Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2010:042 | First vendor Publication | 2010-02-19 |
Vendor | Mandriva | Last vendor Modification | 2010-02-19 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Security issues were identified and fixed in firefox 3.0.x and 3.5.x: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2010-0159). Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. This error could be used by an attacker to corrupt heap memory and crash the browser, potentially running arbitrary code on a victim's computer (CVE-2010-0160). Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Under such circumstances, memory occupied by in-use objects was freed and could later be filled with attacker-controlled text. These conditions could result in the execution or arbitrary code if methods on the freed objects were subsequently called (CVE-2009-1571). Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site. An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla (CVE-2009-3988). Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally, some packages which require so, have been rebuilt and are being provided as updates. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-399 | Resource Management Errors |
25 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
25 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10697 | |||
Oval ID: | oval:org.mitre.oval:def:10697 | ||
Title: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0162 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11166 | |||
Oval ID: | oval:org.mitre.oval:def:11166 | ||
Title: | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
Description: | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0160 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11227 | |||
Oval ID: | oval:org.mitre.oval:def:11227 | ||
Title: | Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | ||
Description: | Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1571 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13349 | |||
Oval ID: | oval:org.mitre.oval:def:13349 | ||
Title: | DSA-1999-1 xulrunner -- several | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1571 Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. CVE-2009-3988 Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. CVE-2010-0159 Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. CVE-2010-0160 Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. CVE-2010-0162 Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. For the stable distribution, these problems have been fixed in version 1.9.0.18-1. For the unstable distribution, these problems have been fixed in version 1.9.1.8-1. We recommend that you upgrade your xulrunner packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1999-1 CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7463 | |||
Oval ID: | oval:org.mitre.oval:def:7463 | ||
Title: | DSA-1999 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1999 CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8355 | |||
Oval ID: | oval:org.mitre.oval:def:8355 | ||
Title: | Mozilla Firefox and SeaMonkey XSS Vulnerability due to window.dialogArguments being readable cross-domain | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3988 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8465 | |||
Oval ID: | oval:org.mitre.oval:def:8465 | ||
Title: | Mozilla Firefox and SeaMonkey Web Worker Array Handling Heap Corruption Vulnerability | ||
Description: | The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0160 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8485 | |||
Oval ID: | oval:org.mitre.oval:def:8485 | ||
Title: | Mozilla Firefox, Thunderbird and SeaMonkey Browser Engine Memory Corruption Vulnerability | ||
Description: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0159 | Version: | 20 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8615 | |||
Oval ID: | oval:org.mitre.oval:def:8615 | ||
Title: | Mozilla Firefox, Thunderbird and SeaMonkey Use-After-Free HTML Parser Vulnerability | ||
Description: | Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1571 | Version: | 20 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8631 | |||
Oval ID: | oval:org.mitre.oval:def:8631 | ||
Title: | Mozilla Firefox and SeaMonkey XSS hazard using SVG document and binary Content-Type | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0162 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9384 | |||
Oval ID: | oval:org.mitre.oval:def:9384 | ||
Title: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3988 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9590 | |||
Oval ID: | oval:org.mitre.oval:def:9590 | ||
Title: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | ||
Description: | The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0159 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-05-21 | Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for firefox CESA-2010:0112 centos5 i386 File : nvt/gb_CESA-2010_0112_firefox_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for thunderbird CESA-2010:0153 centos5 i386 File : nvt/gb_CESA-2010_0153_thunderbird_centos5_i386.nasl |
2010-03-22 | Name : RedHat Update for thunderbird RHSA-2010:0154-02 File : nvt/gb_RHSA-2010_0154-02_thunderbird.nasl |
2010-03-22 | Name : CentOS Update for thunderbird CESA-2010:0154 centos4 i386 File : nvt/gb_CESA-2010_0154_thunderbird_centos4_i386.nasl |
2010-03-12 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2010:051 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2010_051.nasl |
2010-03-05 | Name : Fedora Update for sunbird FEDORA-2010-3267 File : nvt/gb_fedora_2010_3267_sunbird_fc11.nasl |
2010-03-05 | Name : Fedora Update for thunderbird FEDORA-2010-3267 File : nvt/gb_fedora_2010_3267_thunderbird_fc11.nasl |
2010-03-05 | Name : SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2010:015 File : nvt/gb_suse_2010_015.nasl |
2010-03-05 | Name : Fedora Update for sunbird FEDORA-2010-3230 File : nvt/gb_fedora_2010_3230_sunbird_fc12.nasl |
2010-03-05 | Name : Fedora Update for thunderbird FEDORA-2010-3230 File : nvt/gb_fedora_2010_3230_thunderbird_fc12.nasl |
2010-03-02 | Name : Fedora Update for evolution-rss FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_evolution-rss_fc11.nasl |
2010-03-02 | Name : Fedora Update for chmsee FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_chmsee_fc11.nasl |
2010-03-02 | Name : Fedora Update for firefox FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_firefox_fc11.nasl |
2010-03-02 | Name : Fedora Update for galeon FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_galeon_fc11.nasl |
2010-03-02 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_gnome-python2-extras_fc11.nasl |
2010-03-02 | Name : Fedora Update for gnome-web-photo FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_gnome-web-photo_fc11.nasl |
2010-03-02 | Name : Fedora Update for google-gadgets FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_google-gadgets_fc11.nasl |
2010-03-02 | Name : Fedora Update for hulahop FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_hulahop_fc11.nasl |
2010-03-02 | Name : Fedora Update for kazehakase FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_kazehakase_fc11.nasl |
2010-03-02 | Name : Fedora Update for monodevelop FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_monodevelop_fc11.nasl |
2010-03-02 | Name : Fedora Update for mozvoikko FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_mozvoikko_fc11.nasl |
2010-03-02 | Name : Fedora Update for pcmanx-gtk2 FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_pcmanx-gtk2_fc11.nasl |
2010-03-02 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_perl-Gtk2-MozEmbed_fc11.nasl |
2010-03-02 | Name : Fedora Update for ruby-gnome2 FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_ruby-gnome2_fc11.nasl |
2010-03-02 | Name : Fedora Update for xulrunner FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_xulrunner_fc11.nasl |
2010-03-02 | Name : Fedora Update for yelp FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_yelp_fc11.nasl |
2010-03-02 | Name : Fedora Update for epiphany-extensions FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_epiphany-extensions_fc11.nasl |
2010-03-02 | Name : Fedora Update for blam FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_blam_fc12.nasl |
2010-03-02 | Name : Fedora Update for firefox FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_firefox_fc12.nasl |
2010-03-02 | Name : Fedora Update for galeon FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_galeon_fc12.nasl |
2010-03-02 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_gnome-python2-extras_fc12.nasl |
2010-03-02 | Name : Fedora Update for gnome-web-photo FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_gnome-web-photo_fc12.nasl |
2010-03-02 | Name : Fedora Update for mozvoikko FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_mozvoikko_fc12.nasl |
2010-03-02 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_perl-Gtk2-MozEmbed_fc12.nasl |
2010-03-02 | Name : Fedora Update for xulrunner FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_xulrunner_fc12.nasl |
2010-03-02 | Name : Fedora Update for seamonkey FEDORA-2010-1932 File : nvt/gb_fedora_2010_1932_seamonkey_fc12.nasl |
2010-03-02 | Name : Fedora Update for Miro FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_Miro_fc11.nasl |
2010-03-02 | Name : Fedora Update for blam FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_blam_fc11.nasl |
2010-03-02 | Name : Fedora Update for eclipse FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_eclipse_fc11.nasl |
2010-03-02 | Name : Fedora Update for epiphany FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_epiphany_fc11.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Win) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_win01.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Linux) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_lin.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Lin) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_lin01.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Windows) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_win.nasl |
2010-02-25 | Name : Debian Security Advisory DSA 1999-1 (xulrunner) File : nvt/deb_1999_1.nasl |
2010-02-22 | Name : Mandriva Update for firefox MDVSA-2010:042 (firefox) File : nvt/gb_mandriva_MDVSA_2010_042.nasl |
2010-02-19 | Name : RedHat Update for seamonkey RHSA-2010:0113-01 File : nvt/gb_RHSA-2010_0113-01_seamonkey.nasl |
2010-02-19 | Name : RedHat Update for firefox RHSA-2010:0112-01 File : nvt/gb_RHSA-2010_0112-01_firefox.nasl |
2010-02-19 | Name : CentOS Update for seamonkey CESA-2010:0113 centos4 i386 File : nvt/gb_CESA-2010_0113_seamonkey_centos4_i386.nasl |
2010-02-19 | Name : Ubuntu Update for Firefox 3.0 and Xulrunner 1.9 vulnerabilities USN-895-1 File : nvt/gb_ubuntu_USN_895_1.nasl |
2010-02-19 | Name : Ubuntu Update for Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities USN-896-1 File : nvt/gb_ubuntu_USN_896_1.nasl |
2010-02-19 | Name : CentOS Update for seamonkey CESA-2010:0113 centos3 i386 File : nvt/gb_CESA-2010_0113_seamonkey_centos3_i386.nasl |
2010-02-19 | Name : CentOS Update for firefox CESA-2010:0112 centos4 i386 File : nvt/gb_CESA-2010_0112_firefox_centos4_i386.nasl |
2010-02-18 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox44.nasl |
2010-02-15 | Name : Mandriva Update for mmc-web-base MDVA-2010:051 (mmc-web-base) File : nvt/gb_mandriva_MDVA_2010_051.nasl |
2010-01-29 | Name : Mandriva Update for urpmi MDVA-2010:042 (urpmi) File : nvt/gb_mandriva_MDVA_2010_042.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62428 | Mozilla Multiple Browsers Web Worker Array Handling Heap Corruption |
62427 | Mozilla Multiple Browsers window.dialogArguments Same-origin Policy Bypass XSS |
62426 | Mozilla Multiple Browsers SVG Document Binary Content-Type Header XSS Weakness |
62425 | Mozilla Multiple Browsers HTML Parser Use-after-free Memory Corruption |
62424 | Mozilla Multiple Browsers Unspecified Memory Corruption (534082) |
62423 | Mozilla Multiple Browsers Unspecified Memory Corruption (501934) |
62422 | Mozilla Multiple Browsers Unspecified Memory Corruption (528300) |
62421 | Mozilla Multiple Browsers Unspecified Memory Corruption (528134) |
62420 | Mozilla Multiple Browsers Unspecified Memory Corruption (527567) |
62419 | Mozilla Multiple Browsers Unspecified Memory Corruption (467005) |
62418 | Mozilla Multiple Browsers Unspecified Memory Corruption (530880) |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100217_seamonkey_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100317_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6867.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6866.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1932.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-1936.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-3230.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-3267.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-1727.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-071.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0153.nasl - Type : ACT_GATHER_INFO |
2010-03-19 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0154.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote SuSE system is missing a security patch for MozillaThunderbird File : suse_11_2_MozillaThunderbird-100305.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-051.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_302.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-100223.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-100223.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-100219.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100218.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100218.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100219.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6863.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6871.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1999.nasl - Type : ACT_GATHER_INFO |
2010-02-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-042.nasl - Type : ACT_GATHER_INFO |
2010-02-19 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f82c85d81c6e11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-895-1.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-896-1.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_203.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_358.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3018.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:41:16 |
|