Executive Summary
Summary | |
---|---|
Title | Mozilla Products: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201309-23 | First vendor Publication | 2013-09-27 |
Vendor | Gentoo | Last vendor Modification | 2013-09-27 |
Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, some of which may allow a remote user to execute arbitrary code. Background Description Impact Workaround Resolution All users of the Mozilla Firefox binary package should upgrade to the latest version: All Mozilla Thunderbird users should upgrade to the latest version: All users of the Mozilla Thunderbird binary package should upgrade to the latest version: All SeaMonkey users should upgrade to the latest version: All users of the Mozilla SeaMonkey binary package should upgrade to the latest version: References Availability http://security.gentoo.org/glsa/glsa-201309-23.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201309-23.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
16 % | CWE-416 | Use After Free |
15 % | CWE-264 | Permissions, Privileges, and Access Controls |
12 % | CWE-399 | Resource Management Errors |
8 % | CWE-20 | Improper Input Validation |
5 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
4 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
4 % | CWE-125 | Out-of-bounds Read |
2 % | CWE-200 | Information Exposure |
2 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
1 % | CWE-326 | Inadequate Encryption Strength |
1 % | CWE-295 | Certificate Issues |
1 % | CWE-287 | Improper Authentication |
1 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
1 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:16171 | |||
Oval ID: | oval:org.mitre.oval:def:16171 | ||
Title: | The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Description: | The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0767 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16182 | |||
Oval ID: | oval:org.mitre.oval:def:16182 | ||
Title: | DEPRECATED: The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. | ||
Description: | The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0796 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16189 | |||
Oval ID: | oval:org.mitre.oval:def:16189 | ||
Title: | Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0766 | Version: | 21 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16199 | |||
Oval ID: | oval:org.mitre.oval:def:16199 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0769 | Version: | 21 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16219 | |||
Oval ID: | oval:org.mitre.oval:def:16219 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0783 | Version: | 21 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16288 | |||
Oval ID: | oval:org.mitre.oval:def:16288 | ||
Title: | Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0762 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16383 | |||
Oval ID: | oval:org.mitre.oval:def:16383 | ||
Title: | Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties. | ||
Description: | Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0780 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16570 | |||
Oval ID: | oval:org.mitre.oval:def:16570 | ||
Title: | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection. | ||
Description: | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0746 | Version: | 21 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16577 | |||
Oval ID: | oval:org.mitre.oval:def:16577 | ||
Title: | The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors. | ||
Description: | The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1678 | Version: | 16 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16604 | |||
Oval ID: | oval:org.mitre.oval:def:16604 | ||
Title: | Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site | ||
Description: | Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1684 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16616 | |||
Oval ID: | oval:org.mitre.oval:def:16616 | ||
Title: | Mozilla SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. | ||
Description: | Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0751 | Version: | 13 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla SeaMonkey |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16619 | |||
Oval ID: | oval:org.mitre.oval:def:16619 | ||
Title: | The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Description: | The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0778 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16629 | |||
Oval ID: | oval:org.mitre.oval:def:16629 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0788 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16666 | |||
Oval ID: | oval:org.mitre.oval:def:16666 | ||
Title: | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. | ||
Description: | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0776 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16694 | |||
Oval ID: | oval:org.mitre.oval:def:16694 | ||
Title: | Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content. | ||
Description: | Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0752 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16715 | |||
Oval ID: | oval:org.mitre.oval:def:16715 | ||
Title: | The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data. | ||
Description: | The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0764 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16737 | |||
Oval ID: | oval:org.mitre.oval:def:16737 | ||
Title: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0787 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16747 | |||
Oval ID: | oval:org.mitre.oval:def:16747 | ||
Title: | The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Description: | The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0779 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16797 | |||
Oval ID: | oval:org.mitre.oval:def:16797 | ||
Title: | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors. | ||
Description: | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0774 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16800 | |||
Oval ID: | oval:org.mitre.oval:def:16800 | ||
Title: | USN-1891-1 -- Thunderbird vulnerabilities | ||
Description: | Several security issues were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1891-1 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 | Version: | 8 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16812 | |||
Oval ID: | oval:org.mitre.oval:def:16812 | ||
Title: | Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects. | ||
Description: | Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0754 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16813 | |||
Oval ID: | oval:org.mitre.oval:def:16813 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0770 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16827 | |||
Oval ID: | oval:org.mitre.oval:def:16827 | ||
Title: | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. | ||
Description: | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0759 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16832 | |||
Oval ID: | oval:org.mitre.oval:def:16832 | ||
Title: | Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0761 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16842 | |||
Oval ID: | oval:org.mitre.oval:def:16842 | ||
Title: | The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Description: | The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0795 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16861 | |||
Oval ID: | oval:org.mitre.oval:def:16861 | ||
Title: | The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Description: | The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0773 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16866 | |||
Oval ID: | oval:org.mitre.oval:def:16866 | ||
Title: | The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event. | ||
Description: | The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0747 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16906 | |||
Oval ID: | oval:org.mitre.oval:def:16906 | ||
Title: | Heap-based buffer overflow in the nsSaveAsCharseterbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Description: | Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0782 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16909 | |||
Oval ID: | oval:org.mitre.oval:def:16909 | ||
Title: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0800 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16928 | |||
Oval ID: | oval:org.mitre.oval:def:16928 | ||
Title: | Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. | ||
Description: | Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0793 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16934 | |||
Oval ID: | oval:org.mitre.oval:def:16934 | ||
Title: | Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0781 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16939 | |||
Oval ID: | oval:org.mitre.oval:def:16939 | ||
Title: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document. | ||
Description: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0757 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16950 | |||
Oval ID: | oval:org.mitre.oval:def:16950 | ||
Title: | Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. | ||
Description: | Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0775 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16952 | |||
Oval ID: | oval:org.mitre.oval:def:16952 | ||
Title: | Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer. | ||
Description: | Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0755 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16953 | |||
Oval ID: | oval:org.mitre.oval:def:16953 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0749 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16956 | |||
Oval ID: | oval:org.mitre.oval:def:16956 | ||
Title: | The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Description: | The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1676 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16957 | |||
Oval ID: | oval:org.mitre.oval:def:16957 | ||
Title: | Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow. | ||
Description: | Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0750 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16976 | |||
Oval ID: | oval:org.mitre.oval:def:16976 | ||
Title: | Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent sensitive information from process memory via a crafted web site. | ||
Description: | Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1675 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16977 | |||
Oval ID: | oval:org.mitre.oval:def:16977 | ||
Title: | Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0777 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16979 | |||
Oval ID: | oval:org.mitre.oval:def:16979 | ||
Title: | The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Description: | The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1677 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16988 | |||
Oval ID: | oval:org.mitre.oval:def:16988 | ||
Title: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1681 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16990 | |||
Oval ID: | oval:org.mitre.oval:def:16990 | ||
Title: | Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values. | ||
Description: | Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0768 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16996 | |||
Oval ID: | oval:org.mitre.oval:def:16996 | ||
Title: | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location | ||
Description: | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1690 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17007 | |||
Oval ID: | oval:org.mitre.oval:def:17007 | ||
Title: | Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups. | ||
Description: | Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0744 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17019 | |||
Oval ID: | oval:org.mitre.oval:def:17019 | ||
Title: | Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. | ||
Description: | Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0771 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17021 | |||
Oval ID: | oval:org.mitre.oval:def:17021 | ||
Title: | Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image. | ||
Description: | Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0792 | Version: | 13 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17031 | |||
Oval ID: | oval:org.mitre.oval:def:17031 | ||
Title: | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1680 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17046 | |||
Oval ID: | oval:org.mitre.oval:def:17046 | ||
Title: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. | ||
Description: | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1670 | Version: | 16 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17053 | |||
Oval ID: | oval:org.mitre.oval:def:17053 | ||
Title: | Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content. | ||
Description: | Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0753 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17061 | |||
Oval ID: | oval:org.mitre.oval:def:17061 | ||
Title: | The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects. | ||
Description: | The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0745 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17062 | |||
Oval ID: | oval:org.mitre.oval:def:17062 | ||
Title: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0801 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17065 | |||
Oval ID: | oval:org.mitre.oval:def:17065 | ||
Title: | Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. | ||
Description: | Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0794 | Version: | 13 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17075 | |||
Oval ID: | oval:org.mitre.oval:def:17075 | ||
Title: | The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code | ||
Description: | The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1693 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17079 | |||
Oval ID: | oval:org.mitre.oval:def:17079 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0789 | Version: | 14 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17085 | |||
Oval ID: | oval:org.mitre.oval:def:17085 | ||
Title: | Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1679 | Version: | 17 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17086 | |||
Oval ID: | oval:org.mitre.oval:def:17086 | ||
Title: | Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. | ||
Description: | Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0760 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17087 | |||
Oval ID: | oval:org.mitre.oval:def:17087 | ||
Title: | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. | ||
Description: | Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0758 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17093 | |||
Oval ID: | oval:org.mitre.oval:def:17093 | ||
Title: | USN-1822-1 -- Firefox vulnerabilities | ||
Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1822-1 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1671 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 7 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.04 Ubuntu 12.10 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17096 | |||
Oval ID: | oval:org.mitre.oval:def:17096 | ||
Title: | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site | ||
Description: | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1692 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17097 | |||
Oval ID: | oval:org.mitre.oval:def:17097 | ||
Title: | Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||
Description: | Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0765 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17100 | |||
Oval ID: | oval:org.mitre.oval:def:17100 | ||
Title: | Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site. | ||
Description: | Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1671 | Version: | 8 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17101 | |||
Oval ID: | oval:org.mitre.oval:def:17101 | ||
Title: | Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection. | ||
Description: | Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0756 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17107 | |||
Oval ID: | oval:org.mitre.oval:def:17107 | ||
Title: | Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. | ||
Description: | Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0763 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17109 | |||
Oval ID: | oval:org.mitre.oval:def:17109 | ||
Title: | The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object. | ||
Description: | The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0748 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17117 | |||
Oval ID: | oval:org.mitre.oval:def:17117 | ||
Title: | The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site | ||
Description: | The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1687 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17119 | |||
Oval ID: | oval:org.mitre.oval:def:17119 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0784 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17146 | |||
Oval ID: | oval:org.mitre.oval:def:17146 | ||
Title: | Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory. | ||
Description: | Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0797 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17147 | |||
Oval ID: | oval:org.mitre.oval:def:17147 | ||
Title: | Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video. | ||
Description: | Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1674 | Version: | 16 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17150 | |||
Oval ID: | oval:org.mitre.oval:def:17150 | ||
Title: | The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. | ||
Description: | The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0791 | Version: | 18 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17155 | |||
Oval ID: | oval:org.mitre.oval:def:17155 | ||
Title: | Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments. | ||
Description: | Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0799 | Version: | 16 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17159 | |||
Oval ID: | oval:org.mitre.oval:def:17159 | ||
Title: | The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image. | ||
Description: | The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0772 | Version: | 23 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17243 | |||
Oval ID: | oval:org.mitre.oval:def:17243 | ||
Title: | The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method | ||
Description: | The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1697 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17392 | |||
Oval ID: | oval:org.mitre.oval:def:17392 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1682 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17405 | |||
Oval ID: | oval:org.mitre.oval:def:17405 | ||
Title: | The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag | ||
Description: | The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1694 | Version: | 15 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17825 | |||
Oval ID: | oval:org.mitre.oval:def:17825 | ||
Title: | DSA-2699-1 iceweasel - several | ||
Description: | Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary code, privilege escalation, information leaks or cross-site-scripting. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2699-1 CVE-2013-0773 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 CVE-2013-0787 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 8 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17832 | |||
Oval ID: | oval:org.mitre.oval:def:17832 | ||
Title: | USN-1729-2 -- firefox regression | ||
Description: | Due to a regression, Firefox might crash or freeze under normal use. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1729-2 CVE-2013-0783 CVE-2013-0784 CVE-2013-0772 CVE-2013-0765 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17889 | |||
Oval ID: | oval:org.mitre.oval:def:17889 | ||
Title: | USN-1786-1 -- firefox vulnerabilities | ||
Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1786-1 CVE-2013-0788 CVE-2013-0789 CVE-2013-0791 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18002 | |||
Oval ID: | oval:org.mitre.oval:def:18002 | ||
Title: | Same-origin bypass with web workers and XMLHttpRequest | ||
Description: | The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1714 | Version: | 20 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18014 | |||
Oval ID: | oval:org.mitre.oval:def:18014 | ||
Title: | Further Privilege escalation through Mozilla Updater | ||
Description: | Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1712 | Version: | 20 |
Platform(s): | Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18048 | |||
Oval ID: | oval:org.mitre.oval:def:18048 | ||
Title: | USN-1924-2 -- ubufox, unity-firefox-extension update | ||
Description: | This update provides compatible packages for Firefox 23. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1924-2 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 7 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | ubufox unity-firefox-extension |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18057 | |||
Oval ID: | oval:org.mitre.oval:def:18057 | ||
Title: | USN-1758-1 -- firefox vulnerability | ||
Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1758-1 CVE-2013-0787 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18122 | |||
Oval ID: | oval:org.mitre.oval:def:18122 | ||
Title: | DSA-2746-1 icedove - several | ||
Description: | Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code or cross-site scripting. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2746-1 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 8 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | icedove |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18184 | |||
Oval ID: | oval:org.mitre.oval:def:18184 | ||
Title: | USN-1791-1 -- thunderbird vulnerabilities | ||
Description: | Several security issues were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1791-1 CVE-2013-0788 CVE-2013-0791 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18233 | |||
Oval ID: | oval:org.mitre.oval:def:18233 | ||
Title: | USN-1758-2 -- thunderbird vulnerability | ||
Description: | Thunderbird could be made to crash or run programs as your login. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1758-2 CVE-2013-0787 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18278 | |||
Oval ID: | oval:org.mitre.oval:def:18278 | ||
Title: | USN-1786-2 -- unity-firefox-extension update | ||
Description: | This update provides a compatible version of Unity Firefox Extension for Firefox 20. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1786-2 CVE-2013-0788 CVE-2013-0789 CVE-2013-0791 CVE-2013-0792 CVE-2013-0793 CVE-2013-0794 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 7 |
Platform(s): | Ubuntu 12.10 | Product(s): | unity-firefox-extension |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18282 | |||
Oval ID: | oval:org.mitre.oval:def:18282 | ||
Title: | USN-1823-1 -- thunderbird vulnerabilities | ||
Description: | Several security issues were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1823-1 CVE-2013-0801 CVE-2013-1669 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 7 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18301 | |||
Oval ID: | oval:org.mitre.oval:def:18301 | ||
Title: | USN-1729-1 -- firefox vulnerabilities | ||
Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1729-1 CVE-2013-0783 CVE-2013-0784 CVE-2013-0772 CVE-2013-0765 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18309 | |||
Oval ID: | oval:org.mitre.oval:def:18309 | ||
Title: | USN-1748-1 -- thunderbird vulnerabilities | ||
Description: | Several security issues were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1748-1 CVE-2013-0773 CVE-2013-0774 CVE-2013-0775 CVE-2013-0776 CVE-2013-0777 CVE-2013-0778 CVE-2013-0779 CVE-2013-0780 CVE-2013-0781 CVE-2013-0782 CVE-2013-0783 CVE-2013-0784 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18367 | |||
Oval ID: | oval:org.mitre.oval:def:18367 | ||
Title: | Local Java applets may read contents of local file system | ||
Description: | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1717 | Version: | 20 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18374 | |||
Oval ID: | oval:org.mitre.oval:def:18374 | ||
Title: | USN-1925-1 -- thunderbird vulnerabilities | ||
Description: | Several security issues were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1925-1 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 7 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18410 | |||
Oval ID: | oval:org.mitre.oval:def:18410 | ||
Title: | USN-1924-1 -- firefox vulnerabilities | ||
Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1924-1 CVE-2013-1701 CVE-2013-1702 CVE-2013-1704 CVE-2013-1705 CVE-2013-1708 CVE-2013-1709 CVE-2013-1710 CVE-2013-1711 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 7 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18443 | |||
Oval ID: | oval:org.mitre.oval:def:18443 | ||
Title: | Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling. | ||
Description: | Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1735 | Version: | 22 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18514 | |||
Oval ID: | oval:org.mitre.oval:def:18514 | ||
Title: | Miscellaneous memory safety hazards | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1701 | Version: | 20 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18520 | |||
Oval ID: | oval:org.mitre.oval:def:18520 | ||
Title: | Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout. | ||
Description: | Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1732 | Version: | 22 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18531 | |||
Oval ID: | oval:org.mitre.oval:def:18531 | ||
Title: | Document URI misrepresentation and masquerading | ||
Description: | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1709 | Version: | 20 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18617 | |||
Oval ID: | oval:org.mitre.oval:def:18617 | ||
Title: | The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state. | ||
Description: | The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1720 | Version: | 22 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18766 | |||
Oval ID: | oval:org.mitre.oval:def:18766 | ||
Title: | Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration. | ||
Description: | Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1738 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18773 | |||
Oval ID: | oval:org.mitre.oval:def:18773 | ||
Title: | CRMF requests allow for code execution and XSS attacks | ||
Description: | The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1710 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18789 | |||
Oval ID: | oval:org.mitre.oval:def:18789 | ||
Title: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the thisobject during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1737 | Version: | 22 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18803 | |||
Oval ID: | oval:org.mitre.oval:def:18803 | ||
Title: | Crash during WAV audio file decoding | ||
Description: | Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1708 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18821 | |||
Oval ID: | oval:org.mitre.oval:def:18821 | ||
Title: | Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. | ||
Description: | Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1726 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18830 | |||
Oval ID: | oval:org.mitre.oval:def:18830 | ||
Title: | Bypass of XrayWrappers using XBL Scopes | ||
Description: | The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1711 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18856 | |||
Oval ID: | oval:org.mitre.oval:def:18856 | ||
Title: | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes. | ||
Description: | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1736 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18871 | |||
Oval ID: | oval:org.mitre.oval:def:18871 | ||
Title: | Buffer overflow in Mozilla Maintenance Service and Mozilla Updater | ||
Description: | Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1707 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18876 | |||
Oval ID: | oval:org.mitre.oval:def:18876 | ||
Title: | Miscellaneous memory safety hazards | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1702 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18884 | |||
Oval ID: | oval:org.mitre.oval:def:18884 | ||
Title: | Wrong principal used for validating URI for some Javascript components | ||
Description: | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1713 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18902 | |||
Oval ID: | oval:org.mitre.oval:def:18902 | ||
Title: | The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. | ||
Description: | The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1728 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18935 | |||
Oval ID: | oval:org.mitre.oval:def:18935 | ||
Title: | Buffer underflow when generating CRMF requests | ||
Description: | Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1705 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18939 | |||
Oval ID: | oval:org.mitre.oval:def:18939 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1718 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18945 | |||
Oval ID: | oval:org.mitre.oval:def:18945 | ||
Title: | Use after free mutating DOM during SetBody | ||
Description: | Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1704 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18974 | |||
Oval ID: | oval:org.mitre.oval:def:18974 | ||
Title: | DSA-2735-1 iceweasel - several | ||
Description: | Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: multiple memory safety errors, missing permission checks and other implementation errors may lead to the execution of arbitrary code, cross-site scripting, privilege escalation, bypass of the same-origin policy or the installation of malicious addons. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2735-1 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 8 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18982 | |||
Oval ID: | oval:org.mitre.oval:def:18982 | ||
Title: | Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element. | ||
Description: | Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1724 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19011 | |||
Oval ID: | oval:org.mitre.oval:def:19011 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1719 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19022 | |||
Oval ID: | oval:org.mitre.oval:def:19022 | ||
Title: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. | ||
Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1730 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19025 | |||
Oval ID: | oval:org.mitre.oval:def:19025 | ||
Title: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. | ||
Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1725 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19028 | |||
Oval ID: | oval:org.mitre.oval:def:19028 | ||
Title: | The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. | ||
Description: | The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1723 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19031 | |||
Oval ID: | oval:org.mitre.oval:def:19031 | ||
Title: | Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning. | ||
Description: | Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1722 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox ESR Mozilla Thunderbird ESR |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19331 | |||
Oval ID: | oval:org.mitre.oval:def:19331 | ||
Title: | USN-1952-1 -- thunderbird vulnerabilities | ||
Description: | Several security issues were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1952-1 CVE-2013-1718 CVE-2013-1720 CVE-2013-1721 CVE-2013-1722 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 | Version: | 5 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19389 | |||
Oval ID: | oval:org.mitre.oval:def:19389 | ||
Title: | USN-1951-1 -- firefox vulnerabilities | ||
Description: | Firefox could be made to crash or run programs as your login if it opened a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1951-1 CVE-2013-1718 CVE-2013-1719 CVE-2013-1720 CVE-2013-1721 CVE-2013-1722 CVE-2013-1724 CVE-2013-1725 CVE-2013-1728 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 CVE-2013-1738 | Version: | 5 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 | Product(s): | firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19877 | |||
Oval ID: | oval:org.mitre.oval:def:19877 | ||
Title: | DSA-2762-1 icedove - several | ||
Description: | Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2762-1 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 5 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | icedove |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19905 | |||
Oval ID: | oval:org.mitre.oval:def:19905 | ||
Title: | DSA-2759-1 iceweasel - several | ||
Description: | Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2759-1 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 5 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19998 | |||
Oval ID: | oval:org.mitre.oval:def:19998 | ||
Title: | DSA-2720-1 icedove - several | ||
Description: | Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementation errors may lead to the execution of arbitrary code, privilege escalation, information disclosure or cross-site request forgery. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2720-1 CVE-2013-0795 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 | Version: | 5 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | icedove |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20086 | |||
Oval ID: | oval:org.mitre.oval:def:20086 | ||
Title: | DSA-2716-1 iceweasel - several | ||
Description: | Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementation errors may lead to the execution of arbitrary code, privilege escalation, information disclosure or cross-site request forgery. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2716-1 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 | Version: | 5 |
Platform(s): | Debian GNU/Linux 7 Debian GNU/kFreeBSD 7 | Product(s): | iceweasel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20230 | |||
Oval ID: | oval:org.mitre.oval:def:20230 | ||
Title: | RHSA-2013:0145: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0145-01 CESA-2013:0145 CVE-2013-0744 CVE-2013-0746 CVE-2013-0748 CVE-2013-0750 CVE-2013-0753 CVE-2013-0754 CVE-2013-0758 CVE-2013-0759 CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 CVE-2013-0769 | Version: | 171 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20604 | |||
Oval ID: | oval:org.mitre.oval:def:20604 | ||
Title: | RHSA-2013:1140: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:1140-01 CESA-2013:1140 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 87 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20691 | |||
Oval ID: | oval:org.mitre.oval:def:20691 | ||
Title: | RHSA-2013:0981: firefox security update (Critical) | ||
Description: | The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0981-00 CESA-2013:0981 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 | Version: | 143 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20767 | |||
Oval ID: | oval:org.mitre.oval:def:20767 | ||
Title: | RHSA-2013:1268: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:1268-00 CESA-2013:1268 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 115 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20827 | |||
Oval ID: | oval:org.mitre.oval:def:20827 | ||
Title: | RHSA-2013:0982: thunderbird security update (Important) | ||
Description: | The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0982-00 CESA-2013:0982 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 | Version: | 143 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20855 | |||
Oval ID: | oval:org.mitre.oval:def:20855 | ||
Title: | RHSA-2013:0144: firefox security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0144-01 CESA-2013:0144 CVE-2013-0744 CVE-2013-0746 CVE-2013-0748 CVE-2013-0750 CVE-2013-0753 CVE-2013-0754 CVE-2013-0758 CVE-2013-0759 CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 CVE-2013-0769 | Version: | 171 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20907 | |||
Oval ID: | oval:org.mitre.oval:def:20907 | ||
Title: | RHSA-2013:1269: thunderbird security update (Important) | ||
Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:1269-00 CESA-2013:1269 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 115 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20933 | |||
Oval ID: | oval:org.mitre.oval:def:20933 | ||
Title: | RHSA-2013:0627: thunderbird security update (Important) | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0627-01 CESA-2013:0627 CVE-2013-0787 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21004 | |||
Oval ID: | oval:org.mitre.oval:def:21004 | ||
Title: | RHSA-2013:0614: xulrunner security update (Critical) | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0614-01 CESA-2013:0614 CVE-2013-0787 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21008 | |||
Oval ID: | oval:org.mitre.oval:def:21008 | ||
Title: | RHSA-2013:1142: thunderbird security update (Important) | ||
Description: | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-1701) A flaw was found in the way Thunderbird generated Certificate Request Message Format (CRMF) requests. An attacker could use this flaw to perform cross-site scripting (XSS) attacks or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-1710) A flaw was found in the way Thunderbird handled the interaction between frames and browser history. An attacker could use this flaw to trick Thunderbird into treating malicious content as if it came from the browser history, allowing for XSS attacks. (CVE-2013-1709) It was found that the same-origin policy could be bypassed due to the way Uniform Resource Identifiers (URI) were checked in JavaScript. An attacker could use this flaw to perform XSS attacks, or install malicious add-ons from third-party pages. (CVE-2013-1713) It was found that web workers could bypass the same-origin policy. An attacker could use this flaw to perform XSS attacks. (CVE-2013-1714) It was found that, in certain circumstances, Thunderbird incorrectly handled Java applets. If a user launched an untrusted Java applet via Thunderbird, the applet could use this flaw to obtain read-only access to files on the user's local system. (CVE-2013-1717) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jeff Gilbert, Henrik Skupin, moz_bug_r_a4, Cody Crews, Federico Lanusse, and Georgi Guninski as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.8 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:1142-01 CESA-2013:1142 CVE-2013-1701 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21038 | |||
Oval ID: | oval:org.mitre.oval:def:21038 | ||
Title: | RHSA-2013:0821: thunderbird security update (Important) | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0821-01 CESA-2013:0821 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 143 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21124 | |||
Oval ID: | oval:org.mitre.oval:def:21124 | ||
Title: | RHSA-2013:0271: firefox security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0271-02 CESA-2013:0271 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 73 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | devhelp firefox xulrunner yelp libproxy |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21139 | |||
Oval ID: | oval:org.mitre.oval:def:21139 | ||
Title: | RHSA-2013:0820: firefox security update (Critical) | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0820-01 CESA-2013:0820 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 143 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21148 | |||
Oval ID: | oval:org.mitre.oval:def:21148 | ||
Title: | RHSA-2013:0272: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0272-01 CESA-2013:0272 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 73 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21149 | |||
Oval ID: | oval:org.mitre.oval:def:21149 | ||
Title: | RHSA-2013:0696: firefox security update (Critical) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0696-01 CESA-2013:0696 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 73 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21181 | |||
Oval ID: | oval:org.mitre.oval:def:21181 | ||
Title: | RHSA-2013:0697: thunderbird security update (Important) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0697-01 CESA-2013:0697 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 73 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22674 | |||
Oval ID: | oval:org.mitre.oval:def:22674 | ||
Title: | DEPRECATED: ELSA-2013:0614: xulrunner security update (Critical) | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0614-01 CVE-2013-0787 | Version: | 7 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22698 | |||
Oval ID: | oval:org.mitre.oval:def:22698 | ||
Title: | DEPRECATED: ELSA-2013:0145: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0145-01 CVE-2013-0744 CVE-2013-0746 CVE-2013-0748 CVE-2013-0750 CVE-2013-0753 CVE-2013-0754 CVE-2013-0758 CVE-2013-0759 CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 CVE-2013-0769 | Version: | 54 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22867 | |||
Oval ID: | oval:org.mitre.oval:def:22867 | ||
Title: | DEPRECATED: ELSA-2013:0696: firefox security update (Critical) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0696-01 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22889 | |||
Oval ID: | oval:org.mitre.oval:def:22889 | ||
Title: | DEPRECATED: ELSA-2013:0821: thunderbird security update (Important) | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0821-01 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 46 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22897 | |||
Oval ID: | oval:org.mitre.oval:def:22897 | ||
Title: | DEPRECATED: ELSA-2013:1142: thunderbird security update (Important) | ||
Description: | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:1142-02 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 30 |
Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22906 | |||
Oval ID: | oval:org.mitre.oval:def:22906 | ||
Title: | DEPRECATED: ELSA-2013:1140: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:1140-01 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 30 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22936 | |||
Oval ID: | oval:org.mitre.oval:def:22936 | ||
Title: | DEPRECATED: ELSA-2013:0144: firefox security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0144-01 CVE-2013-0744 CVE-2013-0746 CVE-2013-0748 CVE-2013-0750 CVE-2013-0753 CVE-2013-0754 CVE-2013-0758 CVE-2013-0759 CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 CVE-2013-0769 | Version: | 54 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22971 | |||
Oval ID: | oval:org.mitre.oval:def:22971 | ||
Title: | DEPRECATED: ELSA-2013:0820: firefox security update (Critical) | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0820-01 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 46 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23124 | |||
Oval ID: | oval:org.mitre.oval:def:23124 | ||
Title: | DEPRECATED: ELSA-2013:0271: firefox security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0271-02 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | devhelp firefox xulrunner yelp libproxy |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23129 | |||
Oval ID: | oval:org.mitre.oval:def:23129 | ||
Title: | ELSA-2013:0614: xulrunner security update (Critical) | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0614-01 CVE-2013-0787 | Version: | 6 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | xulrunner |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23136 | |||
Oval ID: | oval:org.mitre.oval:def:23136 | ||
Title: | DEPRECATED: ELSA-2013:0982: thunderbird security update (Important) | ||
Description: | The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0982-00 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 | Version: | 46 |
Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23153 | |||
Oval ID: | oval:org.mitre.oval:def:23153 | ||
Title: | DEPRECATED: ELSA-2013:0272: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0272-01 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23187 | |||
Oval ID: | oval:org.mitre.oval:def:23187 | ||
Title: | DEPRECATED: ELSA-2013:0697: thunderbird security update (Important) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0697-01 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23194 | |||
Oval ID: | oval:org.mitre.oval:def:23194 | ||
Title: | DEPRECATED: ELSA-2013:1269: thunderbird security update (Important) | ||
Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:1269-00 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 38 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23364 | |||
Oval ID: | oval:org.mitre.oval:def:23364 | ||
Title: | DEPRECATED: ELSA-2013:0627: thunderbird security update (Important) | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0627-01 CVE-2013-0787 | Version: | 7 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23392 | |||
Oval ID: | oval:org.mitre.oval:def:23392 | ||
Title: | DEPRECATED: ELSA-2013:0981: firefox security update (Critical) | ||
Description: | The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0981-00 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 | Version: | 46 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23481 | |||
Oval ID: | oval:org.mitre.oval:def:23481 | ||
Title: | ELSA-2013:0982: thunderbird security update (Important) | ||
Description: | The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0982-00 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 | Version: | 45 |
Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23564 | |||
Oval ID: | oval:org.mitre.oval:def:23564 | ||
Title: | DEPRECATED: ELSA-2013:1268: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:1268-00 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 38 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23597 | |||
Oval ID: | oval:org.mitre.oval:def:23597 | ||
Title: | ELSA-2013:0627: thunderbird security update (Important) | ||
Description: | Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0627-01 CVE-2013-0787 | Version: | 6 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23767 | |||
Oval ID: | oval:org.mitre.oval:def:23767 | ||
Title: | ELSA-2013:1269: thunderbird security update (Important) | ||
Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:1269-00 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 37 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23822 | |||
Oval ID: | oval:org.mitre.oval:def:23822 | ||
Title: | ELSA-2013:0981: firefox security update (Critical) | ||
Description: | The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0981-00 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 | Version: | 45 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23847 | |||
Oval ID: | oval:org.mitre.oval:def:23847 | ||
Title: | ELSA-2013:0145: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0145-01 CVE-2013-0744 CVE-2013-0746 CVE-2013-0748 CVE-2013-0750 CVE-2013-0753 CVE-2013-0754 CVE-2013-0758 CVE-2013-0759 CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 CVE-2013-0769 | Version: | 53 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23874 | |||
Oval ID: | oval:org.mitre.oval:def:23874 | ||
Title: | ELSA-2013:0144: firefox security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0144-01 CVE-2013-0744 CVE-2013-0746 CVE-2013-0748 CVE-2013-0750 CVE-2013-0753 CVE-2013-0754 CVE-2013-0758 CVE-2013-0759 CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 CVE-2013-0769 | Version: | 53 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23946 | |||
Oval ID: | oval:org.mitre.oval:def:23946 | ||
Title: | ELSA-2013:0821: thunderbird security update (Important) | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0821-01 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 45 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23948 | |||
Oval ID: | oval:org.mitre.oval:def:23948 | ||
Title: | ELSA-2013:0697: thunderbird security update (Important) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0697-01 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 25 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23978 | |||
Oval ID: | oval:org.mitre.oval:def:23978 | ||
Title: | ELSA-2013:0696: firefox security update (Critical) | ||
Description: | Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0696-01 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800 | Version: | 25 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24014 | |||
Oval ID: | oval:org.mitre.oval:def:24014 | ||
Title: | ELSA-2013:0820: firefox security update (Critical) | ||
Description: | Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0820-01 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 45 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24061 | |||
Oval ID: | oval:org.mitre.oval:def:24061 | ||
Title: | ELSA-2013:0272: thunderbird security update (Critical) | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0272-01 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 25 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24083 | |||
Oval ID: | oval:org.mitre.oval:def:24083 | ||
Title: | ELSA-2013:1140: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:1140-01 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 29 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24091 | |||
Oval ID: | oval:org.mitre.oval:def:24091 | ||
Title: | ELSA-2013:1142: thunderbird security update (Important) | ||
Description: | Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:1142-02 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 29 |
Platform(s): | Oracle Linux 6 Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:24179 | |||
Oval ID: | oval:org.mitre.oval:def:24179 | ||
Title: | ELSA-2013:1268: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:1268-00 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 37 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:24995 | |||
Oval ID: | oval:org.mitre.oval:def:24995 | ||
Title: | SUSE-SU-2013:1382-1 -- Security update for Mozilla Firefox | ||
Description: | Update to Firefox 17.0.8esr (bnc#833389) to address: * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 (bmo#855331, bmo#844088, bmo#858060, bmo#870200, bmo#874974, bmo#861530, bmo#854157, bmo#893684, bmo#878703, bmo#862185, bmo#879139, bmo#888107, bmo#880734) Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) * MFSA 2013-66/CVE-2013-1706/CVE-2013-1707 (bmo#888314, bmo#888361) Buffer overflow in Mozilla Maintenance Service and Mozilla Updater * MFSA 2013-68/CVE-2013-1709 (bmo#848253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-71/CVE-2013-1712 (bmo#859072) Further Privilege escalation through Mozilla Updater * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541) Local Java applets may read contents of local file system | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1382-1 CVE-2013-1701 CVE-2013-1702 CVE-2013-1706 CVE-2013-1707 CVE-2013-1709 CVE-2013-1710 CVE-2013-1712 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 10 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25026 | |||
Oval ID: | oval:org.mitre.oval:def:25026 | ||
Title: | SUSE-SU-2013:1153-1 -- Security update for Mozilla Firefox | ||
Description: | Mozilla Firefox has been updated to the 17.0.7 ESR version, which fixes bugs and security issues. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1153-1 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1697 | Version: | 5 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 11 SUSE Linux Enterprise Desktop 10 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25088 | |||
Oval ID: | oval:org.mitre.oval:def:25088 | ||
Title: | SUSE-SU-2013:1497-1 -- Security update for Mozilla Firefox | ||
Description: | This update to Firefox 17.0.9esr (bnc#840485) addresses: * MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object o (CVE-2013-1737) * MFSA 2013-90 Memory corruption involving scrolling o use-after-free in mozilla::layout::ScrollbarActivity (CVE-2013-1735) o Memory corruption in nsGfxScrollFrameInner::IsLTR() (CVE-2013-1736) * MFSA 2013-89 Buffer overflow with multi-column, lists, and floats o buffer overflow at nsFloatManager::GetFlowArea() with multicol, list, floats (CVE-2013-1732) * MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes o compartment mismatch in nsXBLBinding::DoInitJSClass (CVE-2013-1730) * MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification o MAR signature bypass in Updater could lead to downgrade (CVE-2013-1726) * MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption o ABORT: bad scope for new JSObjects: ReparentWrapper / document.open (CVE-2013-1725) * MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning o Heap-use-after-free in nsAnimationManager::BuildAnimations (CVE-2013-1722) * MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9) o Memory safety bugs fixed in Firefox 17.0.9 and Firefox 24.0 (CVE-2013-1718) * MFSA 2013-65 Buffer underflow when generating CRMF requests o ASAN heap-buffer-overflow (read 1) in cryptojs_interpret_key_gen_type (CVE-2013-1705) | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1497-1 CVE-2013-1737 CVE-2013-1735 CVE-2013-1736 CVE-2013-1732 CVE-2013-1730 CVE-2013-1726 CVE-2013-1725 CVE-2013-1722 CVE-2013-1718 CVE-2013-1705 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25591 | |||
Oval ID: | oval:org.mitre.oval:def:25591 | ||
Title: | SUSE-SU-2013:1325-2 -- Security update for Mozilla Firefox | ||
Description: | This update to Firefox 17.0.8esr (bnc#833389) addresses the following issues: * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 (bmo#855331, bmo#844088, bmo#858060, bmo#870200, bmo#874974, bmo#861530, bmo#854157, bmo#893684, bmo#878703, bmo#862185, bmo#879139, bmo#888107, bmo#880734) Miscellaneous memory safety hazards (rv:23.0 / rv:17.0.8) * MFSA 2013-66/CVE-2013-1706/CVE-2013-1707 (bmo#888314, bmo#888361) Buffer overflow in Mozilla Maintenance Service and Mozilla Updater * MFSA 2013-68/CVE-2013-1709 (bmo#848253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-71/CVE-2013-1712 (bmo#859072) Further Privilege escalation through Mozilla Updater * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541) Local Java applets may read contents of local file system | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1325-2 CVE-2013-1701 CVE-2013-1702 CVE-2013-1706 CVE-2013-1707 CVE-2013-1709 CVE-2013-1710 CVE-2013-1712 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 5 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25607 | |||
Oval ID: | oval:org.mitre.oval:def:25607 | ||
Title: | SUSE-SU-2013:0843-1 -- Security update for Mozilla Firefox | ||
Description: | Mozilla Firefox has been updated to the 17.0.6ESR security release. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0843-1 CVE-2013-0788 CVE-2013-0800 CVE-2013-0799 CVE-2013-0797 CVE-2013-0796 CVE-2013-0795 CVE-2013-0794 CVE-2013-0793 CVE-2013-0792 CVE-2013-0791 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 10 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25646 | |||
Oval ID: | oval:org.mitre.oval:def:25646 | ||
Title: | SUSE-SU-2013:1325-1 -- Security update for Mozilla Firefox | ||
Description: | This update to Firefox 17.0.8esr (bnc#833389) addresses: * MFSA 2013-63/CVE-2013-1701/CVE-2013-1702 (bmo#855331, bmo#844088, bmo#858060, bmo#870200, bmo#874974, bmo#861530, bmo#854157, bmo#893684, bmo#878703, bmo#862185, bmo#879139, bmo#888107, bmo#880734) Miscellaneous memory safety hazards have been fixed (rv:23.0 / rv:17.0.8): * MFSA 2013-66/CVE-2013-1706/CVE-2013-1707 (bmo#888314, bmo#888361) Buffer overflow in Mozilla Maintenance Service and Mozilla Updater * MFSA 2013-68/CVE-2013-1709 (bmo#848253) Document URI misrepresentation and masquerading * MFSA 2013-69/CVE-2013-1710 (bmo#871368) CRMF requests allow for code execution and XSS attacks * MFSA 2013-71/CVE-2013-1712 (bmo#859072) Further Privilege escalation through Mozilla Updater * MFSA 2013-72/CVE-2013-1713 (bmo#887098) Wrong principal used for validating URI for some Javascript components * MFSA 2013-73/CVE-2013-1714 (bmo#879787) Same-origin bypass with web workers and XMLHttpRequest * MFSA 2013-75/CVE-2013-1717 (bmo#406541) Local Java applets may read contents of local file system | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1325-1 CVE-2013-1701 CVE-2013-1702 CVE-2013-1706 CVE-2013-1707 CVE-2013-1709 CVE-2013-1710 CVE-2013-1712 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25842 | |||
Oval ID: | oval:org.mitre.oval:def:25842 | ||
Title: | SUSE-SU-2013:0842-1 -- Security update for Mozilla Firefox | ||
Description: | Mozilla Firefox has been updated to the17.0.6ESR security release. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0842-1 CVE-2013-0788 CVE-2013-0800 CVE-2013-0799 CVE-2013-0797 CVE-2013-0796 CVE-2013-0795 CVE-2013-0794 CVE-2013-0793 CVE-2013-0792 CVE-2013-0791 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26149 | |||
Oval ID: | oval:org.mitre.oval:def:26149 | ||
Title: | SUSE-SU-2013:0470-1 -- Security update for Mozilla Firefox | ||
Description: | MozillaFirefox has been updated to the 17.0.4ESR release which fixes one important security issue: * MFSA 2013-29 / CVE-2013-0787: VUPEN Security, via TippingPoint's Zero Day Initiative, reported a use-after-free within the HTML editor when content script is run by the document.execCommand() function while internal editor operations are occurring. This could allow for arbitrary code execution. Security Issue reference: * CVE-2013-0787 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0787 > | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0470-1 CVE-2013-0787 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26212 | |||
Oval ID: | oval:org.mitre.oval:def:26212 | ||
Title: | SUSE-SU-2013:0471-1 -- Security update for Mozilla Firefox | ||
Description: | MozillaFirefox has been updated to the 17.0.4ESR release. Besides the major version update from the 10ESR stable release line to the 17ESR stable release line, this update brings critical security and bugfixes. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0471-1 CVE-2013-0787 CVE-2013-0780 CVE-2013-0782 CVE-2013-0776 CVE-2013-0775 CVE-2013-0774 CVE-2013-0773 CVE-2013-0765 CVE-2013-0772 CVE-2013-0783 | Version: | 5 |
Platform(s): | SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 10 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26541 | |||
Oval ID: | oval:org.mitre.oval:def:26541 | ||
Title: | DEPRECATED: ELSA-2013-1142 -- thunderbird security update (important) | ||
Description: | [17.0.8-5.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.8-5] - Update to 17.0.8 ESR - Added strict aliasing patch (mozbz#821502) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-1142 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26687 | |||
Oval ID: | oval:org.mitre.oval:def:26687 | ||
Title: | DEPRECATED: ELSA-2013-0614 -- xulrunner security update (critical) | ||
Description: | [17.0.3-2.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.3-2] - Added fix for #848644 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0614 CVE-2013-0787 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26956 | |||
Oval ID: | oval:org.mitre.oval:def:26956 | ||
Title: | DEPRECATED: ELSA-2013-0820 -- firefox security update (critical) | ||
Description: | firefox [17.0.6-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.6-1] - Update to 17.0.6 ESR [17.0.5-2] - Updated XulRunner check xulrunner [17.0.6-2.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.6-2] - Update to 17.0.6 ESR [17.0.5-2] - Updated nss and nspr versions | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0820 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27026 | |||
Oval ID: | oval:org.mitre.oval:def:27026 | ||
Title: | DEPRECATED: ELSA-2013-0696 -- firefox security update (critical) | ||
Description: | firefox [17.0.5-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.5-1] - Update to 17.0.5 ESR xulrunner [17.0.5-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.5-1] - Update to 17.0.5 ESR [17.0.3-3] - Added fix for rhbz#916180 - Wrong library directory reference in /usr/bin/xulrunner | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0696 CVE-2013-0796 CVE-2013-0800 CVE-2013-0795 CVE-2013-0788 CVE-2013-0793 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27256 | |||
Oval ID: | oval:org.mitre.oval:def:27256 | ||
Title: | DEPRECATED: ELSA-2013-1140 -- firefox security update (critical) | ||
Description: | firefox [17.0.8-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.8-1] - Update to 17.0.8 ESR xulrunner [17.0.8-3.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.8-3] - Update to 17.0.8 ESR Build 2 [17.0.8-2] - Added fix for rhbz#990921 - firefox does not build with required nss/nspr [17.0.8-1] - Update to 17.0.8 ESR | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-1140 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27364 | |||
Oval ID: | oval:org.mitre.oval:def:27364 | ||
Title: | DEPRECATED: ELSA-2013-0697 -- thunderbird security update (important) | ||
Description: | [17.0.5-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.5-1] - Update to 17.0.5 ESR | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0697 CVE-2013-0800 CVE-2013-0796 CVE-2013-0788 CVE-2013-0795 CVE-2013-0793 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27396 | |||
Oval ID: | oval:org.mitre.oval:def:27396 | ||
Title: | DEPRECATED: ELSA-2013-1269 -- thunderbird security update (important) | ||
Description: | [17.0.9-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.9-1] - Update to 17.0.9 ESR | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-1269 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27401 | |||
Oval ID: | oval:org.mitre.oval:def:27401 | ||
Title: | DEPRECATED: ELSA-2013-1268 -- firefox security update (critical) | ||
Description: | firefox [17.0.9-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.9-1] - Update to 17.0.9 ESR [17.0.8-4] - Added fix for mozbz#601442 - Support the extensions.getAddons.showPane pref again in the Add-ons Manager UI, a part of rhbz#818636 fix. [17.0.8-3] - Fixed rhbz#818636 - Firefox allows install of addons, disregarding xpinstall.enabled flag set as false. [17.0.8-2] - Updated manual page xulrunner [17.0.9-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.9-1] - Update to 17.0.9 ESR [17.0.8-5] - Fixed mozbz#633001 - Cannot open ipv6 address with self-signed certificate [17.0.8-4] - Fixed rhbz#818636 - Firefox allows install of addons, disregarding xpinstall.enabled flag set as false. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-1268 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27450 | |||
Oval ID: | oval:org.mitre.oval:def:27450 | ||
Title: | DEPRECATED: ELSA-2013-0144 -- firefox security update (critical) | ||
Description: | firefox [10.0.12-1.0.1.el6_3] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [10.0.12-1] - Update to 10.0.12 ESR xulrunner [10.0.12-1.0.1.el6_3] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js [10.0.12-1] - Update to 10.0.12 ESR | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0144 CVE-2013-0744 CVE-2013-0746 CVE-2013-0748 CVE-2013-0750 CVE-2013-0753 CVE-2013-0754 CVE-2013-0758 CVE-2013-0759 CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 CVE-2013-0769 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27481 | |||
Oval ID: | oval:org.mitre.oval:def:27481 | ||
Title: | DEPRECATED: ELSA-2013-0821 -- thunderbird security update (important) | ||
Description: | [17.0.6-2.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.6-2] - Update to 17.0.6 ESR | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0821 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27532 | |||
Oval ID: | oval:org.mitre.oval:def:27532 | ||
Title: | DEPRECATED: ELSA-2013-0271 -- firefox security update (critical) | ||
Description: | firefox [17.0.3-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-4] - Added NM preferences [17.0.2-3] - Update to 17.0.2 ESR libproxy [0.3.0-4] - Rebuild against newer gecko xulrunner [17.0.3-1.0.2] - Increase release number and rebuild. [17.0.3-1.0.1] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-5] - Fixed NetworkManager preferences - Added fix for NM regression (mozbz#791626) [17.0.2-2] - Added fix for rhbz#816234 - NFS fix [17.0.2-1] - Update to 17.0.2 ESR [17.0.1-3] - Update to 17.0.1 ESR [17.0-1] - Update to 17.0 ESR [17.0-0.6.b5] - Update to 17 Beta 5 - Updated fix for rhbz#872752 - embeded crash [17.0-0.5.b4] - Added fix for rhbz#872752 - embeded crash [17.0-0.4.b4] - Update to 17 Beta 4 [17.0-0.3.b3] - Update to 17 Beta 3 - Updated ppc(64) patch (mozbz#746112) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0271 CVE-2013-0780 CVE-2013-0783 CVE-2013-0776 CVE-2013-0782 CVE-2013-0775 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | devhelp firefox xulrunner yelp libproxy |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27536 | |||
Oval ID: | oval:org.mitre.oval:def:27536 | ||
Title: | DEPRECATED: ELSA-2013-0982 -- thunderbird security update (important) | ||
Description: | [17.0.7-1.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.7-1] - Update to 17.0.7 ESR | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0982 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27562 | |||
Oval ID: | oval:org.mitre.oval:def:27562 | ||
Title: | DEPRECATED: ELSA-2013-0272 -- thunderbird security update (critical) | ||
Description: | [17.0.3-1.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.3-1] - Update to 17.0.3 ESR [17.0.2-2] - Update to 17.0.2 ESR [17.0-2] - Update to 17.0 ESR [17.0b2-0.1] - Update to 17.0b2 [17.0b1-0.1] - Rebase to 17 beta 1 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0272 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27607 | |||
Oval ID: | oval:org.mitre.oval:def:27607 | ||
Title: | DEPRECATED: ELSA-2013-0145 -- thunderbird security update (critical) | ||
Description: | [10.0.12-3.0.1.el6_3] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [10.0.12-3] - Update to 10.0.12 ESR | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0145 CVE-2013-0744 CVE-2013-0746 CVE-2013-0748 CVE-2013-0750 CVE-2013-0753 CVE-2013-0754 CVE-2013-0758 CVE-2013-0759 CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 CVE-2013-0769 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27613 | |||
Oval ID: | oval:org.mitre.oval:def:27613 | ||
Title: | DEPRECATED: ELSA-2013-0981 -- firefox security update (critical) | ||
Description: | firefox [17.0.7-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.7-1] - Update to 17.0.7 ESR xulrunner [17.0.7-1.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.7-1] - Update to 17.0.7 ESR [17.0.6-5] - Added workaround for rhbz#973721 - fixing problem with installation of some addons [17.0.6-4] - Added a workaround for rhbz#961687 - Prelink throws message 'Cannot safely convert .rel.dyn' section from REL to RELA' [17.0.6-3] - Added patch for aliasing issues (mozbz#821502) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0981 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27638 | |||
Oval ID: | oval:org.mitre.oval:def:27638 | ||
Title: | DEPRECATED: ELSA-2013-0627 -- thunderbird security update (important) | ||
Description: | [17.0.3-2.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.3-2] - Added fix for #848644 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0627 CVE-2013-0787 | Version: | 4 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Mozilla Firefox onreadystatechange Event Use After Free | More info here |
Mozilla Firefox XMLSerializer serializeToStream Use-after-free Vulnerability | More info here |
Firefox crypto.generateCRMFRequest command execution | More info here |
ExploitDB Exploits
id | Description |
---|---|
2014-08-19 | Firefox toString console.time Privileged Javascript Injection |
2013-12-24 | Firefox 5.0 - 15.0.1 - __exposedProps__ XCS Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2017-03-01 | Mozilla Firefox generatecrmfrequest policy function call access attempt RuleID : 41423 - Revision : 3 - Type : BROWSER-PLUGINS |
2017-03-01 | Mozilla Firefox generatecrmfrequest policy function call access attempt RuleID : 41422 - Revision : 3 - Type : BROWSER-PLUGINS |
2015-09-23 | Mozilla Firefox generatecrmfrequest policy function call access attempt RuleID : 35686 - Revision : 3 - Type : BROWSER-PLUGINS |
2015-09-23 | Mozilla Firefox generatecrmfrequest policy function call access attempt RuleID : 35685 - Revision : 3 - Type : BROWSER-PLUGINS |
2015-02-18 | Mozilla Firefox 17 onreadystatechange memory corruption attempt RuleID : 33090 - Revision : 5 - Type : BROWSER-FIREFOX |
2015-02-18 | Mozilla Firefox 17 onreadystatechange memory corruption attempt RuleID : 33089 - Revision : 5 - Type : BROWSER-FIREFOX |
2015-02-18 | Mozilla Firefox 17 onreadystatechange memory corruption attempt RuleID : 33088 - Revision : 5 - Type : BROWSER-FIREFOX |
2015-02-11 | Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt RuleID : 32994 - Revision : 6 - Type : BROWSER-FIREFOX |
2015-02-11 | Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt RuleID : 32993 - Revision : 6 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla Firefox 17 onreadystatechange memory corruption attempt RuleID : 27568 - Revision : 6 - Type : BROWSER-FIREFOX |
2014-01-10 | Nailed exploit kit Firefox exploit download - autopwn RuleID : 27080 - Revision : 2 - Type : EXPLOIT-KIT |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0015_remote.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-0306-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-0850-1.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1181.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-141.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-17.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-206.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-207.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-208.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-209.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-309.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-400.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-438.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-447.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-448.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-554.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-555.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-556.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-574.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-652.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-717.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-718.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-719.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-720.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-819.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-1812.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-1823.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-1812.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-1823.nasl - Type : ACT_GATHER_INFO |
2013-12-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1823.nasl - Type : ACT_GATHER_INFO |
2013-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1812.nasl - Type : ACT_GATHER_INFO |
2013-12-06 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2013-0015.nasl - Type : ACT_GATHER_INFO |
2013-10-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7dfed67b20aa11e3b8d80025905a4771.nasl - Type : ACT_GATHER_INFO |
2013-10-01 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-216.nasl - Type : ACT_GATHER_INFO |
2013-10-01 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-217.nasl - Type : ACT_GATHER_INFO |
2013-09-30 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-17047.nasl - Type : ACT_GATHER_INFO |
2013-09-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201309-23.nasl - Type : ACT_GATHER_INFO |
2013-09-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-130919.nasl - Type : ACT_GATHER_INFO |
2013-09-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2762.nasl - Type : ACT_GATHER_INFO |
2013-09-23 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-17074.nasl - Type : ACT_GATHER_INFO |
2013-09-21 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2013-16992.nasl - Type : ACT_GATHER_INFO |
2013-09-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2759.nasl - Type : ACT_GATHER_INFO |
2013-09-19 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_9_esr.nasl - Type : ACT_GATHER_INFO |
2013-09-19 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_24.nasl - Type : ACT_GATHER_INFO |
2013-09-19 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_9_esr.nasl - Type : ACT_GATHER_INFO |
2013-09-19 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_24_0.nasl - Type : ACT_GATHER_INFO |
2013-09-19 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1709_esr.nasl - Type : ACT_GATHER_INFO |
2013-09-19 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_24.nasl - Type : ACT_GATHER_INFO |
2013-09-19 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1709_esr.nasl - Type : ACT_GATHER_INFO |
2013-09-19 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_24.nasl - Type : ACT_GATHER_INFO |
2013-09-19 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_221.nasl - Type : ACT_GATHER_INFO |
2013-09-19 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1952-1.nasl - Type : ACT_GATHER_INFO |
2013-09-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1268.nasl - Type : ACT_GATHER_INFO |
2013-09-18 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-1269.nasl - Type : ACT_GATHER_INFO |
2013-09-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1268.nasl - Type : ACT_GATHER_INFO |
2013-09-18 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-1269.nasl - Type : ACT_GATHER_INFO |
2013-09-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1268.nasl - Type : ACT_GATHER_INFO |
2013-09-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1269.nasl - Type : ACT_GATHER_INFO |
2013-09-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130917_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-09-18 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130917_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-09-18 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1951-1.nasl - Type : ACT_GATHER_INFO |
2013-08-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2746.nasl - Type : ACT_GATHER_INFO |
2013-08-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-130809.nasl - Type : ACT_GATHER_INFO |
2013-08-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-130810.nasl - Type : ACT_GATHER_INFO |
2013-08-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2735.nasl - Type : ACT_GATHER_INFO |
2013-08-09 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0998e79d005511e3905b0025905a4771.nasl - Type : ACT_GATHER_INFO |
2013-08-09 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130807_nss__nss_util__nss_softokn__and_nspr_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1140.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-1142.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1144.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_8_esr.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_23.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_8.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_8_esr.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1708_esr.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_23.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1708.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1708_esr.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1140.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-1142.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1144.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1140.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1142.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1144.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_220.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130807_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130807_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-08-08 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1925-1.nasl - Type : ACT_GATHER_INFO |
2013-08-07 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1924-1.nasl - Type : ACT_GATHER_INFO |
2013-08-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1924-2.nasl - Type : ACT_GATHER_INFO |
2013-08-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-1135.nasl - Type : ACT_GATHER_INFO |
2013-08-06 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-1135.nasl - Type : ACT_GATHER_INFO |
2013-08-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1135.nasl - Type : ACT_GATHER_INFO |
2013-08-06 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130805_nss_and_nspr_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-07-18 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130628-130702.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0144.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0145.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0271.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0272.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0614.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0627.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0696.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0697.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0820.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0821.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0981.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2013-0982.nasl - Type : ACT_GATHER_INFO |
2013-07-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2720.nasl - Type : ACT_GATHER_INFO |
2013-07-06 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130628-130628.nasl - Type : ACT_GATHER_INFO |
2013-07-06 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-20130628-8636.nasl - Type : ACT_GATHER_INFO |
2013-07-05 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1890-2.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2716.nasl - Type : ACT_GATHER_INFO |
2013-06-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0981.nasl - Type : ACT_GATHER_INFO |
2013-06-27 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0982.nasl - Type : ACT_GATHER_INFO |
2013-06-27 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b3fcb387de4b11e2b1c60025905a4771.nasl - Type : ACT_GATHER_INFO |
2013-06-27 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1890-1.nasl - Type : ACT_GATHER_INFO |
2013-06-27 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1891-1.nasl - Type : ACT_GATHER_INFO |
2013-06-26 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_7_esr.nasl - Type : ACT_GATHER_INFO |
2013-06-26 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_22.nasl - Type : ACT_GATHER_INFO |
2013-06-26 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_7.nasl - Type : ACT_GATHER_INFO |
2013-06-26 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_7_esr.nasl - Type : ACT_GATHER_INFO |
2013-06-26 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1707_esr.nasl - Type : ACT_GATHER_INFO |
2013-06-26 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_22.nasl - Type : ACT_GATHER_INFO |
2013-06-26 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1707.nasl - Type : ACT_GATHER_INFO |
2013-06-26 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1707_esr.nasl - Type : ACT_GATHER_INFO |
2013-06-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0981.nasl - Type : ACT_GATHER_INFO |
2013-06-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0982.nasl - Type : ACT_GATHER_INFO |
2013-06-26 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130625_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-06-26 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130625_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-06-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2699.nasl - Type : ACT_GATHER_INFO |
2013-05-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130516-130516.nasl - Type : ACT_GATHER_INFO |
2013-05-29 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130516-130517.nasl - Type : ACT_GATHER_INFO |
2013-05-29 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-20130516-8578.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4a1ca8a4bd8211e2b7a0d43d7e0c7c02.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_6_esr.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_21.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_6.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_6_esr.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1706_esr.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_21.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1706.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1706_esr.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130514_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130514_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0820.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0821.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0820.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0821.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1822-1.nasl - Type : ACT_GATHER_INFO |
2013-05-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1823-1.nasl - Type : ACT_GATHER_INFO |
2013-04-22 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4871.nasl - Type : ACT_GATHER_INFO |
2013-04-16 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4957.nasl - Type : ACT_GATHER_INFO |
2013-04-16 | Name : The remote Fedora host is missing a security update. File : fedora_2013-4983.nasl - Type : ACT_GATHER_INFO |
2013-04-09 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-20130404-130404.nasl - Type : ACT_GATHER_INFO |
2013-04-09 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-20130404-8537.nasl - Type : ACT_GATHER_INFO |
2013-04-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1791-1.nasl - Type : ACT_GATHER_INFO |
2013-04-08 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_949764339c7411e2a9fcd43d7e0c7c02.nasl - Type : ACT_GATHER_INFO |
2013-04-05 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1786-1.nasl - Type : ACT_GATHER_INFO |
2013-04-05 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1786-2.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_5_esr.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_20.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_5.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_5_esr.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1705_esr.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_20.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1705.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1705_esr.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_217.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0696.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0697.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0696.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0697.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130402_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-04-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130402_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201303-130311.nasl - Type : ACT_GATHER_INFO |
2013-03-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-201303-8506.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0627.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130311_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1758-2.nasl - Type : ACT_GATHER_INFO |
2013-03-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0627.nasl - Type : ACT_GATHER_INFO |
2013-03-11 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_630c8c08880f11e2807fd43d7e0c7c02.nasl - Type : ACT_GATHER_INFO |
2013-03-11 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_4.nasl - Type : ACT_GATHER_INFO |
2013-03-11 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_4_esr.nasl - Type : ACT_GATHER_INFO |
2013-03-11 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1704.nasl - Type : ACT_GATHER_INFO |
2013-03-11 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1704_esr.nasl - Type : ACT_GATHER_INFO |
2013-03-11 | Name : The remote Windows host contains a web browser that is potentially affected b... File : seamonkey_2161.nasl - Type : ACT_GATHER_INFO |
2013-03-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0614.nasl - Type : ACT_GATHER_INFO |
2013-03-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0614.nasl - Type : ACT_GATHER_INFO |
2013-03-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130308_xulrunner_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-03-10 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201303-130305.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1758-1.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_17_0_4_esr.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Mac OS X host contains a web browser that is potentially affected ... File : macosx_firefox_19_0_2.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1704_esr.nasl - Type : ACT_GATHER_INFO |
2013-03-08 | Name : The remote Windows host contains a web browser that is potentially affected b... File : mozilla_firefox_1902.nasl - Type : ACT_GATHER_INFO |
2013-03-05 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2988.nasl - Type : ACT_GATHER_INFO |
2013-03-05 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2992.nasl - Type : ACT_GATHER_INFO |
2013-03-01 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1729-2.nasl - Type : ACT_GATHER_INFO |
2013-02-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1748-1.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0272.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130219_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130219_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0271.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e3f0374a7ad611e284cdd43d7e0c7c02.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_17_0_3_esr.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_19_0.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_3.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_3_esr.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1703_esr.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_190.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1703.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1703_esr.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0271.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0272.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_216.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1729-1.nasl - Type : ACT_GATHER_INFO |
2013-02-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1681-4.nasl - Type : ACT_GATHER_INFO |
2013-02-04 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1382.nasl - Type : ACT_GATHER_INFO |
2013-02-04 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1432.nasl - Type : ACT_GATHER_INFO |
2013-01-28 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1442.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_firefox-201301-130110.nasl - Type : ACT_GATHER_INFO |
2013-01-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1681-3.nasl - Type : ACT_GATHER_INFO |
2013-01-20 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_firefox-201301-8426.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_10_0_12.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_17_0_1.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_17_0_2.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_18_0.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_10_0_12.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Mac OS X host contains a mail client that is potentially affected ... File : macosx_thunderbird_17_0_2.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_10012.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1701.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_1702.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_180.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_10012.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Windows host contains a mail client that is potentially affected b... File : mozilla_thunderbird_1702.nasl - Type : ACT_GATHER_INFO |
2013-01-15 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_215.nasl - Type : ACT_GATHER_INFO |
2013-01-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130108_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-01-11 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130108_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-01-10 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a4ed66325aa911e28fcbc8600054b392.nasl - Type : ACT_GATHER_INFO |
2013-01-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0144.nasl - Type : ACT_GATHER_INFO |
2013-01-09 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2013-0145.nasl - Type : ACT_GATHER_INFO |
2013-01-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0144.nasl - Type : ACT_GATHER_INFO |
2013-01-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0145.nasl - Type : ACT_GATHER_INFO |
2013-01-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1681-1.nasl - Type : ACT_GATHER_INFO |
2013-01-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1681-2.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:37:47 |
|
2013-09-28 00:19:28 |
|