleSheet::GetOwnerNode Functio... |
| 52444 | Mozilla Multiple Products Layout Engine Multiple Unspecified Memory Corruptions |
| 51940 | Mozilla Multiple Products Layout Engine nsStyleContext::Destroy Multiple Meth... |
| 51939 | Mozilla Multiple Products Layout Engine nsOverflowContinuationTracker::Insert... |
| 51938 | Mozilla Multiple Products Layout Engine nsContainerFrame::ReflowOverflowConta... |
| 51937 | Mozilla Multiple Products Layout Engine nsViewManager::Composite() Layout Obj... |
| 51936 | Mozilla Multiple Products Layout Engine nsTransactionItem.cpp PlaceholderTxn:... |
| 51935 | Mozilla Multiple Products Layout Engine nsAttributeTextNode GetStrokeDash* Me... |
| 51934 | Mozilla Multiple Products Layout Engine nsStyleContext::Release Memory Corrup... |
| 51933 | Mozilla Multiple Products Layout Engine nsContainerFrame.cpp Frame Tree Handl... |
| 51932 | Mozilla Multiple Products Layout Engine nsContentUtils::ComparePosition Memor... |
| 51931 | Mozilla Multiple Products Layout Engine File Open Dialog input type Manipulat... |
| 51930 | Mozilla Firefox components/sessionstore/src/nsSessionStore.js file INPUT Elem... |
| 51929 | Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption |
| 51928 | Mozilla Firefox js/src/jsobj.cpp Chrome XBL Method / window.eval XSS |
| 51927 | Mozilla Multiple Products .desktop File Handling about: URL Restriction Bypass |
| 51926 | Mozilla Multiple Products XMLHttpRequest Call Set-Cookie Response Header Rest... Firefox and SeaMonkey contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when cookies marked HTTPOnly are readable by JavaScript, which will disclose contents of the 'Set-Cookie' response header resulting in a loss of confidentiality. |
| 51925 | Mozilla Firefox Multiple Cache-Control Directives Local Information Disclosure |
| 51297 | Mozilla Firefox session-restore Data Restoration Same-origin Policy Bypass |
| 51296 | Mozilla Multiple Products XPCNativeWrappers Pollution JavaScript Privilege Es... |
| 51295 | Mozilla Multiple Products XBL Binding Unloaded Document XSS |
| 51294 | Mozilla Multiple Products CSS Parser Escaped Null Character Protection Mechan... |
| 51293 | Mozilla Multiple Products Whitespace / Control Character URL Handling Phishin... |
| 51292 | Mozilla Multiple Products window.onerror DOM API Same-origin Policy Bypass In... |
| 51291 | Mozilla Multiple Products XMLHttpRequest 302 Redirect Same-origin Policy Bypa... |
| 51290 | Mozilla Firefox XUL Persist Attribute User Privacy Restriction Bypass |
| 51289 | Mozilla Firefox Feed Preview JavaScript Privilege Escalation |
| 51288 | Mozilla Multiple Product loadBindingDocument Function XBL Binding Same-domain... |
| 51287 | Mozilla Multiple Products Layout Engine FastAppendChar Function Memory Corrup... |
| 51286 | Mozilla Multiple Products Layout Engine Assertion Failure Remote DoS |
| 51285 | Mozilla Multiple Products Layout Engine nsEscapeHTML2 Overflow |
| 51284 | Mozilla Multiple Products Layout Engine PresShell::InitialReflow XUL iframe O... |
| 50285 | Mozilla Multiple Product JavaScript Engine AppendAttributeValue Function Remo... |
| 50210 | Mozilla Multiple Products Layout Engine Multiple Function DoS |
| 50182 | Mozilla Multiple Products Codebase Principals Protection Mechanism Bypass Sig... |
| 50181 | Mozilla Multiple Products nsXMLHttpRequest::NotifyEventListeners Method Same-... |
| 50179 | Mozilla Multiple Products nsFrameManager File Input Element Modification Blur... |
| 50178 | Mozilla Multiple Products Session Restore Feature Same-origin Policy Bypass C... |
| 50177 | Mozilla Multiple Products JavaScript Engine Date Class Unspecified Remote DoS |
| 50176 | Mozilla Multiple Products Browser Engine xpcom/io/nsEscape.cpp Unspecified Ov... |
| 50142 | Mozilla Firefox file: URI Chrome Privileges Same Tab Access Local System Save... |
| 50141 | Mozilla Multiple Products jslock.cpp OBJ_IS_NATIVE Function Non-Native Object... |
| 50140 | Mozilla Multiple Products Flash Module SWF File Dynamic Unloading Arbitrary R... |
| 50139 | Mozilla Multiple Products Canvas Element Handling Same-policy Origin Bypass |
| 49995 | Mozilla Multiple Products EX4 Document Handling Remote XML Injection |
| 49925 | Mozilla Multiple Products http-index-format MIME Type Parser Crafted Index Re... |
| 49073 | Mozilla Multiple Products HTML Element .url Shortcut File Arbitrary Cache Dis... |
| 48780 | Mozilla Multiple Products URL Parsing Implementation Crafted UTF-8 URL Arbitr... |
| 48779 | Mozilla Multiple Products XBM Decoder Image File Handling Arbitrary Memory Di... |
| 48773 | Mozilla Multiple Product nsXMLDocument::OnChannelRedirect Function Same Origi... |
| 48772 | Mozilla Multiple Products News Article Header Handling Overflow |
| 48771 | Mozilla Firefox HTML Escaped Low Surrogates XSS |
| 48770 | Mozilla Firefox XPConnect Component SCRIPT Element Privileged Code Execution |
| 48769 | Mozilla Multiple Products resource URI Traversal Access Restriction Bypass |
| 48768 | Mozilla Multiple Products window.moveBy Crafted onmousedown drag-and-drop Act... |
| 48767 | Mozilla Firefox nsSVGFilters.cpp nsSVGFEGaussianBlurElement::SetupPredivide F... |
| 48766 | Mozilla Firefox nsPNGDecoder.cpp info_callback Function Animated PNG Data Han... |
| 48765 | Mozilla Firefox cairo_surface_set_device_offset Function alert messagebox Han... |
| 48764 | Mozilla Firefox nsFrameList::SortByContentOrder Function Memory Corruption |
| 48763 | Mozilla Firefox indic IME Extension Memory Corruption |
| 48762 | Mozilla Firefox nsContentList::Item Function this Variable Memory Corruption |
| 48761 | Mozilla Multiple Products on Linux URL-encoded resource URI Traversal Arbitra... |
| 48760 | Mozilla Multiple Products Stripped BOM Character XSS |
| 48759 | Mozilla Multiple Products MathML Component rowspan Attribute Handling Memory ... |
| 48751 | Mozilla Multiple Products nsJSNPRuntime.cpp nsNPObjWrapper::GetNewOrUsed Func... |
| 48750 | Mozilla Multiple Products nsEscape.cpp nsEscapeCount Function Memory Corruption |
| 48749 | Mozilla Multiple Products jsxml.c Namespace / Qname Characteristic Handling M... |
| 48748 | Mozilla Multiple Products XSLT Arbitrary Script Execution |
| 48747 | Mozilla Multiple Products document.loadBindingDocument() Arbitrary Script Exe... |
| 48746 | Mozilla Multiple Products XPCNativeWrappers Pollution Arbitrary Code Execution |
| 43258 | Mozilla Firefox Basic Authentication Realm Text Display Weakness |
| 35920 | Mozilla Firefox on Unix resource:// %2F Encoded Traversal Arbitrary File Access |
| 35700 | Mozilla Firefox HREF Tag Out-of-bounds Memory Access |
| 34905 | X.Org X Window System Multiple XRender Function Remote DoS |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2014-02-27 | IAVM : 2014-A-0030 - Apple Mac OS X Security Update 2014-001 Severity : Category I - VMSKEY : V0044547 |
| 2013-10-17 | IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0040786 |
| 2013-02-07 | IAVM : 2013-A-0031 - Multiple Security Vulnerabilities in VMware ESX 4.1 and ESXi 4.1 Severity : Category I - VMSKEY : V0036787 |
| 2012-11-29 | IAVM : 2012-A-0189 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0035032 |
| 2012-05-03 | IAVM : 2012-B-0048 - Multiple Vulnerabilities in HP Systems Insight Manager Severity : Category I - VMSKEY : V0032178 |
| 2012-04-05 | IAVM : 2012-B-0038 - Multiple Vulnerabilities in HP Onboard Administrator Severity : Category I - VMSKEY : V0031972 |
| 2012-03-29 | IAVM : 2012-A-0048 - Multiple Vulnerabilities in VMware vCenter Update Manager 5.0 Severity : Category I - VMSKEY : V0031901 |
| 2012-01-13 | IAVM : 2012-B-0006 - Microsoft SSL/TLS Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0031054 |
| 2011-12-01 | IAVM : 2011-A-0160 - Multiple Vulnerabilities in VMware vCenter Server 4.0 and vCenter Update Mana... Severity : Category I - VMSKEY : V0030769 |
| 2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52307 - Revision : 1 - Type : FILE-IMAGE |
| 2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52306 - Revision : 1 - Type : FILE-IMAGE |
| 2018-07-10 | Mozilla multiple products JavaScript string replace buffer overflow attempt RuleID : 46913 - Revision : 1 - Type : BROWSER-FIREFOX |
| 2018-07-10 | Mozilla multiple products JavaScript string replace buffer overflow attempt RuleID : 46912 - Revision : 1 - Type : BROWSER-FIREFOX |
| 2018-01-17 | Mozilla Firefox nsTreeContentView double-free memory corruption attempt RuleID : 45176 - Revision : 1 - Type : BROWSER-FIREFOX |
| 2017-12-21 | Mozilla Firefox browser engine memory corruption attempt RuleID : 44978 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2017-09-19 | Mozilla Firefox empty lookupGetter dangling pointer attempt RuleID : 44010 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2017-09-19 | Mozilla Firefox empty lookupGetter dangling pointer attempt RuleID : 44009 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2017-08-31 | Mozilla Firefox nsTreeContentView double-free memory corruption attempt RuleID : 43778 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2017-08-29 | Mozilla Firefox BOM character cross site scripting attempt RuleID : 43749 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2017-08-29 | Mozilla Firefox BOM character cross site scripting attempt RuleID : 43748 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2017-08-23 | Mozilla products obfuscated cross site scripting attempt RuleID : 43673 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2017-08-23 | Mozilla products obfuscated cross site scripting attempt RuleID : 43672 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2017-08-01 | Mozilla Firefox XUL tree element code execution attempt RuleID : 43367 - Revision : 1 - Type : BROWSER-FIREFOX |
| 2016-10-25 | Mozilla Firefox file type memory corruption attempt RuleID : 40280 - Revision : 1 - Type : BROWSER-FIREFOX |
| 2015-09-08 | Mozilla Firefox InstallWrapper error handling code execution attempt RuleID : 35461 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2015-09-08 | Mozilla Firefox InstallWrapper error handling code execution attempt RuleID : 35460 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2015-03-27 | Mozilla Firefox 3 xsl parsing heap overflow attempt RuleID : 33566 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2014-05-08 | Mozilla Firefox nsTreeRange Use After Free attempt RuleID : 30486 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2014-05-08 | Mozilla Firefox nsTreeRange Use After Free attempt RuleID : 30485 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2014-03-08 | Mozilla Array.reduceRight integer overflow attempt RuleID : 29625 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2014-03-08 | Mozilla Array.reduceRight integer overflow attempt RuleID : 29624 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2014-03-08 | Mozilla Firefox nsTreeRange Use After Free attempt RuleID : 29617 - Revision : 4 - Type : BROWSER-FIREFOX |
| 2014-03-06 | Mozilla Firefox SVG data processing obfuscated memory corruption attempt RuleID : 29580 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2014-03-06 | Mozilla Firefox browser engine memory corruption attempt RuleID : 29579 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29546 - Revision : 4 - Type : FILE-MULTIMEDIA |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29545 - Revision : 4 - Type : FILE-MULTIMEDIA |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29544 - Revision : 4 - Type : FILE-MULTIMEDIA |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29543 - Revision : 4 - Type : FILE-MULTIMEDIA |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29542 - Revision : 3 - Type : FILE-MULTIMEDIA |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29541 - Revision : 3 - Type : FILE-MULTIMEDIA |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29540 - Revision : 3 - Type : FILE-MULTIMEDIA |
| 2014-03-06 | WAV processing buffer overflow attempt RuleID : 29539 - Revision : 3 - Type : FILE-MULTIMEDIA |
| 2014-03-06 | Mozilla Products SVG text content element getCharNumAtPosition use after free... RuleID : 29503 - Revision : 4 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox 3.5 unicode stack overflow attempt RuleID : 26188 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla products Ogg Vorbis decoding memory corruption attempt RuleID : 25298 - Revision : 6 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Mozilla products Ogg Vorbis decoding memory corruption attempt RuleID : 25297 - Revision : 8 - Type : FILE-MULTIMEDIA |
| 2014-01-10 | Mozilla Firefox Javascript arbitrary memory reading attempt RuleID : 25292 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox Javascript arbitrary memory reading attempt RuleID : 25291 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox Javascript arbitrary memory reading attempt RuleID : 25290 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox Javascript arbitrary memory reading attempt RuleID : 25289 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2014-01-10 | appendChild multiple parent nodes stack corruption attempt RuleID : 25233 - Revision : 5 - Type : BROWSER-FIREFOX |
| 2014-01-10 | appendChild multiple parent nodes stack corruption attempt RuleID : 25232 - Revision : 5 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox iframe and xul element reload crash attempt RuleID : 25228 - Revision : 7 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox iframe and xul element reload crash attempt RuleID : 25227 - Revision : 6 - Type : BROWSER-FIREFOX |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 25066 - Revision : 4 - Type : FILE-IMAGE |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 25065 - Revision : 5 - Type : FILE-IMAGE |
| 2014-01-10 | Mozilla Firefox onChannelRedirect method attempt RuleID : 24994 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox IDB use-after-free attempt RuleID : 24574 - Revision : 10 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox IDB use-after-free attempt RuleID : 24573 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox IDB use-after-free attempt RuleID : 24572 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox IDB use-after-free attempt RuleID : 24571 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox IDB use-after-free attempt RuleID : 24570 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Multiple Products xdomain object information disclosure attempt RuleID : 24387 - Revision : 4 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Multiple Products xdomain object information disclosure attempt RuleID : 24386 - Revision : 4 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Array.reduceRight integer overflow RuleID : 24188 - Revision : 4 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Array.reduceRight integer overflow RuleID : 24187 - Revision : 4 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Multiple Products table frames memory corruption attempt RuleID : 23790 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Multiple Products table frames memory corruption attempt RuleID : 23789 - Revision : 11 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox resource URL handling directory traversal attempt RuleID : 23625 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox use-after free remote code execution attempt RuleID : 23445 - Revision : 7 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox IDB use-after-free attempt RuleID : 23212 - Revision : 10 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox nSSVGValue memory corruption attempt RuleID : 23054 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 22109 - Revision : 10 - Type : FILE-IMAGE |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 22108 - Revision : 10 - Type : FILE-IMAGE |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 22107 - Revision : 10 - Type : FILE-IMAGE |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 22106 - Revision : 11 - Type : FILE-IMAGE |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 22105 - Revision : 12 - Type : FILE-IMAGE |
| 2014-01-10 | libpng chunk decompression integer overflow attempt RuleID : 22104 - Revision : 11 - Type : FILE-IMAGE |
| 2014-01-10 | Phoenix exploit kit post-compromise behavior RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC |
| 2014-01-10 | Phoenix exploit kit landing page RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT |
| 2014-01-10 | Mozilla Firefox appendChild use-after-free attempt RuleID : 21363 - Revision : 7 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Multiple Products MozOrientation loading attempt RuleID : 21191 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Multiple Products MozOrientation loading attempt RuleID : 21190 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | multiple products GeckoActiveX COM object recon attempt RuleID : 21165 - Revision : 4 - Type : FILE-OTHER |
| 2014-01-10 | Mozilla Products SVG text content element getCharNumAtPosition use after free... RuleID : 20600 - Revision : 11 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla multiple content-disposition headers malicious redirect attempt RuleID : 20586 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla multiple content-length headers malicious redirect attempt RuleID : 20585 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla multiple content-type headers malicious redirect attempt RuleID : 20584 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla multiple location headers malicious redirect attempt RuleID : 20583 - Revision : 7 - Type : BROWSER-FIREFOX |
| 2014-01-10 | SSL CBC encryption mode weakness brute force attempt RuleID : 20212 - Revision : 11 - Type : SERVER-OTHER |
| 2014-01-10 | Possible generic javascript heap spray attempt RuleID : 20137 - Revision : 12 - Type : INDICATOR-OBFUSCATION |
| 2014-01-10 | Mozilla Firefox nsTreeRange Use After Free attempt RuleID : 20072 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Array.reduceRight integer overflow RuleID : 19714 - Revision : 5 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Array.reduceRight integer overflow RuleID : 19713 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Multiple products dwmapi.dll dll-load exploit attempt RuleID : 19620 - Revision : 13 - Type : FILE-OTHER |
| 2014-01-10 | Multiple products request for dwmapi.dll over SMB attempt RuleID : 19618 - Revision : 13 - Type : FILE-OTHER |
| 2014-01-10 | Mozilla Products nsCSSValue Array Index Integer Overflow RuleID : 19321 - Revision : 11 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox appendChild use-after-free attempt RuleID : 19292 - Revision : 7 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox html tag attributes memory corruption RuleID : 19078 - Revision : 11 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox appendChild use-after-free attempt RuleID : 19077 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox appendChild use-after-free attempt RuleID : 19076 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla EnsureCachedAttrParamArrays integer overflow attempt RuleID : 18809 - Revision : 13 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox JS Web Worker arbitrary code execution attempt RuleID : 18332 - Revision : 6 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Adobe multiple products dwmapi.dll dll-load exploit attempt RuleID : 18330 - Revision : 4 - Type : NETBIOS |
| 2014-01-10 | Adobe multiple products dwmapi.dll dll-load exploit attempt RuleID : 18328 - Revision : 4 - Type : WEB-CLIENT |
| 2014-01-10 | Possible generic javascript heap spray attempt RuleID : 18168 - Revision : 14 - Type : INDICATOR-SHELLCODE |
| 2014-01-10 | Possible generic javascript heap spray attempt RuleID : 18167 - Revision : 14 - Type : INDICATOR-SHELLCODE |
| 2014-01-10 | Mozilla Firefox html tag attributes memory corruption RuleID : 17804 - Revision : 12 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox ClearTextRun exploit attempt RuleID : 17719 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox ConstructFrame with floating first-letter memory corruption a... RuleID : 17642 - Revision : 10 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox browser engine memory corruption attempt RuleID : 17613 - Revision : 11 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox file type memory corruption attempt RuleID : 17603 - Revision : 10 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox file type memory corruption attempt RuleID : 17601 - Revision : 15 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow RuleID : 17519 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox 3 xsl parsing heap overflow attempt RuleID : 17444 - Revision : 12 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox defineSetter function pointer memory corruption attempt RuleID : 17422 - Revision : 12 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox Javascript array.splice memory corruption attempt RuleID : 17399 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox Javascript array.splice memory corruption attempt RuleID : 17398 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox Animated PNG Processing integer overflow attempt RuleID : 17379 - Revision : 14 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox Animated PNG Processing integer overflow attempt RuleID : 17378 - Revision : 15 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox XUL tree element code execution attempt RuleID : 17258 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt RuleID : 17236 - Revision : 12 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla multiple products JavaScript string replace buffer overflow attempt RuleID : 17166 - Revision : 10 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 RuleID : 17154 - Revision : 14 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 RuleID : 17153 - Revision : 14 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox oversized SOCKS5 DNS reply memory corruption attempt RuleID : 16612 - Revision : 5 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox WOFF font processing integer overflow attempt - CFF-based RuleID : 16502 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox WOFF font processing integer overflow attempt RuleID : 16501 - Revision : 10 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox browser engine memory corruption attempt RuleID : 16347 - Revision : 5 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Network Security Services regexp heap overflow attempt RuleID : 16291 - Revision : 13 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox ClearTextRun exploit attempt RuleID : 16284 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox PKCS11 module installation code execution attempt RuleID : 16142 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox JIT escape function memory corruption attempt RuleID : 15997 - Revision : 11 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox location spoofing attempt via invalid window.open characters RuleID : 15873 - Revision : 12 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox defineSetter function pointer memory corruption attempt RuleID : 15872 - Revision : 11 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox 3.5 unicode stack overflow attempt RuleID : 15699 - Revision : 10 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Possible generic javascript heap spray attempt RuleID : 15698 - Revision : 15 - Type : INDICATOR-SHELLCODE |
| 2014-01-10 | Mozilla Firefox 3.5 TraceMonkey JavaScript engine uninitialized memory corrup... RuleID : 15696 - Revision : 4 - Type : SPECIFIC-THREATS |
| 2014-01-10 | Mozilla Firefox 3 xsl parsing heap overflow attempt RuleID : 15431 - Revision : 14 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox SVG data processing memory corruption attempt RuleID : 15428 - Revision : 17 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox animated PNG processing integer overflow RuleID : 15191 - Revision : 11 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-04-03 | Name : The remote web server may allow remote code execution. File : iis_7_pci.nasl - Type : ACT_GATHER_INFO |
| 2018-03-09 | Name : The remote web server is affected by multiple vulnerabilities. File : nginx_0_7_64.nasl - Type : ACT_GATHER_INFO |
| 2017-11-17 | Name : The remote host is affected by a MITM vulnerability. File : fortios_FG-IR-17-137.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0001_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0019_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0013_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0001_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-03-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2012-0005_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0016_remote.nasl - Type : ACT_GATHER_INFO |
| 2016-02-12 | Name : A telephony application running on the remote host is affected by multiple vu... File : asterisk_ast_2016_003.nasl - Type : ACT_GATHER_INFO |
| 2016-02-05 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_559f3d1bcb1d11e580a4001999f8d30b.nasl - Type : ACT_GATHER_INFO |
| 2016-01-25 | Name : The remote Debian host is missing a security update. File : debian_DLA-400.nasl - Type : ACT_GATHER_INFO |
| 2015-08-26 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_40497e81fee34e549d5f175a5c633b73.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2012-1351-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-0306-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3253.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-154.nasl - Type : ACT_GATHER_INFO |
| 2015-01-27 | Name : The remote web server is affected by an information disclosure vulnerability. File : oracle_http_server_cpu_jan_2015_ldap.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_fetchmail_20121016.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_firefox_20120626.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_firefox_20120918.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_firefox_20121210.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_firefox_20130129.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libpng_20130313.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libvorbis_20120626.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libxslt_20140114_2.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_php_20140401.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_php_20140522.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_python_20130410.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_ruby_20130924.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_thunderbird_20120404.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_thunderbird_20120404_2.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_thunderbird_20120626.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_thunderbird_20120814.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_thunderbird_20130129.nasl - Type : ACT_GATHER_INFO |
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_thunderbird_20130313.nasl - Type : ACT_GATHER_INFO |
| 2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO |
| 2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO |
| 2014-12-12 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_2323236_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO |
| 2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0422.nasl - Type : ACT_GATHER_INFO |
| 2014-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13777.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1185.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1200.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1325.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO |
| 2014-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2014-13764.nasl - Type : ACT_GATHER_INFO |
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL10737.nasl - Type : ACT_GATHER_INFO |
| 2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-100.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-101.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-34.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-9.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-120.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-137.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-141.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-142.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-175.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-215.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-254.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-295.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-302.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-333.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-410.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-443.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-465.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-473.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-534.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-538.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-709.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-745.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-76.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-817.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-818.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-819.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-820.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-83.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-92.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-17.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-100727.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-101029.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-101213.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110307.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110622.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110817.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110928.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-111109.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-100721.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-100916.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-101028.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-101213.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110302.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110627.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110826.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110928.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_gnutls-101025.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_gnutls-101206.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-111025.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-sun-111024.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libfreebl3-111108.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-100722.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-101213.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-110302.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_nss-201112-111220.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_opera-101222.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_opera-110906.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-100721.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-100917.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-101028.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-101213.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-110302.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-110819.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-110928.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-111130.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-111221.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-110819.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-110928.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-111110.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-111221.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-120201.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-120213.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-120217.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110314.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110628.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110826.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110928.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-120201.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-120217.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_curl-120124.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-openjdk-111025.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_java-1_6_0-sun-111024.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libfreebl3-111108.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libpng12-120220.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libpng14-120220.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libvorbis-120221.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110307.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110622.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110817.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110928.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-120201.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-120217.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_nss-201112-111220.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_opera-110906.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-110307.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-110429.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-110819.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-110928.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-111130.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-111221.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-120207.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-120213.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-120217.nasl - Type : ACT_GATHER_INFO |
| 2014-04-16 | Name : The remote AIX host is running a vulnerable version of OpenSSL. File : aix_ssl_advisory.nasl - Type : ACT_GATHER_INFO |
| 2014-02-25 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2014-001.nasl - Type : ACT_GATHER_INFO |
| 2014-02-07 | Name : The remote mail server is affected by an information disclosure vulnerability. File : kerio_connect_810.nasl - Type : ACT_GATHER_INFO |
| 2014-01-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-014.nasl - Type : ACT_GATHER_INFO |
| 2013-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-04.nasl - Type : ACT_GATHER_INFO |
| 2013-11-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-13.nasl - Type : ACT_GATHER_INFO |
| 2013-11-14 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-241.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-10-23 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_9.nasl - Type : ACT_GATHER_INFO |
| 2013-10-16 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-10-01 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-220.nasl - Type : ACT_GATHER_INFO |
| 2013-10-01 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-224.nasl - Type : ACT_GATHER_INFO |
| 2013-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-15.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-10.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-108.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-123.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-47.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-49.nasl - Type : ACT_GATHER_INFO |
| 2013-08-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-221.nasl - Type : ACT_GATHER_INFO |
| 2013-07-23 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_2_1_0.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0879.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0882.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0908.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2008-0976.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0977.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0978.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-1036.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-1037.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-0002.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0256.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0257.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-0258.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0315.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0325.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0397.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0398.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0449.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1095.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1096.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-1125.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1134.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1162.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1163.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1184.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1185.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1430.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1530.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1531.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1561.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1579.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1580.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1673.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1674.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0164.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0165.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0167.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0332.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0333.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0339.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0499.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0500.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0501.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0544.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0556.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0557.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0558.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0680.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0681.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0682.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0780.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0781.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0782.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0808.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0809.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0810.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0812.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0862.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0966.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0967.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0968.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0969.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0310.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0311.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0312.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0313.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0374.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0471.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0473.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0474.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0475.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0885.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0886.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0887.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0888.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1164.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1165.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1166.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1167.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1342.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1343.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1344.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1380.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1437.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1438.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1439.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1440.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0079.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0080.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0084.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0085.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0136.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0140.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0141.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0142.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0143.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0317.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0387.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0388.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0515.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0516.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0710.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0715.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1088.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-1089.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1090.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1091.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1210.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-1211.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1265.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1350.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-1351.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1361.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-1362.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1407.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-1413.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1482.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-1483.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1561.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-037.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-645-2.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-690-3.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-701-2.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-717-2.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-717-3.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-728-2.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-728-3.nasl - Type : ACT_GATHER_INFO |
| 2013-03-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-810-3.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a runtime environment that is affected by multi... File : oracle_java_cpu_mar_2010_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2010_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-22 | Name : The remote Unix host contains a programming platform that is affected by mult... File : oracle_java_cpu_oct_2011_unix.nasl - Type : ACT_GATHER_INFO |
| 2013-02-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2626.nasl - Type : ACT_GATHER_INFO |
| 2013-02-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2013-0001.nasl - Type : ACT_GATHER_INFO |
| 2013-02-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1681-4.nasl - Type : ACT_GATHER_INFO |
| 2013-01-31 | Name : The remote host has software installed that is potentially affected by an int... File : ibm_informix_genero_2_41.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-120611.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaThunderbird-090915.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201207-120719.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201208-120831.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201210-121015.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201210b-121029.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20121121-121123.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201301-130110.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ70637.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ72510.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ72515.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ72528.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ72834.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ72835.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ72836.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ72837.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1190.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1207.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0880.nasl - Type : ACT_GATHER_INFO |
| 2013-01-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1681-3.nasl - Type : ACT_GATHER_INFO |
| 2013-01-20 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-201301-8426.nasl - Type : ACT_GATHER_INFO |
| 2013-01-15 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_18_0.nasl - Type : ACT_GATHER_INFO |
| 2013-01-15 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_180.nasl - Type : ACT_GATHER_INFO |
| 2013-01-15 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_215.nasl - Type : ACT_GATHER_INFO |
| 2013-01-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a4ed66325aa911e28fcbc8600054b392.nasl - Type : ACT_GATHER_INFO |
| 2013-01-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1681-1.nasl - Type : ACT_GATHER_INFO |
| 2013-01-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1681-2.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
| 2012-12-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2588.nasl - Type : ACT_GATHER_INFO |
| 2012-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2012-15716.nasl - Type : ACT_GATHER_INFO |
| 2012-12-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2583.nasl - Type : ACT_GATHER_INFO |
| 2012-12-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2584.nasl - Type : ACT_GATHER_INFO |
| 2012-12-04 | Name : The remote Fedora host is missing a security update. File : fedora_2012-18894.nasl - Type : ACT_GATHER_INFO |
| 2012-12-04 | Name : The remote Fedora host is missing a security update. File : fedora_2012-18931.nasl - Type : ACT_GATHER_INFO |
| 2012-12-04 | Name : The remote Fedora host is missing a security update. File : fedora_2012-18952.nasl - Type : ACT_GATHER_INFO |
| 2012-12-04 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1638-3.nasl - Type : ACT_GATHER_INFO |
| 2012-11-29 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-20121121-8381.nasl - Type : ACT_GATHER_INFO |
| 2012-11-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1482.nasl - Type : ACT_GATHER_INFO |
| 2012-11-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-1483.nasl - Type : ACT_GATHER_INFO |
| 2012-11-23 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121120_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-11-23 | Name : The remote Scientific Linux host is missing a security update. File : sl_20121120_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-11-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1636-1.nasl - Type : ACT_GATHER_INFO |
| 2012-11-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1638-1.nasl - Type : ACT_GATHER_INFO |
| 2012-11-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1638-2.nasl - Type : ACT_GATHER_INFO |
| 2012-11-21 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_d23119df335d11e2b64cc8600054b392.nasl - Type : ACT_GATHER_INFO |
| 2012-11-21 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_10_0_11.nasl - Type : ACT_GATHER_INFO |
| 2012-11-21 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_17_0.nasl - Type : ACT_GATHER_INFO |
| 2012-11-21 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_10_0_11.nasl - Type : ACT_GATHER_INFO |
| 2012-11-21 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0.nasl - Type : ACT_GATHER_INFO |
| 2012-11-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_10011.nasl - Type : ACT_GATHER_INFO |
| 2012-11-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_170.nasl - Type : ACT_GATHER_INFO |
| 2012-11-21 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_10011.nasl - Type : ACT_GATHER_INFO |
| 2012-11-21 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_170.nasl - Type : ACT_GATHER_INFO |
| 2012-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1482.nasl - Type : ACT_GATHER_INFO |
| 2012-11-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1483.nasl - Type : ACT_GATHER_INFO |
| 2012-11-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_214.nasl - Type : ACT_GATHER_INFO |
| 2012-11-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0016.nasl - Type : ACT_GATHER_INFO |
| 2012-11-14 | Name : The remote Fedora host is missing a security update. File : fedora_2012-17841.nasl - Type : ACT_GATHER_INFO |
| 2012-11-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2572.nasl - Type : ACT_GATHER_INFO |
| 2012-11-05 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090722_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-11-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090722_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-11-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-201210b-8348.nasl - Type : ACT_GATHER_INFO |
| 2012-10-31 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-1413.nasl - Type : ACT_GATHER_INFO |
| 2012-10-31 | Name : The remote Scientific Linux host is missing a security update. File : sl_20121029_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-10-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2569.nasl - Type : ACT_GATHER_INFO |
| 2012-10-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1413.nasl - Type : ACT_GATHER_INFO |
| 2012-10-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1620-2.nasl - Type : ACT_GATHER_INFO |
| 2012-10-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1407.nasl - Type : ACT_GATHER_INFO |
| 2012-10-29 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6b3b1b97207c11e2a03fc8600054b392.nasl - Type : ACT_GATHER_INFO |
| 2012-10-29 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_10_0_10.nasl - Type : ACT_GATHER_INFO |
| 2012-10-29 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_16_0_2.nasl - Type : ACT_GATHER_INFO |
| 2012-10-29 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_10_0_10.nasl - Type : ACT_GATHER_INFO |
| 2012-10-29 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_16_0_2.nasl - Type : ACT_GATHER_INFO |
| 2012-10-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_10010.nasl - Type : ACT_GATHER_INFO |
| 2012-10-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1602.nasl - Type : ACT_GATHER_INFO |
| 2012-10-29 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_10010.nasl - Type : ACT_GATHER_INFO |
| 2012-10-29 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1602.nasl - Type : ACT_GATHER_INFO |
| 2012-10-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1407.nasl - Type : ACT_GATHER_INFO |
| 2012-10-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_2132.nasl - Type : ACT_GATHER_INFO |
| 2012-10-29 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1620-1.nasl - Type : ACT_GATHER_INFO |
| 2012-10-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2565.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_10_0_8.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_10_0_9.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_16_0.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_16_0_1.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Mac OS X host contains a mail client that is affected by multiple ... File : macosx_thunderbird_10_0_8.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_10_0_9.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Mac OS X host contains a mail client that is affected by multiple ... File : macosx_thunderbird_16_0.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_16_0_1.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1008.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1009.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_160.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1601.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_1008.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1009.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_160.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1601.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : A web browser on the remote host is affected by multiple flaws. File : seamonkey_213.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_2131.nasl - Type : ACT_GATHER_INFO |
| 2012-10-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-201210-8327.nasl - Type : ACT_GATHER_INFO |
| 2012-10-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121012_xulrunner_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-10-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1361.nasl - Type : ACT_GATHER_INFO |
| 2012-10-15 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-1362.nasl - Type : ACT_GATHER_INFO |
| 2012-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1361.nasl - Type : ACT_GATHER_INFO |
| 2012-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1362.nasl - Type : ACT_GATHER_INFO |
| 2012-10-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1611-1.nasl - Type : ACT_GATHER_INFO |
| 2012-10-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-164.nasl - Type : ACT_GATHER_INFO |
| 2012-10-12 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1608-1.nasl - Type : ACT_GATHER_INFO |
| 2012-10-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1350.nasl - Type : ACT_GATHER_INFO |
| 2012-10-11 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-1351.nasl - Type : ACT_GATHER_INFO |
| 2012-10-11 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6e5a9afd12d311e2b47dc8600054b392.nasl - Type : ACT_GATHER_INFO |
| 2012-10-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121009_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-10-11 | Name : The remote Scientific Linux host is missing a security update. File : sl_20121009_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-10-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1350.nasl - Type : ACT_GATHER_INFO |
| 2012-10-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1351.nasl - Type : ACT_GATHER_INFO |
| 2012-10-10 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1600-1.nasl - Type : ACT_GATHER_INFO |
| 2012-10-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2556.nasl - Type : ACT_GATHER_INFO |
| 2012-10-05 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1595-1.nasl - Type : ACT_GATHER_INFO |
| 2012-09-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1551-2.nasl - Type : ACT_GATHER_INFO |
| 2012-09-27 | Name : The remote device is affected by multiple vulnerabilities. File : appletv_5_1.nasl - Type : ACT_GATHER_INFO |
| 2012-09-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2554.nasl - Type : ACT_GATHER_INFO |
| 2012-09-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-14048.nasl - Type : ACT_GATHER_INFO |
| 2012-09-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-14083.nasl - Type : ACT_GATHER_INFO |
| 2012-09-26 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_98690c45036111e2a391000c29033c32.nasl - Type : ACT_GATHER_INFO |
| 2012-09-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2553.nasl - Type : ACT_GATHER_INFO |
| 2012-09-20 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_10_7_5.nasl - Type : ACT_GATHER_INFO |
| 2012-09-20 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-004.nasl - Type : ACT_GATHER_INFO |
| 2012-09-15 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120913_libxslt_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-09-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1265.nasl - Type : ACT_GATHER_INFO |
| 2012-09-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1265.nasl - Type : ACT_GATHER_INFO |
| 2012-09-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-201208-8269.nasl - Type : ACT_GATHER_INFO |
| 2012-09-12 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1548-2.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-141.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-142.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-192.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-018.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-097.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-110.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-145.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-147.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-149.nasl - Type : ACT_GATHER_INFO |
| 2012-08-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2b8cad90f28911e1a21514dae9ebcf89.nasl - Type : ACT_GATHER_INFO |
| 2012-08-31 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1551-1.nasl - Type : ACT_GATHER_INFO |
| 2012-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1210.nasl - Type : ACT_GATHER_INFO |
| 2012-08-30 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-1211.nasl - Type : ACT_GATHER_INFO |
| 2012-08-30 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_18ce9a90f26911e1be53080027ef73ec.nasl - Type : ACT_GATHER_INFO |
| 2012-08-30 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120829_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-30 | Name : The remote Scientific Linux host is missing a security update. File : sl_20120829_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1548-1.nasl - Type : ACT_GATHER_INFO |
| 2012-08-29 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_10_0_7.nasl - Type : ACT_GATHER_INFO |
| 2012-08-29 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_15_0.nasl - Type : ACT_GATHER_INFO |
| 2012-08-29 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_10_0_7.nasl - Type : ACT_GATHER_INFO |
| 2012-08-29 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_15_0.nasl - Type : ACT_GATHER_INFO |
| 2012-08-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1007.nasl - Type : ACT_GATHER_INFO |
| 2012-08-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_150.nasl - Type : ACT_GATHER_INFO |
| 2012-08-29 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1007.nasl - Type : ACT_GATHER_INFO |
| 2012-08-29 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_150.nasl - Type : ACT_GATHER_INFO |
| 2012-08-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1210.nasl - Type : ACT_GATHER_INFO |
| 2012-08-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1211.nasl - Type : ACT_GATHER_INFO |
| 2012-08-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_212.nasl - Type : ACT_GATHER_INFO |
| 2012-08-22 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1540-2.nasl - Type : ACT_GATHER_INFO |
| 2012-08-17 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1540-1.nasl - Type : ACT_GATHER_INFO |
| 2012-08-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2528.nasl - Type : ACT_GATHER_INFO |
| 2012-08-03 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_dbf338d0dce511e1b65514dae9ebcf89.nasl - Type : ACT_GATHER_INFO |
| 2012-08-03 | Name : The remote host has an application installed that is affected by multiple vul... File : macosx_xcode_4_4.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080923_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080923_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20081001_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081112_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081112_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20081119_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081216_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081216_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090107_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090204_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090204_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090304_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090304_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090324_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090421_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090421_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090611_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090611_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090625_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090630_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090723_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090723_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090723_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090728_seamonkey_on_SL3_0.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090730_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090731_nspr_and_nss_for_SL_4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090731_nspr_and_nss_for_SL_5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090909_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090909_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091027_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091027_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091109_libvorbis_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091111_httpd_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091215_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091216_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100217_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_gnutls_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_nss_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100325_openssl097a_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100325_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100330_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100330_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100330_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100331_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100331_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100622_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100622_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100622_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100714_libpng_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100720_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100720_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100720_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100720_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100907_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100907_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100907_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101013_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101014_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101019_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101019_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20101019_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20101027_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101027_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101027_xulrunner_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_firefox_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_nss_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20101117_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101209_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101209_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20101209_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110301_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110301_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110301_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110301_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110428_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110428_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110428_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110428_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110621_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110621_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110621_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110621_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110816_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110816_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110816_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110816_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111018_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111019_java_1_6_0_sun_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111108_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111108_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111108_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111108_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120131_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120131_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120201_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120201_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120215_libvorbis_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120216_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120216_xulrunner_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120220_libpng_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120314_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120314_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120424_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120424_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120605_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120606_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120717_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120717_nss__nspr__and_nss_util_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120717_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120717_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-07-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-201207-8226.nasl - Type : ACT_GATHER_INFO |
| 2012-07-19 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_10_0_6.nasl - Type : ACT_GATHER_INFO |
| 2012-07-19 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_14_0.nasl - Type : ACT_GATHER_INFO |
| 2012-07-19 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_10_0_6.nasl - Type : ACT_GATHER_INFO |
| 2012-07-19 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_14_0.nasl - Type : ACT_GATHER_INFO |
| 2012-07-19 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1006.nasl - Type : ACT_GATHER_INFO |
| 2012-07-19 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_140.nasl - Type : ACT_GATHER_INFO |
| 2012-07-19 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1006.nasl - Type : ACT_GATHER_INFO |
| 2012-07-19 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_140.nasl - Type : ACT_GATHER_INFO |
| 2012-07-19 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_211.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1088.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-1089.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1090.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1091.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2513.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2514.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1088.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1089.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1090.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1091.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1509-1.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1509-2.nasl - Type : ACT_GATHER_INFO |
| 2012-07-18 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1510-1.nasl - Type : ACT_GATHER_INFO |
| 2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2488.nasl - Type : ACT_GATHER_INFO |
| 2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2489.nasl - Type : ACT_GATHER_INFO |
| 2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2490.nasl - Type : ACT_GATHER_INFO |
| 2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2499.nasl - Type : ACT_GATHER_INFO |
| 2012-06-27 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1463-6.nasl - Type : ACT_GATHER_INFO |
| 2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-15.nasl - Type : ACT_GATHER_INFO |
| 2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-18.nasl - Type : ACT_GATHER_INFO |
| 2012-06-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-088.nasl - Type : ACT_GATHER_INFO |
| 2012-06-22 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1463-4.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-22.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-24.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201205-03.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-096.nasl - Type : ACT_GATHER_INFO |
| 2012-06-21 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1463-3.nasl - Type : ACT_GATHER_INFO |
| 2012-06-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-9135.nasl - Type : ACT_GATHER_INFO |
| 2012-06-15 | Name : The remote Windows host contains software that is affected by multiple vulner... File : hp_systems_insight_manager_700_multiple_vulns.nasl - Type : ACT_GATHER_INFO |
| 2012-06-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-8189.nasl - Type : ACT_GATHER_INFO |
| 2012-06-08 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0715.nasl - Type : ACT_GATHER_INFO |
| 2012-06-07 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0710.nasl - Type : ACT_GATHER_INFO |
| 2012-06-07 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_10_0_5.nasl - Type : ACT_GATHER_INFO |
| 2012-06-07 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_13_0.nasl - Type : ACT_GATHER_INFO |
| 2012-06-07 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_10_0_5.nasl - Type : ACT_GATHER_INFO |
| 2012-06-07 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_13_0.nasl - Type : ACT_GATHER_INFO |
| 2012-06-07 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1005.nasl - Type : ACT_GATHER_INFO |
| 2012-06-07 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_130.nasl - Type : ACT_GATHER_INFO |
| 2012-06-07 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1005.nasl - Type : ACT_GATHER_INFO |
| 2012-06-07 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_130.nasl - Type : ACT_GATHER_INFO |
| 2012-06-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0715.nasl - Type : ACT_GATHER_INFO |
| 2012-06-07 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_210.nasl - Type : ACT_GATHER_INFO |
| 2012-06-07 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1463-1.nasl - Type : ACT_GATHER_INFO |
| 2012-06-06 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_bfecf7c1af4711e195804061862b8c22.nasl - Type : ACT_GATHER_INFO |
| 2012-06-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0710.nasl - Type : ACT_GATHER_INFO |
| 2012-06-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox10-201205-8154.nasl - Type : ACT_GATHER_INFO |
| 2012-05-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7036.nasl - Type : ACT_GATHER_INFO |
| 2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_7_4.nasl - Type : ACT_GATHER_INFO |
| 2012-05-10 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-002.nasl - Type : ACT_GATHER_INFO |
| 2012-05-07 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5785.nasl - Type : ACT_GATHER_INFO |
| 2012-05-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-5924.nasl - Type : ACT_GATHER_INFO |
| 2012-05-07 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1430-3.nasl - Type : ACT_GATHER_INFO |
| 2012-05-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2464.nasl - Type : ACT_GATHER_INFO |
| 2012-05-04 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5916.nasl - Type : ACT_GATHER_INFO |
| 2012-05-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201204-120426.nasl - Type : ACT_GATHER_INFO |
| 2012-05-02 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2012-5892.nasl - Type : ACT_GATHER_INFO |
| 2012-04-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-066.nasl - Type : ACT_GATHER_INFO |
| 2012-04-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1430-1.nasl - Type : ACT_GATHER_INFO |
| 2012-04-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1430-2.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_10_0_4.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_12_0.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_10_0_4.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_12_0.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1004.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_120.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1004.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_120.nasl - Type : ACT_GATHER_INFO |
| 2012-04-27 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_29.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0515.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0516.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2457.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2458.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_380e8c568e3211e195804061862b8c22.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0515.nasl - Type : ACT_GATHER_INFO |
| 2012-04-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0516.nasl - Type : ACT_GATHER_INFO |
| 2012-04-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0508.nasl - Type : ACT_GATHER_INFO |
| 2012-04-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1400-5.nasl - Type : ACT_GATHER_INFO |
| 2012-04-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-032.nasl - Type : ACT_GATHER_INFO |
| 2012-04-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-058.nasl - Type : ACT_GATHER_INFO |
| 2012-04-16 | Name : It may be possible to obtain sensitive information from the remote host with ... File : ssl3_tls1_iv_impl_info_disclosure.nasl - Type : ACT_GATHER_INFO |
| 2012-04-12 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4910.nasl - Type : ACT_GATHER_INFO |
| 2012-04-09 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5068.nasl - Type : ACT_GATHER_INFO |
| 2012-04-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-052.nasl - Type : ACT_GATHER_INFO |
| 2012-04-04 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1400-4.nasl - Type : ACT_GATHER_INFO |
| 2012-04-02 | Name : The remote Fedora host is missing a security update. File : fedora_2012-5028.nasl - Type : ACT_GATHER_INFO |
| 2012-03-30 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_18_0_1025_142.nasl - Type : ACT_GATHER_INFO |
| 2012-03-29 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_b8f0a391791011e18a4300262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2012-03-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-120320.nasl - Type : ACT_GATHER_INFO |
| 2012-03-29 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-201203-8029.nasl - Type : ACT_GATHER_INFO |
| 2012-03-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1401-2.nasl - Type : ACT_GATHER_INFO |
| 2012-03-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2437.nasl - Type : ACT_GATHER_INFO |
| 2012-03-22 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1400-3.nasl - Type : ACT_GATHER_INFO |
| 2012-03-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1401-1.nasl - Type : ACT_GATHER_INFO |
| 2012-03-19 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1400-1.nasl - Type : ACT_GATHER_INFO |
| 2012-03-19 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1400-2.nasl - Type : ACT_GATHER_INFO |
| 2012-03-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2433.nasl - Type : ACT_GATHER_INFO |
| 2012-03-16 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0005.nasl - Type : ACT_GATHER_INFO |
| 2012-03-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0387.nasl - Type : ACT_GATHER_INFO |
| 2012-03-15 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0388.nasl - Type : ACT_GATHER_INFO |
| 2012-03-15 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a1050b8b6db311e18b370011856a6e37.nasl - Type : ACT_GATHER_INFO |
| 2012-03-15 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_10_0_3.nasl - Type : ACT_GATHER_INFO |
| 2012-03-15 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_3_6_28.nasl - Type : ACT_GATHER_INFO |
| 2012-03-15 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_10_0_3.nasl - Type : ACT_GATHER_INFO |
| 2012-03-15 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_3_1_20.nasl - Type : ACT_GATHER_INFO |
| 2012-03-15 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1003.nasl - Type : ACT_GATHER_INFO |
| 2012-03-15 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3628.nasl - Type : ACT_GATHER_INFO |
| 2012-03-15 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1003.nasl - Type : ACT_GATHER_INFO |
| 2012-03-15 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_3120.nasl - Type : ACT_GATHER_INFO |
| 2012-03-15 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_28.nasl - Type : ACT_GATHER_INFO |
| 2012-03-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0387.nasl - Type : ACT_GATHER_INFO |
| 2012-03-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0388.nasl - Type : ACT_GATHER_INFO |
| 2012-03-09 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2012-0003.nasl - Type : ACT_GATHER_INFO |
| 2012-03-07 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1845.nasl - Type : ACT_GATHER_INFO |
| 2012-03-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-02.nasl - Type : ACT_GATHER_INFO |
| 2012-03-02 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1800.nasl - Type : ACT_GATHER_INFO |
| 2012-03-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libvorbis-120221.nasl - Type : ACT_GATHER_INFO |
| 2012-03-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libvorbis-7984.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1794.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1892.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1930.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote Fedora host is missing a security update. File : fedora_2012-2003.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote Fedora host is missing a security update. File : fedora_2012-2008.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote Fedora host is missing a security update. File : fedora_2012-2028.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-120223.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpng-devel-120221.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-7980.nasl - Type : ACT_GATHER_INFO |
| 2012-02-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-120220.nasl - Type : ACT_GATHER_INFO |
| 2012-02-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-120105.nasl - Type : ACT_GATHER_INFO |
| 2012-02-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner192-120220.nasl - Type : ACT_GATHER_INFO |
| 2012-02-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7981.nasl - Type : ACT_GATHER_INFO |
| 2012-02-23 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1844.nasl - Type : ACT_GATHER_INFO |
| 2012-02-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-022.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0140.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0317.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1922.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_10_0_1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_10_0_2.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_3_6_27.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_10_0_1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_10_0_2.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_3_1_19.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0317.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1370-1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2412.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1856.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_d7dbd2db599c11e1a2fb14dae9ebcf89.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1367-2.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1367-3.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1367-4.nasl - Type : ACT_GATHER_INFO |
| 2012-02-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1369-1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0141.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0142.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0143.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Fedora host is missing a security update. File : fedora_2012-1652.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1002.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_3627.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1002.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_3119.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0140.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0141.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-0142.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0143.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Windows host contains a web browser that is affected by an integer... File : seamonkey_272.nasl - Type : ACT_GATHER_INFO |
| 2012-02-17 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1367-1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0136.nasl - Type : ACT_GATHER_INFO |
| 2012-02-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2410.nasl - Type : ACT_GATHER_INFO |
| 2012-02-16 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_2f5ff968582911e1828800262d5ed8ee.nasl - Type : ACT_GATHER_INFO |
| 2012-02-16 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_17_0_963_56.nasl - Type : ACT_GATHER_INFO |
| 2012-02-16 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-120213.nasl - Type : ACT_GATHER_INFO |
| 2012-02-16 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-120214.nasl - Type : ACT_GATHER_INFO |
| 2012-02-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0136.nasl - Type : ACT_GATHER_INFO |
| 2012-02-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1360-1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_eba9aa94549c11e1b6b70011856a6e37.nasl - Type : ACT_GATHER_INFO |
| 2012-02-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-017.nasl - Type : ACT_GATHER_INFO |
| 2012-02-13 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1001.nasl - Type : ACT_GATHER_INFO |
| 2012-02-13 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1001.nasl - Type : ACT_GATHER_INFO |
| 2012-02-13 | Name : The remote Windows host contains a web browser that is affected by a memory c... File : seamonkey_271.nasl - Type : ACT_GATHER_INFO |
| 2012-02-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2406.nasl - Type : ACT_GATHER_INFO |
| 2012-02-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner192-120206.nasl - Type : ACT_GATHER_INFO |
| 2012-02-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1350-1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1353-1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7949.nasl - Type : ACT_GATHER_INFO |
| 2012-02-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-013.nasl - Type : ACT_GATHER_INFO |
| 2012-02-06 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-10-120202.nasl - Type : ACT_GATHER_INFO |
| 2012-02-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1355-1.nasl - Type : ACT_GATHER_INFO |
| 2012-02-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1355-2.nasl - Type : ACT_GATHER_INFO |
| 2012-02-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1355-3.nasl - Type : ACT_GATHER_INFO |
| 2012-02-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2400.nasl - Type : ACT_GATHER_INFO |
| 2012-02-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2402.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0079.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0080.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0084.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2012-0085.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0a9e2b724cb711e1914614dae9ebcf89.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes several security vuln... File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0084.nasl - Type : ACT_GATHER_INFO |
| 2012-02-02 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-0085.nasl - Type : ACT_GATHER_INFO |
| 2012-02-01 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_10_0.nasl - Type : ACT_GATHER_INFO |
| 2012-02-01 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_3_6_26.nasl - Type : ACT_GATHER_INFO |
| 2012-02-01 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_10_0.nasl - Type : ACT_GATHER_INFO |
| 2012-02-01 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_3_1_18.nasl - Type : ACT_GATHER_INFO |
| 2012-02-01 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_100.nasl - Type : ACT_GATHER_INFO |
| 2012-02-01 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_3626.nasl - Type : ACT_GATHER_INFO |
| 2012-02-01 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_100.nasl - Type : ACT_GATHER_INFO |
| 2012-02-01 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_3118.nasl - Type : ACT_GATHER_INFO |
| 2012-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0079.nasl - Type : ACT_GATHER_INFO |
| 2012-02-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0080.nasl - Type : ACT_GATHER_INFO |
| 2012-02-01 | Name : The remote Windows host contains a web browser that is affected by several vu... File : seamonkey_27.nasl - Type : ACT_GATHER_INFO |
| 2012-01-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2398.nasl - Type : ACT_GATHER_INFO |
| 2012-01-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-7908.nasl - Type : ACT_GATHER_INFO |
| 2012-01-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1263-2.nasl - Type : ACT_GATHER_INFO |
| 2012-01-25 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1343-1.nasl - Type : ACT_GATHER_INFO |
| 2012-01-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-7926.nasl - Type : ACT_GATHER_INFO |
| 2012-01-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-17399.nasl - Type : ACT_GATHER_INFO |
| 2012-01-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0034.nasl - Type : ACT_GATHER_INFO |
| 2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2358.nasl - Type : ACT_GATHER_INFO |
| 2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2368.nasl - Type : ACT_GATHER_INFO |
| 2012-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0006.nasl - Type : ACT_GATHER_INFO |
| 2012-01-10 | Name : It may be possibe to obtain sensitive information from the remote Windows hos... File : smb_nt_ms12-006.nasl - Type : ACT_GATHER_INFO |
| 2012-01-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1306-1.nasl - Type : ACT_GATHER_INFO |
| 2012-01-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1306-2.nasl - Type : ACT_GATHER_INFO |
| 2011-12-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-17400.nasl - Type : ACT_GATHER_INFO |
| 2011-12-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1254-1.nasl - Type : ACT_GATHER_INFO |
| 2011-12-21 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e3ff776b2ba611e193c60011856a6e37.nasl - Type : ACT_GATHER_INFO |
| 2011-12-21 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_9_0.nasl - Type : ACT_GATHER_INFO |
| 2011-12-21 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_9_0.nasl - Type : ACT_GATHER_INFO |
| 2011-12-20 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_90.nasl - Type : ACT_GATHER_INFO |
| 2011-12-20 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_90.nasl - Type : ACT_GATHER_INFO |
| 2011-12-20 | Name : The remote Windows host contains a web browser that is affected by several vu... File : seamonkey_26.nasl - Type : ACT_GATHER_INFO |
| 2011-12-15 | Name : The remote Windows host contains a web browser that is affected by an informa... File : mozilla_firefox_40.nasl - Type : ACT_GATHER_INFO |
| 2011-12-15 | Name : The remote Windows host contains a web browser that may be affected by an inf... File : seamonkey_21.nasl - Type : ACT_GATHER_INFO |
| 2011-12-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a4a809d825c811e1b53100215c6a37bb.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-111004.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-111114.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7421.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7490.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7596.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7713.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7784.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7645.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner191-7492.nasl - Type : ACT_GATHER_INFO |
| 2011-12-07 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1160.nasl - Type : ACT_GATHER_INFO |
| 2011-12-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2356.nasl - Type : ACT_GATHER_INFO |
| 2011-11-29 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1282-1.nasl - Type : ACT_GATHER_INFO |
| 2011-11-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1277-1.nasl - Type : ACT_GATHER_INFO |
| 2011-11-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1277-2.nasl - Type : ACT_GATHER_INFO |
| 2011-11-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1263-1.nasl - Type : ACT_GATHER_INFO |
| 2011-11-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1437.nasl - Type : ACT_GATHER_INFO |
| 2011-11-14 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-1438.nasl - Type : ACT_GATHER_INFO |
| 2011-11-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1440.nasl - Type : ACT_GATHER_INFO |
| 2011-11-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2345.nasl - Type : ACT_GATHER_INFO |
| 2011-11-14 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15555.nasl - Type : ACT_GATHER_INFO |
| 2011-11-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-170.nasl - Type : ACT_GATHER_INFO |
| 2011-11-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1251-1.nasl - Type : ACT_GATHER_INFO |
| 2011-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2341.nasl - Type : ACT_GATHER_INFO |
| 2011-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2342.nasl - Type : ACT_GATHER_INFO |
| 2011-11-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6c8ad3e80a3011e195804061862b8c22.nasl - Type : ACT_GATHER_INFO |
| 2011-11-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-169.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_3_6_24.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_8_0.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote host has a version of Java installed that is affected by multiple ... File : macosx_java_10_6_update6.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote host has a version of Java installed that is affected by multiple ... File : macosx_java_10_7_update1.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_3_1_16.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote Mac OS X host contains an email client that is potentially affecte... File : macosx_thunderbird_8_0.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_3624.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_80.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_3116.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_80.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1437.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-1438.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1439.nasl - Type : ACT_GATHER_INFO |
| 2011-11-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1440.nasl - Type : ACT_GATHER_INFO |
| 2011-11-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2339.nasl - Type : ACT_GATHER_INFO |
| 2011-11-07 | Name : The remote Fedora host is missing a security update. File : fedora_2011-15020.nasl - Type : ACT_GATHER_INFO |
| 2011-11-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-02.nasl - Type : ACT_GATHER_INFO |
| 2011-11-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-162.nasl - Type : ACT_GATHER_INFO |
| 2011-10-28 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0013.nasl - Type : ACT_GATHER_INFO |
| 2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7783.nasl - Type : ACT_GATHER_INFO |
| 2011-10-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1380.nasl - Type : ACT_GATHER_INFO |
| 2011-10-20 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2011.nasl - Type : ACT_GATHER_INFO |
| 2011-10-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1384.nasl - Type : ACT_GATHER_INFO |
| 2011-10-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1192-3.nasl - Type : ACT_GATHER_INFO |
| 2011-10-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1380.nasl - Type : ACT_GATHER_INFO |
| 2011-10-13 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari5_1_1.nasl - Type : ACT_GATHER_INFO |
| 2011-10-13 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_5_1_1.nasl - Type : ACT_GATHER_INFO |
| 2011-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-05.nasl - Type : ACT_GATHER_INFO |
| 2011-10-12 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_5.nasl - Type : ACT_GATHER_INFO |
| 2011-10-12 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_5_banner.nasl - Type : ACT_GATHER_INFO |
| 2011-10-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2317.nasl - Type : ACT_GATHER_INFO |
| 2011-10-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1222-2.nasl - Type : ACT_GATHER_INFO |
| 2011-10-03 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_3_6_23.nasl - Type : ACT_GATHER_INFO |
| 2011-10-03 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_7_0.nasl - Type : ACT_GATHER_INFO |
| 2011-10-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-139.nasl - Type : ACT_GATHER_INFO |
| 2011-10-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-140.nasl - Type : ACT_GATHER_INFO |
| 2011-09-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1344.nasl - Type : ACT_GATHER_INFO |
| 2011-09-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2312.nasl - Type : ACT_GATHER_INFO |
| 2011-09-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2313.nasl - Type : ACT_GATHER_INFO |
| 2011-09-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1222-1.nasl - Type : ACT_GATHER_INFO |
| 2011-09-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
| 2011-09-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-1343.nasl - Type : ACT_GATHER_INFO |
| 2011-09-29 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1fade8a3e9e811e095804061862b8c22.nasl - Type : ACT_GATHER_INFO |
| 2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3623.nasl - Type : ACT_GATHER_INFO |
| 2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_70.nasl - Type : ACT_GATHER_INFO |
| 2011-09-29 | Name : The remote Windows host contains a mail client that may be affected by multip... File : mozilla_thunderbird_70.nasl - Type : ACT_GATHER_INFO |
| 2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
| 2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1342.nasl - Type : ACT_GATHER_INFO |
| 2011-09-29 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-1343.nasl - Type : ACT_GATHER_INFO |
| 2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1344.nasl - Type : ACT_GATHER_INFO |
| 2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_24.nasl - Type : ACT_GATHER_INFO |
| 2011-09-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1210-1.nasl - Type : ACT_GATHER_INFO |
| 2011-09-29 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1213-1.nasl - Type : ACT_GATHER_INFO |
| 2011-09-01 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : opera_1151.nasl - Type : ACT_GATHER_INFO |
| 2011-08-30 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-110824.nasl - Type : ACT_GATHER_INFO |
| 2011-08-30 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7712.nasl - Type : ACT_GATHER_INFO |
| 2011-08-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1185-1.nasl - Type : ACT_GATHER_INFO |
| 2011-08-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2297.nasl - Type : ACT_GATHER_INFO |
| 2011-08-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1184-1.nasl - Type : ACT_GATHER_INFO |
| 2011-08-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2295.nasl - Type : ACT_GATHER_INFO |
| 2011-08-18 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2296.nasl - Type : ACT_GATHER_INFO |
| 2011-08-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-127.nasl - Type : ACT_GATHER_INFO |
| 2011-08-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3620.nasl - Type : ACT_GATHER_INFO |
| 2011-08-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_60.nasl - Type : ACT_GATHER_INFO |
| 2011-08-18 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1192-1.nasl - Type : ACT_GATHER_INFO |
| 2011-08-18 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1192-2.nasl - Type : ACT_GATHER_INFO |
| 2011-08-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1164.nasl - Type : ACT_GATHER_INFO |
| 2011-08-17 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-1165.nasl - Type : ACT_GATHER_INFO |
| 2011-08-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1167.nasl - Type : ACT_GATHER_INFO |
| 2011-08-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_834591a9c82f11e0897d6c626dd55a41.nasl - Type : ACT_GATHER_INFO |
| 2011-08-17 | Name : The remote Windows host contains a mail client may be affected by multiple vu... File : mozilla_thunderbird_3112.nasl - Type : ACT_GATHER_INFO |
| 2011-08-17 | Name : The remote Windows host contains a mail client that may be affected by multip... File : mozilla_thunderbird_60.nasl - Type : ACT_GATHER_INFO |
| 2011-08-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1164.nasl - Type : ACT_GATHER_INFO |
| 2011-08-17 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-1165.nasl - Type : ACT_GATHER_INFO |
| 2011-08-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1166.nasl - Type : ACT_GATHER_INFO |
| 2011-08-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1167.nasl - Type : ACT_GATHER_INFO |
| 2011-08-17 | Name : The remote Windows host contains a web browser that may be affected by multip... File : seamonkey_22.nasl - Type : ACT_GATHER_INFO |
| 2011-08-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_23.nasl - Type : ACT_GATHER_INFO |
| 2011-08-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0888.nasl - Type : ACT_GATHER_INFO |
| 2011-08-11 | Name : The remote Windows host has an application that is affected by multiple vulne... File : blackberry_es_png_kb27244.nasl - Type : ACT_GATHER_INFO |
| 2011-07-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-110721.nasl - Type : ACT_GATHER_INFO |
| 2011-07-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-7644.nasl - Type : ACT_GATHER_INFO |
| 2011-07-18 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1150-1.nasl - Type : ACT_GATHER_INFO |
| 2011-07-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2273.nasl - Type : ACT_GATHER_INFO |
| 2011-07-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2268.nasl - Type : ACT_GATHER_INFO |
| 2011-07-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2269.nasl - Type : ACT_GATHER_INFO |
| 2011-07-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-110628.nasl - Type : ACT_GATHER_INFO |
| 2011-07-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7597.nasl - Type : ACT_GATHER_INFO |
| 2011-06-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1149-2.nasl - Type : ACT_GATHER_INFO |
| 2011-06-24 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_3_6_18.nasl - Type : ACT_GATHER_INFO |
| 2011-06-24 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_5_0.nasl - Type : ACT_GATHER_INFO |
| 2011-06-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1157-3.nasl - Type : ACT_GATHER_INFO |
| 2011-06-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0885.nasl - Type : ACT_GATHER_INFO |
| 2011-06-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0887.nasl - Type : ACT_GATHER_INFO |
| 2011-06-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-111.nasl - Type : ACT_GATHER_INFO |
| 2011-06-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1149-1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1157-1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1157-2.nasl - Type : ACT_GATHER_INFO |
| 2011-06-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0885.nasl - Type : ACT_GATHER_INFO |
| 2011-06-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0886.nasl - Type : ACT_GATHER_INFO |
| 2011-06-22 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-0887.nasl - Type : ACT_GATHER_INFO |
| 2011-06-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0888.nasl - Type : ACT_GATHER_INFO |
| 2011-06-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3618.nasl - Type : ACT_GATHER_INFO |
| 2011-06-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_50.nasl - Type : ACT_GATHER_INFO |
| 2011-06-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_3111.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1112-1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1121-1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1122-1.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1122-2.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1122-3.nasl - Type : ACT_GATHER_INFO |
| 2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1123-1.nasl - Type : ACT_GATHER_INFO |
| 2011-05-13 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_apr_2011.nasl - Type : ACT_GATHER_INFO |
| 2011-05-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2235.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-101212.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-101213.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_gnutls-101025.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_gnutls-101206.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner191-101212.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_opera-101222.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-101213.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-101213.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-110308.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-110429.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-101213.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-110302.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-110429.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gnutls-101025.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_gnutls-101206.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-101103.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-101213.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-110302.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-110429.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_opera-101222.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-101213.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-110302.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-110429.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-110429.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-110429.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7491.nasl - Type : ACT_GATHER_INFO |
| 2011-05-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner191-7493.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0471.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0473.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0474.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2227.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2228.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-079.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-080.nasl - Type : ACT_GATHER_INFO |
| 2011-05-02 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12705.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3519.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3617.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_401.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_3110.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0471.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0473.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-0474.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0475.nasl - Type : ACT_GATHER_INFO |
| 2011-04-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_2014.nasl - Type : ACT_GATHER_INFO |
| 2011-04-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0681.nasl - Type : ACT_GATHER_INFO |
| 2011-03-24 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0374.nasl - Type : ACT_GATHER_INFO |
| 2011-03-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0374.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100407.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-090922.nasl - Type : ACT_GATHER_INFO |
| 2011-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-100407.nasl - Type : ACT_GATHER_INFO |
| 2011-03-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-110307.nasl - Type : ACT_GATHER_INFO |
| 2011-03-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-110303.nasl - Type : ACT_GATHER_INFO |
| 2011-03-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner191-7363.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2186.nasl - Type : ACT_GATHER_INFO |
| 2011-03-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2187.nasl - Type : ACT_GATHER_INFO |
| 2011-03-10 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_5_0_4.nasl - Type : ACT_GATHER_INFO |
| 2011-03-09 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_10_0_648_127.nasl - Type : ACT_GATHER_INFO |
| 2011-03-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-042.nasl - Type : ACT_GATHER_INFO |
| 2011-03-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1049-2.nasl - Type : ACT_GATHER_INFO |
| 2011-03-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-041.nasl - Type : ACT_GATHER_INFO |
| 2011-03-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2180.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0310.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0312.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0313.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote host contains an application that has multiple vulnerabilities. File : itunes_10_2.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_2_banner.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote Windows host contains a web browser affected by multiple vulnerabi... File : mozilla_firefox_3517.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote Windows host contains a web browser affected by multiple vulnerabi... File : mozilla_firefox_3614.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_318.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote Windows host contains a web browser affected by multiple vulnerabi... File : seamonkey_2012.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1049-1.nasl - Type : ACT_GATHER_INFO |
| 2011-03-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1050-1.nasl - Type : ACT_GATHER_INFO |
| 2011-03-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_45f102cd445611e095804061862b8c22.nasl - Type : ACT_GATHER_INFO |
| 2011-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0310.nasl - Type : ACT_GATHER_INFO |
| 2011-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0311.nasl - Type : ACT_GATHER_INFO |
| 2011-03-02 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-0312.nasl - Type : ACT_GATHER_INFO |
| 2011-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0313.nasl - Type : ACT_GATHER_INFO |
| 2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
| 2011-01-28 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0966.nasl - Type : ACT_GATHER_INFO |
| 2011-01-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0967.nasl - Type : ACT_GATHER_INFO |
| 2011-01-28 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0968.nasl - Type : ACT_GATHER_INFO |
| 2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gnutls-7299.nasl - Type : ACT_GATHER_INFO |
| 2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-sun-7204.nasl - Type : ACT_GATHER_INFO |
| 2011-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-101220.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-101213.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_java-1_4_2-ibm-100510.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-101112.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-101213.nasl - Type : ACT_GATHER_INFO |
| 2011-01-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2141.nasl - Type : ACT_GATHER_INFO |
| 2011-01-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7280.nasl - Type : ACT_GATHER_INFO |
| 2010-12-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-18890.nasl - Type : ACT_GATHER_INFO |
| 2010-12-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-18920.nasl - Type : ACT_GATHER_INFO |
| 2010-12-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-258.nasl - Type : ACT_GATHER_INFO |
| 2010-12-17 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12658.nasl - Type : ACT_GATHER_INFO |
| 2010-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0987.nasl - Type : ACT_GATHER_INFO |
| 2010-12-16 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_gnutls-101206.nasl - Type : ACT_GATHER_INFO |
| 2010-12-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2132.nasl - Type : ACT_GATHER_INFO |
| 2010-12-14 | Name : The remote Fedora host is missing a security update. File : fedora_2010-18778.nasl - Type : ACT_GATHER_INFO |
| 2010-12-13 | Name : The remote Fedora host is missing a security update. File : fedora_2010-18777.nasl - Type : ACT_GATHER_INFO |
| 2010-12-12 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-18773.nasl - Type : ACT_GATHER_INFO |
| 2010-12-12 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-18775.nasl - Type : ACT_GATHER_INFO |
| 2010-12-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1d8ff4a2044511e08e32000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-12-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-251.nasl - Type : ACT_GATHER_INFO |
| 2010-12-10 | Name : The remote Windows host contains a web browser affected by multiple vulnerabi... File : mozilla_firefox_3516.nasl - Type : ACT_GATHER_INFO |
| 2010-12-10 | Name : The remote Windows host contains a web browser affected by multiple vulnerabi... File : mozilla_firefox_3613.nasl - Type : ACT_GATHER_INFO |
| 2010-12-10 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_3011.nasl - Type : ACT_GATHER_INFO |
| 2010-12-10 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_317.nasl - Type : ACT_GATHER_INFO |
| 2010-12-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0966.nasl - Type : ACT_GATHER_INFO |
| 2010-12-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0967.nasl - Type : ACT_GATHER_INFO |
| 2010-12-10 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0968.nasl - Type : ACT_GATHER_INFO |
| 2010-12-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0969.nasl - Type : ACT_GATHER_INFO |
| 2010-12-10 | Name : The remote Windows host contains a web browser affected by multiple vulnerabi... File : seamonkey_2011.nasl - Type : ACT_GATHER_INFO |
| 2010-12-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1019-1.nasl - Type : ACT_GATHER_INFO |
| 2010-12-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1020-1.nasl - Type : ACT_GATHER_INFO |
| 2010-12-08 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0019.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100628.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100921.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-101103.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libfreebl3-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libfreebl3-101018.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libtheora-100224.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-101118.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7205.nasl - Type : ACT_GATHER_INFO |
| 2010-12-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12659.nasl - Type : ACT_GATHER_INFO |
| 2010-11-24 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0780.nasl - Type : ACT_GATHER_INFO |
| 2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0781.nasl - Type : ACT_GATHER_INFO |
| 2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0782.nasl - Type : ACT_GATHER_INFO |
| 2010-11-24 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0808.nasl - Type : ACT_GATHER_INFO |
| 2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0809.nasl - Type : ACT_GATHER_INFO |
| 2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0810.nasl - Type : ACT_GATHER_INFO |
| 2010-11-24 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0812.nasl - Type : ACT_GATHER_INFO |
| 2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0861.nasl - Type : ACT_GATHER_INFO |
| 2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0862.nasl - Type : ACT_GATHER_INFO |
| 2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0865.nasl - Type : ACT_GATHER_INFO |
| 2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0896.nasl - Type : ACT_GATHER_INFO |
| 2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
| 2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO |
| 2010-11-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-15989.nasl - Type : ACT_GATHER_INFO |
| 2010-11-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7208.nasl - Type : ACT_GATHER_INFO |
| 2010-11-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-7196.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2123.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2124.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote Fedora host is missing a security update. File : fedora_2010-17105.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-11-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-101028.nasl - Type : ACT_GATHER_INFO |
| 2010-11-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-219.nasl - Type : ACT_GATHER_INFO |
| 2010-11-01 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-305-01.nasl - Type : ACT_GATHER_INFO |
| 2010-11-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-16885.nasl - Type : ACT_GATHER_INFO |
| 2010-10-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-15897.nasl - Type : ACT_GATHER_INFO |
| 2010-10-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-16883.nasl - Type : ACT_GATHER_INFO |
| 2010-10-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-16897.nasl - Type : ACT_GATHER_INFO |
| 2010-10-29 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c223b00de27211df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-10-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-213.nasl - Type : ACT_GATHER_INFO |
| 2010-10-29 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0812.nasl - Type : ACT_GATHER_INFO |
| 2010-10-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1010-1.nasl - Type : ACT_GATHER_INFO |
| 2010-10-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1011-2.nasl - Type : ACT_GATHER_INFO |
| 2010-10-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1011-3.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-15520.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-16593.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Windows host contains a web browser affected by a buffer overflow ... File : mozilla_firefox_3515.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Windows host contains a web browser affected by a buffer overflow ... File : mozilla_firefox_3612.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Windows host contains a mail client that is affected by a buffer o... File : mozilla_thunderbird_3010.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Windows host contains a mail client that is affected by buffer ove... File : mozilla_thunderbird_316.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0807.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0808.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0809.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0810.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Windows host contains a web browser affected by a buffer overflow ... File : seamonkey_2010.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-101021.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-101022.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libfreebl3-100930.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-101021.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1011-1.nasl - Type : ACT_GATHER_INFO |
| 2010-10-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-210.nasl - Type : ACT_GATHER_INFO |
| 2010-10-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-211.nasl - Type : ACT_GATHER_INFO |
| 2010-10-22 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16240.nasl - Type : ACT_GATHER_INFO |
| 2010-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2010-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-101019.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c4f067b9dc4a11df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3514.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3611.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_309.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_315.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0786.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_209.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1007-1.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-997-1.nasl - Type : ACT_GATHER_INFO |
| 2010-10-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-998-1.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_0_64.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote web server is affected by multiple vulnerabilities File : apache_2_2_15.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16294.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update8.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update3.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0780.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0781.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0782.nasl - Type : ACT_GATHER_INFO |
| 2010-10-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
| 2010-10-18 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16312.nasl - Type : ACT_GATHER_INFO |
| 2010-10-15 | Name : The remote Windows host contains a programming platform that is affected by m... File : oracle_java_cpu_oct_2010.nasl - Type : ACT_GATHER_INFO |
| 2010-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0770.nasl - Type : ACT_GATHER_INFO |
| 2010-10-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0768.nasl - Type : ACT_GATHER_INFO |
| 2010-10-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-100916.nasl - Type : ACT_GATHER_INFO |
| 2010-10-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO |
| 2010-10-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-100917.nasl - Type : ACT_GATHER_INFO |
| 2010-10-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-100917.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6609.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6735.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6773.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6867.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6979.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7083.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7101.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-6657.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox35upgrade-6563.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-7077.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-7144.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-6631.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nss-6978.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6617.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6734.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6777.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6866.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6971.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_neon-6549.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openldap2-6598.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6655.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6944.nasl - Type : ACT_GATHER_INFO |
| 2010-10-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201010-01.nasl - Type : ACT_GATHER_INFO |
| 2010-10-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-195.nasl - Type : ACT_GATHER_INFO |
| 2010-10-04 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO |
| 2010-09-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-990-1.nasl - Type : ACT_GATHER_INFO |
| 2010-09-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-990-2.nasl - Type : ACT_GATHER_INFO |
| 2010-09-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO |
| 2010-09-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-100917.nasl - Type : ACT_GATHER_INFO |
| 2010-09-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100916.nasl - Type : ACT_GATHER_INFO |
| 2010-09-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100917.nasl - Type : ACT_GATHER_INFO |
| 2010-09-17 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_6_2_0_12.nasl - Type : ACT_GATHER_INFO |
| 2010-09-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-975-2.nasl - Type : ACT_GATHER_INFO |
| 2010-09-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-978-2.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0680.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0681.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0682.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-173.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12642.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO |
| 2010-09-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO |
| 2010-09-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2106.nasl - Type : ACT_GATHER_INFO |
| 2010-09-09 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-14362.nasl - Type : ACT_GATHER_INFO |
| 2010-09-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4a21ce2cbb1311df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-09-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-975-1.nasl - Type : ACT_GATHER_INFO |
| 2010-09-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-978-1.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3512.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_369.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_307.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_313.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0680.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0682.nasl - Type : ACT_GATHER_INFO |
| 2010-09-08 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_207.nasl - Type : ACT_GATHER_INFO |
| 2010-09-07 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_95fp6.nasl - Type : ACT_GATHER_INFO |
| 2010-09-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-169.nasl - Type : ACT_GATHER_INFO |
| 2010-08-24 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-005.nasl - Type : ACT_GATHER_INFO |
| 2010-08-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
| 2010-08-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-147.nasl - Type : ACT_GATHER_INFO |
| 2010-08-11 | Name : It may be possible to execute arbitrary code on the remote Windows host using... File : smb_nt_ms10-049.nasl - Type : ACT_GATHER_INFO |
| 2010-08-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c2eac2b59a7d11df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-08-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0500.nasl - Type : ACT_GATHER_INFO |
| 2010-08-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0544.nasl - Type : ACT_GATHER_INFO |
| 2010-08-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0558.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-294.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-338.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-000.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-027.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-028.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-133.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100722.nasl - Type : ACT_GATHER_INFO |
| 2010-07-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2075.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0556.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0557.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0544.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0546.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0556.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0557.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0558.nasl - Type : ACT_GATHER_INFO |
| 2010-07-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-100721.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10776.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10793.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11452.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11472.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100721.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-930-6.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-957-2.nasl - Type : ACT_GATHER_INFO |
| 2010-07-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-958-1.nasl - Type : ACT_GATHER_INFO |
| 2010-07-26 | Name : The remote Windows host contains a web browser that may allow execution of re... File : mozilla_firefox_368.nasl - Type : ACT_GATHER_INFO |
| 2010-07-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-927-6.nasl - Type : ACT_GATHER_INFO |
| 2010-07-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-930-4.nasl - Type : ACT_GATHER_INFO |
| 2010-07-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-930-5.nasl - Type : ACT_GATHER_INFO |
| 2010-07-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-957-1.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0545.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0547.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11327.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-11345.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-11361.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11363.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-11375.nasl - Type : ACT_GATHER_INFO |
| 2010-07-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-11379.nasl - Type : ACT_GATHER_INFO |
| 2010-07-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0499.nasl - Type : ACT_GATHER_INFO |
| 2010-07-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8c2ea875949911df8e32000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-07-22 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3511.nasl - Type : ACT_GATHER_INFO |
| 2010-07-22 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_367.nasl - Type : ACT_GATHER_INFO |
| 2010-07-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2072.nasl - Type : ACT_GATHER_INFO |
| 2010-07-21 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10823.nasl - Type : ACT_GATHER_INFO |
| 2010-07-21 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10833.nasl - Type : ACT_GATHER_INFO |
| 2010-07-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_306.nasl - Type : ACT_GATHER_INFO |
| 2010-07-21 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_311.nasl - Type : ACT_GATHER_INFO |
| 2010-07-21 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_206.nasl - Type : ACT_GATHER_INFO |
| 2010-07-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
| 2010-07-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-100625.nasl - Type : ACT_GATHER_INFO |
| 2010-07-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-100628.nasl - Type : ACT_GATHER_INFO |
| 2010-07-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100625.nasl - Type : ACT_GATHER_INFO |
| 2010-07-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-960-1.nasl - Type : ACT_GATHER_INFO |
| 2010-07-07 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12623.nasl - Type : ACT_GATHER_INFO |
| 2010-07-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-943-1.nasl - Type : ACT_GATHER_INFO |
| 2010-07-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10592.nasl - Type : ACT_GATHER_INFO |
| 2010-07-02 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10557.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-180-01.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12747.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10329.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-10344.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-10361.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10363.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1127.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-1727.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1932.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-1936.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-3230.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-3267.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3905.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3929.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3956.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5357.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-5506.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-5515.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-5526.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-5539.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-5561.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5840.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-5942.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6025.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6039.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6131.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-6204.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6236.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6279.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-7100.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8360.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8379.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8423.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8742.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9253.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9487.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9518.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-9774.nasl - Type : ACT_GATHER_INFO |
| 2010-07-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-930-3.nasl - Type : ACT_GATHER_INFO |
| 2010-06-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-927-4.nasl - Type : ACT_GATHER_INFO |
| 2010-06-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-930-1.nasl - Type : ACT_GATHER_INFO |
| 2010-06-30 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-930-2.nasl - Type : ACT_GATHER_INFO |
| 2010-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2064.nasl - Type : ACT_GATHER_INFO |
| 2010-06-29 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_edef3f2f82cf11dfbcce0018f3e2eb82.nasl - Type : ACT_GATHER_INFO |
| 2010-06-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0501.nasl - Type : ACT_GATHER_INFO |
| 2010-06-25 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_99858b7c7ece11dfa007000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-06-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-125.nasl - Type : ACT_GATHER_INFO |
| 2010-06-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-126.nasl - Type : ACT_GATHER_INFO |
| 2010-06-23 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3510.nasl - Type : ACT_GATHER_INFO |
| 2010-06-23 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_364.nasl - Type : ACT_GATHER_INFO |
| 2010-06-23 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_305.nasl - Type : ACT_GATHER_INFO |
| 2010-06-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0499.nasl - Type : ACT_GATHER_INFO |
| 2010-06-23 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0500.nasl - Type : ACT_GATHER_INFO |
| 2010-06-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0501.nasl - Type : ACT_GATHER_INFO |
| 2010-06-23 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_205.nasl - Type : ACT_GATHER_INFO |
| 2010-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0339.nasl - Type : ACT_GATHER_INFO |
| 2010-06-11 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12621.nasl - Type : ACT_GATHER_INFO |
| 2010-06-07 | Name : The remote Windows host has an application installed that is affected by mult... File : openoffice_321.nasl - Type : ACT_GATHER_INFO |
| 2010-06-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-18.nasl - Type : ACT_GATHER_INFO |
| 2010-06-01 | Name : The remote database server is affected by multiple vulnerabilities. File : db2_97fp2.nasl - Type : ACT_GATHER_INFO |
| 2010-05-20 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12616.nasl - Type : ACT_GATHER_INFO |
| 2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
| 2010-05-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-100430.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote web server has multiple vulnerabilities. File : hpsmh_6_1_0_102.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_5_update7.nasl - Type : ACT_GATHER_INFO |
| 2010-05-19 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update2.nasl - Type : ACT_GATHER_INFO |
| 2010-05-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2045.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0155.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0164.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0165.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0167.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0332.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0333.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0337.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0338.nasl - Type : ACT_GATHER_INFO |
| 2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0339.nasl - Type : ACT_GATHER_INFO |
| 2010-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-openjdk-100428.nasl - Type : ACT_GATHER_INFO |
| 2010-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-openjdk-100428.nasl - Type : ACT_GATHER_INFO |
| 2010-04-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-100412.nasl - Type : ACT_GATHER_INFO |
| 2010-04-29 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-084.nasl - Type : ACT_GATHER_INFO |
| 2010-04-28 | Name : The remote database server is affected by multiple issues. File : db2_9fp9.nasl - Type : ACT_GATHER_INFO |
| 2010-04-19 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-076.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-070.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_firefox35upgrade-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner190-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-branding-openSUSE-100413.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_firefox35upgrade-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner190-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-14 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100412.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libfreebl3-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libfreebl3-100407.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libfreebl3-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100406.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6970.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-6977.nasl - Type : ACT_GATHER_INFO |
| 2010-04-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6976.nasl - Type : ACT_GATHER_INFO |
| 2010-04-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-920-1.nasl - Type : ACT_GATHER_INFO |
| 2010-04-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-921-1.nasl - Type : ACT_GATHER_INFO |
| 2010-04-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-927-1.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0332.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0333.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ec8f449f40ed11df9edc000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-069.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libtheora-100224.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libtheora-100224.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopenssl-devel-100401.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libtheora-100225.nasl - Type : ACT_GATHER_INFO |
| 2010-04-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-923-1.nasl - Type : ACT_GATHER_INFO |
| 2010-04-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2027.nasl - Type : ACT_GATHER_INFO |
| 2010-04-02 | Name : The remote Windows host contains a web browser that is affected by a remote c... File : mozilla_firefox_363.nasl - Type : ACT_GATHER_INFO |
| 2010-04-02 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12606.nasl - Type : ACT_GATHER_INFO |
| 2010-04-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2025.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_9ccfee393c3b11df9edc000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3019.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_359.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_304.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_204.nasl - Type : ACT_GATHER_INFO |
| 2010-03-31 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6943.nasl - Type : ACT_GATHER_INFO |
| 2010-03-30 | Name : The remote Windows host contains a runtime environment that is affected by mu... File : oracle_java_cpu_mar_2010.nasl - Type : ACT_GATHER_INFO |
| 2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
| 2010-03-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-100324.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0162.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0164.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0165.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0166.nasl - Type : ACT_GATHER_INFO |
| 2010-03-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0167.nasl - Type : ACT_GATHER_INFO |
| 2010-03-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0163.nasl - Type : ACT_GATHER_INFO |
| 2010-03-24 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_5d5ed535365311df9edc000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-03-23 | Name : The remote Windows host contains a web browser that is affected by Multiple V... File : mozilla_firefox_362.nasl - Type : ACT_GATHER_INFO |
| 2010-03-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_56cfe192329f11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-03-19 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
| 2010-03-19 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20024.nasl - Type : ACT_GATHER_INFO |
| 2010-03-19 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1119.nasl - Type : ACT_GATHER_INFO |
| 2010-03-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-915-1.nasl - Type : ACT_GATHER_INFO |
| 2010-03-11 | Name : The remote web server has multiple SSL-related vulnerabilities. File : openssl_0_9_8m.nasl - Type : ACT_GATHER_INFO |
| 2010-03-11 | Name : The remote SuSE system is missing a security patch for MozillaThunderbird File : suse_11_2_MozillaThunderbird-100305.nasl - Type : ACT_GATHER_INFO |
| 2010-03-09 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-067-01.nasl - Type : ACT_GATHER_INFO |
| 2010-03-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0130.nasl - Type : ACT_GATHER_INFO |
| 2010-03-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-051.nasl - Type : ACT_GATHER_INFO |
| 2010-03-02 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_302.nasl - Type : ACT_GATHER_INFO |
| 2010-03-02 | Name : The remote host contains a web browser that is affected by multiple issues. File : opera_1050.nasl - Type : ACT_GATHER_INFO |
| 2010-03-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6562.nasl - Type : ACT_GATHER_INFO |
| 2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-100223.nasl - Type : ACT_GATHER_INFO |
| 2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-100223.nasl - Type : ACT_GATHER_INFO |
| 2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100218.nasl - Type : ACT_GATHER_INFO |
| 2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100218.nasl - Type : ACT_GATHER_INFO |
| 2010-02-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100219.nasl - Type : ACT_GATHER_INFO |
| 2010-02-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-100219.nasl - Type : ACT_GATHER_INFO |
| 2010-02-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6863.nasl - Type : ACT_GATHER_INFO |
| 2010-02-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6871.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1830.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1840.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1873.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1874.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1885.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1886.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1922.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1931.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1934.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1939.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1956.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1999.nasl - Type : ACT_GATHER_INFO |
| 2010-02-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-042.nasl - Type : ACT_GATHER_INFO |
| 2010-02-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-043.nasl - Type : ACT_GATHER_INFO |
| 2010-02-19 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f82c85d81c6e11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2010-02-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
| 2010-02-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
| 2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3018.nasl - Type : ACT_GATHER_INFO |
| 2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_358.nasl - Type : ACT_GATHER_INFO |
| 2010-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
| 2010-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
| 2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_203.nasl - Type : ACT_GATHER_INFO |
| 2010-02-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-895-1.nasl - Type : ACT_GATHER_INFO |
| 2010-02-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-896-1.nasl - Type : ACT_GATHER_INFO |
| 2010-02-02 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-100111.nasl - Type : ACT_GATHER_INFO |
| 2010-02-02 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-100112.nasl - Type : ACT_GATHER_INFO |
| 2010-02-02 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100111.nasl - Type : ACT_GATHER_INFO |
| 2010-02-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100111.nasl - Type : ACT_GATHER_INFO |
| 2010-02-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-100111.nasl - Type : ACT_GATHER_INFO |
| 2010-02-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6771.nasl - Type : ACT_GATHER_INFO |
| 2010-02-02 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6772.nasl - Type : ACT_GATHER_INFO |
| 2010-01-27 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-026.nasl - Type : ACT_GATHER_INFO |
| 2010-01-22 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_301.nasl - Type : ACT_GATHER_INFO |
| 2010-01-20 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-001.nasl - Type : ACT_GATHER_INFO |
| 2010-01-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-003.nasl - Type : ACT_GATHER_INFO |
| 2010-01-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-877-1.nasl - Type : ACT_GATHER_INFO |
| 2010-01-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-878-1.nasl - Type : ACT_GATHER_INFO |
| 2010-01-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0001.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0879.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0976.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0978.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-1036.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-0002.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0397.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0449.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1095.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-1126.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1162.nasl - Type : ACT_GATHER_INFO |
| 2010-01-03 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-091223.nasl - Type : ACT_GATHER_INFO |
| 2009-12-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13236.nasl - Type : ACT_GATHER_INFO |
| 2009-12-28 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13250.nasl - Type : ACT_GATHER_INFO |
| 2009-12-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1694.nasl - Type : ACT_GATHER_INFO |
| 2009-12-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-337.nasl - Type : ACT_GATHER_INFO |
| 2009-12-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-339.nasl - Type : ACT_GATHER_INFO |
| 2009-12-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO |
| 2009-12-23 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-091221.nasl - Type : ACT_GATHER_INFO |
| 2009-12-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6733.nasl - Type : ACT_GATHER_INFO |
| 2009-12-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6736.nasl - Type : ACT_GATHER_INFO |
| 2009-12-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO |
| 2009-12-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-091217.nasl - Type : ACT_GATHER_INFO |
| 2009-12-22 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-091217.nasl - Type : ACT_GATHER_INFO |
| 2009-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1673.nasl - Type : ACT_GATHER_INFO |
| 2009-12-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1674.nasl - Type : ACT_GATHER_INFO |
| 2009-12-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-873-1.nasl - Type : ACT_GATHER_INFO |
| 2009-12-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-874-1.nasl - Type : ACT_GATHER_INFO |
| 2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12229.nasl - Type : ACT_GATHER_INFO |
| 2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12305.nasl - Type : ACT_GATHER_INFO |
| 2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12606.nasl - Type : ACT_GATHER_INFO |
| 2009-12-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-13333.nasl - Type : ACT_GATHER_INFO |
| 2009-12-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13362.nasl - Type : ACT_GATHER_INFO |
| 2009-12-18 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-13366.nasl - Type : ACT_GATHER_INFO |
| 2009-12-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_01c57d20ea2611debd3900248c9b4be7.nasl - Type : ACT_GATHER_INFO |
| 2009-12-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e7bc5600eaa011debd9c00215c6a37bb.nasl - Type : ACT_GATHER_INFO |
| 2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3016.nasl - Type : ACT_GATHER_INFO |
| 2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_356.nasl - Type : ACT_GATHER_INFO |
| 2009-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1673.nasl - Type : ACT_GATHER_INFO |
| 2009-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1674.nasl - Type : ACT_GATHER_INFO |
| 2009-12-16 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_201.nasl - Type : ACT_GATHER_INFO |
| 2009-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12604.nasl - Type : ACT_GATHER_INFO |
| 2009-12-10 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12968.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12750.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12775.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12782.nasl - Type : ACT_GATHER_INFO |
| 2009-12-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-323.nasl - Type : ACT_GATHER_INFO |
| 2009-12-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-315.nasl - Type : ACT_GATHER_INFO |
| 2009-12-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-290.nasl - Type : ACT_GATHER_INFO |
| 2009-12-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200912-01.nasl - Type : ACT_GATHER_INFO |
| 2009-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-091124.nasl - Type : ACT_GATHER_INFO |
| 2009-11-25 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_94edff42d93d11dea4340211d880e350.nasl - Type : ACT_GATHER_INFO |
| 2009-11-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-861-1.nasl - Type : ACT_GATHER_INFO |
| 2009-11-24 | Name : The remote service allows insecure renegotiation of TLS / SSL connections. File : ssl_renegotiation.nasl - Type : ACT_GATHER_INFO |
| 2009-11-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-091119.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libopenssl-devel-091112.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libopenssl-devel-091112.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libopenssl-devel-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-860-1.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12550.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_compat-openssl097g-6656.nasl - Type : ACT_GATHER_INFO |
| 2009-11-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-6654.nasl - Type : ACT_GATHER_INFO |
| 2009-11-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-320-01.nasl - Type : ACT_GATHER_INFO |
| 2009-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_compat-openssl097g-091113.nasl - Type : ACT_GATHER_INFO |
| 2009-11-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libopenssl-devel-091112.nasl - Type : ACT_GATHER_INFO |
| 2009-11-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1579.nasl - Type : ACT_GATHER_INFO |
| 2009-11-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1580.nasl - Type : ACT_GATHER_INFO |
| 2009-11-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-853-2.nasl - Type : ACT_GATHER_INFO |
| 2009-11-11 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11169.nasl - Type : ACT_GATHER_INFO |
| 2009-11-11 | Name : The remote Fedora host is missing a security update. File : fedora_2009-11243.nasl - Type : ACT_GATHER_INFO |
| 2009-11-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1561.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-295.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-nspr-091104.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-nspr-091103.nasl - Type : ACT_GATHER_INFO |
| 2009-11-09 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-6630.nasl - Type : ACT_GATHER_INFO |
| 2009-11-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-10981.nasl - Type : ACT_GATHER_INFO |
| 2009-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-091103.nasl - Type : ACT_GATHER_INFO |
| 2009-11-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-091102.nasl - Type : ACT_GATHER_INFO |
| 2009-11-04 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-091030.nasl - Type : ACT_GATHER_INFO |
| 2009-11-04 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-091030.nasl - Type : ACT_GATHER_INFO |
| 2009-11-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6606.nasl - Type : ACT_GATHER_INFO |
| 2009-11-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6616.nasl - Type : ACT_GATHER_INFO |
| 2009-11-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-853-1.nasl - Type : ACT_GATHER_INFO |
| 2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libneon-devel-091012.nasl - Type : ACT_GATHER_INFO |
| 2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libneon-devel-091012.nasl - Type : ACT_GATHER_INFO |
| 2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_libneon-devel-6550.nasl - Type : ACT_GATHER_INFO |
| 2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-6538.nasl - Type : ACT_GATHER_INFO |
| 2009-10-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO |
| 2009-10-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO |
| 2009-10-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-10878.nasl - Type : ACT_GATHER_INFO |
| 2009-10-29 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c87aa2d2c3c411deab08000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2009-10-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3015.nasl - Type : ACT_GATHER_INFO |
| 2009-10-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_354.nasl - Type : ACT_GATHER_INFO |
| 2009-10-29 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_20.nasl - Type : ACT_GATHER_INFO |
| 2009-10-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libneon-devel-091012.nasl - Type : ACT_GATHER_INFO |
| 2009-10-29 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_neon-6548.nasl - Type : ACT_GATHER_INFO |
| 2009-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1530.nasl - Type : ACT_GATHER_INFO |
| 2009-10-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1531.nasl - Type : ACT_GATHER_INFO |
| 2009-10-26 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-288.nasl - Type : ACT_GATHER_INFO |
| 2009-10-22 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12521.nasl - Type : ACT_GATHER_INFO |
| 2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-091007.nasl - Type : ACT_GATHER_INFO |
| 2009-10-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-091007.nasl - Type : ACT_GATHER_INFO |
| 2009-10-20 | Name : The remote SuSE system is missing the security patch firefox35upgrade-6562 File : suse_firefox35upgrade-6562.nasl - Type : ACT_GATHER_INFO |
| 2009-10-20 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-nspr-6541.nasl - Type : ACT_GATHER_INFO |
| 2009-10-07 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12519.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-6379.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-6495.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-6347.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-6493.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libfreebl3-6494.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libldap-2_4-2-6488.nasl - Type : ACT_GATHER_INFO |
| 2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_mutt-6487.nasl - Type : ACT_GATHER_INFO |
| 2009-10-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090924.nasl - Type : ACT_GATHER_INFO |
| 2009-10-01 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-090917.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12326.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12505.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12506.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090319.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090407.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090724.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-090812.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libfreebl3-090812.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libldap-2_4-2-090915.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_mutt-090909.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5826.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5890.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6187.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6433.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_epiphany-5889.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gecko-sdk-5813.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mutt-6484.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openldap2-6485.nasl - Type : ACT_GATHER_INFO |
| 2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090916.nasl - Type : ACT_GATHER_INFO |
| 2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libldap-2_4-2-090909.nasl - Type : ACT_GATHER_INFO |
| 2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mutt-090909.nasl - Type : ACT_GATHER_INFO |
| 2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090916.nasl - Type : ACT_GATHER_INFO |
| 2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libldap-2_4-2-090909.nasl - Type : ACT_GATHER_INFO |
| 2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mutt-090909.nasl - Type : ACT_GATHER_INFO |
| 2009-09-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-236.nasl - Type : ACT_GATHER_INFO |
| 2009-09-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-090914.nasl - Type : ACT_GATHER_INFO |
| 2009-09-18 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-090914.nasl - Type : ACT_GATHER_INFO |
| 2009-09-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-9494.nasl - Type : ACT_GATHER_INFO |
| 2009-09-14 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-9505.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_922d23989e2d11dea9980030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2009-09-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-821-1.nasl - Type : ACT_GATHER_INFO |
| 2009-09-10 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3014.nasl - Type : ACT_GATHER_INFO |
| 2009-09-10 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_353.nasl - Type : ACT_GATHER_INFO |
| 2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1430.nasl - Type : ACT_GATHER_INFO |
| 2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1431.nasl - Type : ACT_GATHER_INFO |
| 2009-09-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1432.nasl - Type : ACT_GATHER_INFO |
| 2009-09-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-225.nasl - Type : ACT_GATHER_INFO |
| 2009-09-04 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1118.nasl - Type : ACT_GATHER_INFO |
| 2009-08-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-221.nasl - Type : ACT_GATHER_INFO |
| 2009-08-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-217.nasl - Type : ACT_GATHER_INFO |
| 2009-08-21 | Name : The remote Windows host contains a mail client that is affected by a security... File : mozilla_thunderbird_20023.nasl - Type : ACT_GATHER_INFO |
| 2009-08-20 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-206.nasl - Type : ACT_GATHER_INFO |
| 2009-08-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090812.nasl - Type : ACT_GATHER_INFO |
| 2009-08-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libfreebl3-090812.nasl - Type : ACT_GATHER_INFO |
| 2009-08-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090812.nasl - Type : ACT_GATHER_INFO |
| 2009-08-20 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libfreebl3-090812.nasl - Type : ACT_GATHER_INFO |
| 2009-08-17 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-203.nasl - Type : ACT_GATHER_INFO |
| 2009-08-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-201.nasl - Type : ACT_GATHER_INFO |
| 2009-08-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-197.nasl - Type : ACT_GATHER_INFO |
| 2009-08-10 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-198.nasl - Type : ACT_GATHER_INFO |
| 2009-08-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-8279.nasl - Type : ACT_GATHER_INFO |
| 2009-08-05 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-8288.nasl - Type : ACT_GATHER_INFO |
| 2009-08-05 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_49e8f2ee814711dea9940030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2009-08-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-810-1.nasl - Type : ACT_GATHER_INFO |
| 2009-08-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-810-2.nasl - Type : ACT_GATHER_INFO |
| 2009-08-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-811-1.nasl - Type : ACT_GATHER_INFO |
| 2009-08-04 | Name : The remote Windows host contains a web browser that is affected by multiple f... File : mozilla_firefox_3013.nasl - Type : ACT_GATHER_INFO |
| 2009-08-04 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_352.nasl - Type : ACT_GATHER_INFO |
| 2009-07-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1185.nasl - Type : ACT_GATHER_INFO |
| 2009-07-31 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-182.nasl - Type : ACT_GATHER_INFO |
| 2009-07-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1184.nasl - Type : ACT_GATHER_INFO |
| 2009-07-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1185.nasl - Type : ACT_GATHER_INFO |
| 2009-07-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1186.nasl - Type : ACT_GATHER_INFO |
| 2009-07-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090724.nasl - Type : ACT_GATHER_INFO |
| 2009-07-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090724.nasl - Type : ACT_GATHER_INFO |
| 2009-07-24 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-7961.nasl - Type : ACT_GATHER_INFO |
| 2009-07-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1163.nasl - Type : ACT_GATHER_INFO |
| 2009-07-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-7898.nasl - Type : ACT_GATHER_INFO |
| 2009-07-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-798-1.nasl - Type : ACT_GATHER_INFO |
| 2009-07-22 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3012.nasl - Type : ACT_GATHER_INFO |
| 2009-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1162.nasl - Type : ACT_GATHER_INFO |
| 2009-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1163.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-081002.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-081124.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-081218.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090206.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090312.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090407.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-081003.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-081124.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-090108.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner181-081002.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner181-081122.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner181-081218.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner190-081002.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner190-081218.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-081003.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-081122.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-081218.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_seamonkey-090617.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-081218.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090206.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090312.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090407.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090427.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090507.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-090615.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-090108.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaThunderbird-090710.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner181-081219.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner190-081218.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_mozilla-xulrunner190-090427.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-081218.nasl - Type : ACT_GATHER_INFO |
| 2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_seamonkey-090617.nasl - Type : ACT_GATHER_INFO |
| 2009-07-20 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_c1ef9b3372a611de82ea0030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7567.nasl - Type : ACT_GATHER_INFO |
| 2009-07-17 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7614.nasl - Type : ACT_GATHER_INFO |
| 2009-07-17 | Name : The remote Windows host contains a web browser that is affected by multiple f... File : mozilla_firefox_351.nasl - Type : ACT_GATHER_INFO |
| 2009-07-02 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1134.nasl - Type : ACT_GATHER_INFO |
| 2009-07-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1134.nasl - Type : ACT_GATHER_INFO |
| 2009-06-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-178-01.nasl - Type : ACT_GATHER_INFO |
| 2009-06-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-141.nasl - Type : ACT_GATHER_INFO |
| 2009-06-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-176-01.nasl - Type : ACT_GATHER_INFO |
| 2009-06-26 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1125.nasl - Type : ACT_GATHER_INFO |
| 2009-06-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-782-1.nasl - Type : ACT_GATHER_INFO |
| 2009-06-23 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20022.nasl - Type : ACT_GATHER_INFO |
| 2009-06-23 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1117.nasl - Type : ACT_GATHER_INFO |
| 2009-06-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1820.nasl - Type : ACT_GATHER_INFO |
| 2009-06-19 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-6310.nasl - Type : ACT_GATHER_INFO |
| 2009-06-18 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-134.nasl - Type : ACT_GATHER_INFO |
| 2009-06-17 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-167-01.nasl - Type : ACT_GATHER_INFO |
| 2009-06-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-6366.nasl - Type : ACT_GATHER_INFO |
| 2009-06-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-6411.nasl - Type : ACT_GATHER_INFO |
| 2009-06-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1096.nasl - Type : ACT_GATHER_INFO |
| 2009-06-15 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_da185955573811deb857000f20797ede.nasl - Type : ACT_GATHER_INFO |
| 2009-06-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-779-1.nasl - Type : ACT_GATHER_INFO |
| 2009-06-12 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3011.nasl - Type : ACT_GATHER_INFO |
| 2009-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1095.nasl - Type : ACT_GATHER_INFO |
| 2009-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1096.nasl - Type : ACT_GATHER_INFO |
| 2009-05-26 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-0258.nasl - Type : ACT_GATHER_INFO |
| 2009-05-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
| 2009-05-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-111.nasl - Type : ACT_GATHER_INFO |
| 2009-05-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1797.nasl - Type : ACT_GATHER_INFO |
| 2009-04-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-118-01.nasl - Type : ACT_GATHER_INFO |
| 2009-04-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-765-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-4078.nasl - Type : ACT_GATHER_INFO |
| 2009-04-28 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-4083.nasl - Type : ACT_GATHER_INFO |
| 2009-04-28 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3010.nasl - Type : ACT_GATHER_INFO |
| 2009-04-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0449.nasl - Type : ACT_GATHER_INFO |
| 2009-04-27 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3893.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0977.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2008-11490.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-11511.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9901.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-1398.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-2422.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2882.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3100.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3161.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3875.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-205.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-206.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-228.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-230.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-235.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-244.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-245.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-012.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-044.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-075.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-083.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-084.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-645-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-645-3.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-647-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-667-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-668-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-690-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-690-2.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-701-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-717-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-728-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-741-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-745-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-764-1.nasl - Type : ACT_GATHER_INFO |
| 2009-04-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3b18e2372f1511de96720030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2009-04-22 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_309.nasl - Type : ACT_GATHER_INFO |
| 2009-04-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0436.nasl - Type : ACT_GATHER_INFO |
| 2009-04-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0437.nasl - Type : ACT_GATHER_INFO |
| 2009-04-21 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-6194.nasl - Type : ACT_GATHER_INFO |
| 2009-04-10 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1116.nasl - Type : ACT_GATHER_INFO |
| 2009-04-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1756.nasl - Type : ACT_GATHER_INFO |
| 2009-03-31 | Name : The remote Fedora host is missing a security update. File : fedora_2009-3101.nasl - Type : ACT_GATHER_INFO |
| 2009-03-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0398.nasl - Type : ACT_GATHER_INFO |
| 2009-03-30 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-3099.nasl - Type : ACT_GATHER_INFO |
| 2009-03-30 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_308.nasl - Type : ACT_GATHER_INFO |
| 2009-03-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0397.nasl - Type : ACT_GATHER_INFO |
| 2009-03-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0398.nasl - Type : ACT_GATHER_INFO |
| 2009-03-25 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-083-02.nasl - Type : ACT_GATHER_INFO |
| 2009-03-25 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-083-03.nasl - Type : ACT_GATHER_INFO |
| 2009-03-25 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0258.nasl - Type : ACT_GATHER_INFO |
| 2009-03-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1751.nasl - Type : ACT_GATHER_INFO |
| 2009-03-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-2884.nasl - Type : ACT_GATHER_INFO |
| 2009-03-20 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20021.nasl - Type : ACT_GATHER_INFO |
| 2009-03-20 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1115.nasl - Type : ACT_GATHER_INFO |
| 2009-03-09 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-2421.nasl - Type : ACT_GATHER_INFO |
| 2009-03-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0315.nasl - Type : ACT_GATHER_INFO |
| 2009-03-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0325.nasl - Type : ACT_GATHER_INFO |
| 2009-03-05 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_307.nasl - Type : ACT_GATHER_INFO |
| 2009-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0315.nasl - Type : ACT_GATHER_INFO |
| 2009-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0325.nasl - Type : ACT_GATHER_INFO |
| 2009-02-12 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8b491182f84211dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2009-02-06 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2009-1399.nasl - Type : ACT_GATHER_INFO |
| 2009-02-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0256.nasl - Type : ACT_GATHER_INFO |
| 2009-02-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0257.nasl - Type : ACT_GATHER_INFO |
| 2009-02-04 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_306.nasl - Type : ACT_GATHER_INFO |
| 2009-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0256.nasl - Type : ACT_GATHER_INFO |
| 2009-02-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0257.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris10_128640.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris10_x86_128641.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128640-30 File : solaris9_128640.nasl - Type : ACT_GATHER_INFO |
| 2009-01-19 | Name : The remote host is missing Sun Security Patch number 128641-30 File : solaris9_x86_128641.nasl - Type : ACT_GATHER_INFO |
| 2009-01-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1707.nasl - Type : ACT_GATHER_INFO |
| 2009-01-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1704.nasl - Type : ACT_GATHER_INFO |
| 2009-01-09 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5900.nasl - Type : ACT_GATHER_INFO |
| 2009-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1696.nasl - Type : ACT_GATHER_INFO |
| 2009-01-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1697.nasl - Type : ACT_GATHER_INFO |
| 2009-01-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0002.nasl - Type : ACT_GATHER_INFO |
| 2009-01-07 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5885.nasl - Type : ACT_GATHER_INFO |
| 2009-01-07 | Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner181-5881.nasl - Type : ACT_GATHER_INFO |
| 2009-01-02 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20019.nasl - Type : ACT_GATHER_INFO |
| 2008-12-22 | Name : The remote Windows host contains a web browser that is affected by a cross do... File : mozilla_firefox_20020.nasl - Type : ACT_GATHER_INFO |
| 2008-12-21 | Name : The remote Fedora host is missing a security update. File : fedora_2008-11534.nasl - Type : ACT_GATHER_INFO |
| 2008-12-21 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-11551.nasl - Type : ACT_GATHER_INFO |
| 2008-12-21 | Name : The remote Fedora host is missing a security update. File : fedora_2008-11586.nasl - Type : ACT_GATHER_INFO |
| 2008-12-21 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-11598.nasl - Type : ACT_GATHER_INFO |
| 2008-12-21 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_29f5bfc5ce0411dda7210030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2008-12-21 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5880.nasl - Type : ACT_GATHER_INFO |
| 2008-12-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-1037.nasl - Type : ACT_GATHER_INFO |
| 2008-12-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20019.nasl - Type : ACT_GATHER_INFO |
| 2008-12-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_305.nasl - Type : ACT_GATHER_INFO |
| 2008-12-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-1036.nasl - Type : ACT_GATHER_INFO |
| 2008-12-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-1037.nasl - Type : ACT_GATHER_INFO |
| 2008-12-17 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1114.nasl - Type : ACT_GATHER_INFO |
| 2008-11-26 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gecko-sdk-5811.nasl - Type : ACT_GATHER_INFO |
| 2008-11-25 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1671.nasl - Type : ACT_GATHER_INFO |
| 2008-11-25 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5812.nasl - Type : ACT_GATHER_INFO |
| 2008-11-25 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5825.nasl - Type : ACT_GATHER_INFO |
| 2008-11-25 | Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner181-5820.nasl - Type : ACT_GATHER_INFO |
| 2008-11-25 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5815.nasl - Type : ACT_GATHER_INFO |
| 2008-11-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1669.nasl - Type : ACT_GATHER_INFO |
| 2008-11-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5786.nasl - Type : ACT_GATHER_INFO |
| 2008-11-21 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9807.nasl - Type : ACT_GATHER_INFO |
| 2008-11-21 | Name : The remote Fedora host is missing a security update. File : fedora_2008-9859.nasl - Type : ACT_GATHER_INFO |
| 2008-11-21 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0976.nasl - Type : ACT_GATHER_INFO |
| 2008-11-20 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20018.nasl - Type : ACT_GATHER_INFO |
| 2008-11-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-9667.nasl - Type : ACT_GATHER_INFO |
| 2008-11-16 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-9669.nasl - Type : ACT_GATHER_INFO |
| 2008-11-14 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f29fea8fb19f11dda55e00163e000016.nasl - Type : ACT_GATHER_INFO |
| 2008-11-13 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20018.nasl - Type : ACT_GATHER_INFO |
| 2008-11-13 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_304.nasl - Type : ACT_GATHER_INFO |
| 2008-11-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0977.nasl - Type : ACT_GATHER_INFO |
| 2008-11-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0978.nasl - Type : ACT_GATHER_INFO |
| 2008-11-13 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1113.nasl - Type : ACT_GATHER_INFO |
| 2008-10-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1649.nasl - Type : ACT_GATHER_INFO |
| 2008-10-08 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gecko-sdk-5654.nasl - Type : ACT_GATHER_INFO |
| 2008-10-08 | Name : The remote openSUSE host is missing a security update. File : suse_mozilla-xulrunner181-5656.nasl - Type : ACT_GATHER_INFO |
| 2008-10-07 | Name : The remote openSUSE host is missing a security update. File : suse_seamonkey-5657.nasl - Type : ACT_GATHER_INFO |
| 2008-10-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2008-0908.nasl - Type : ACT_GATHER_INFO |
| 2008-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaThunderbird-5655.nasl - Type : ACT_GATHER_INFO |
| 2008-10-02 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0908.nasl - Type : ACT_GATHER_INFO |
| 2008-10-01 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-5640.nasl - Type : ACT_GATHER_INFO |
| 2008-10-01 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-5644.nasl - Type : ACT_GATHER_INFO |
| 2008-09-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-8399.nasl - Type : ACT_GATHER_INFO |
| 2008-09-29 | Name : The remote Fedora host is missing a security update. File : fedora_2008-8401.nasl - Type : ACT_GATHER_INFO |
| 2008-09-29 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2008-8425.nasl - Type : ACT_GATHER_INFO |
| 2008-09-29 | Name : The remote Fedora host is missing a security update. File : fedora_2008-8429.nasl - Type : ACT_GATHER_INFO |
| 2008-09-28 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-270-01.nasl - Type : ACT_GATHER_INFO |
| 2008-09-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-269-01.nasl - Type : ACT_GATHER_INFO |
| 2008-09-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-269-02.nasl - Type : ACT_GATHER_INFO |
| 2008-09-26 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_20017.nasl - Type : ACT_GATHER_INFO |
| 2008-09-25 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0882.nasl - Type : ACT_GATHER_INFO |
| 2008-09-24 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2273879e8a2f11dda6fe0030843d3802.nasl - Type : ACT_GATHER_INFO |
| 2008-09-24 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_20017.nasl - Type : ACT_GATHER_INFO |
| 2008-09-24 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_302.nasl - Type : ACT_GATHER_INFO |
| 2008-09-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0879.nasl - Type : ACT_GATHER_INFO |
| 2008-09-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0882.nasl - Type : ACT_GATHER_INFO |
| 2008-09-24 | Name : A web browser on the remote host is affected by multiple vulnerabilities. File : seamonkey_1112.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125437-22 File : solaris10_125437.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125438-22 File : solaris10_x86_125438.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125437-22 File : solaris8_125437.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125437-22 File : solaris9_125437.nasl - Type : ACT_GATHER_INFO |
| 2007-10-12 | Name : The remote host is missing Sun Security Patch number 125438-22 File : solaris9_x86_125438.nasl - Type : ACT_GATHER_INFO |
| 2007-06-04 | Name : The remote host is missing Sun Security Patch number 125720-70 File : solaris10_x86_125720.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-02-29 21:29:49 |
|
| 2016-02-24 09:28:56 |
|
| 2014-02-17 11:37:38 |
|
| 2013-01-08 05:19:36 |
|
