Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2011:111 First vendor Publication 2011-06-22
Vendor Mandriva Last vendor Modification 2011-06-22
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Security issues were identified and fixed in mozilla firefox and thunderbird:

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative two instances of code which modifies SVG element lists failed to account for changes made to the list by user-supplied callbacks before accessing list elements. If a user-supplied callback deleted such an object, the element-modifying code could wind up accessing deleted memory and potentially executing attacker-controlled memory. regenrecht also reported via TippingPoint's Zero Day Initiative that a XUL document could force the nsXULCommandDispatcher to remove all command updaters from the queue, including the one currently in use. This could result in the execution of deleted memory which an attacker could use to run arbitrary code on a victim's computer (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363).

Mozilla security researcher David Chan reported that cookies set for example.com. (note the trailing dot) and example.com were treated as interchangeable. This is a violation of same-origin conventions and could potentially lead to leakage of cookie data to the wrong party (CVE-2011-2362).

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376).

Security researchers Chris Rohlf and Yan Ivnitskiy of Matasano Security reported that when a JavaScript Array object had its length set to an extremely large value, the iteration of array elements that occurs when its reduceRight method was subsequently called could result in the execution of attacker controlled memory due to an invalid index value being used to access element properties (CVE-2011-2371).

Security researcher Martin Barbella reported that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. This flaw could potentially be used by an attacker to crash a victim's browser and run arbitrary code on their computer (CVE-2011-2373).

Security researcher Jordi Chancel reported a crash on multipart/x-mixed-replace images due to memory corruption (CVE-2011-2377).

Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Additionally, some packages which require so, have been rebuilt and are being provided as updates.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:111

CWE : Common Weakness Enumeration

% Id Name
57 % CWE-399 Resource Management Errors
14 % CWE-264 Permissions, Privileges, and Access Controls
14 % CWE-189 Numeric Errors (CWE/SANS Top 25)
14 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12781
 
Oval ID: oval:org.mitre.oval:def:12781
Title: DSA-2269-1 iceape -- several
Description: Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated. CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code. The oldstable distribution is not affected. The iceape package only provides the XPCOM code.
Family: unix Class: patch
Reference(s): DSA-2269-1
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2376
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): iceape
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13034
 
Oval ID: oval:org.mitre.oval:def:13034
Title: DSA-2268-1 iceweasel -- several
Description: Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-0083 / CVE-2011-2363 "regenrecht" discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code. CVE-2011-0085 "regenrecht" discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated. CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the Javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code. CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code.
Family: unix Class: patch
Reference(s): DSA-2268-1
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2376
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13318
 
Oval ID: oval:org.mitre.oval:def:13318
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2364
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13543
 
Oval ID: oval:org.mitre.oval:def:13543
Title: Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
Description: Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0083
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13635
 
Oval ID: oval:org.mitre.oval:def:13635
Title: USN-1150-1 -- thunderbird vulnerabilities
Description: thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities were fixed in Thunderbird.
Family: unix Class: patch
Reference(s): USN-1150-1
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2376
CVE-2011-2373
CVE-2011-2377
CVE-2011-2371
CVE-2011-0083
CVE-2011-0085
CVE-2011-2363
CVE-2011-2362
Version: 5
Platform(s): Ubuntu 11.04
Ubuntu 10.04
Ubuntu 10.10
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13693
 
Oval ID: oval:org.mitre.oval:def:13693
Title: Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.
Description: Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2362
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13872
 
Oval ID: oval:org.mitre.oval:def:13872
Title: Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.
Description: Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2377
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13980
 
Oval ID: oval:org.mitre.oval:def:13980
Title: USN-1149-2 -- firefox regression
Description: firefox: safe and easy web browser from Mozilla Details: USN-1149-1 fixed vulnerabilities in Firefox. Unfortunately, a regression was introduced that prevented cookies from being stored properly when the hostname was a single character. This update fixes the problem. We apologize for the inconvenience. Original advisory In rare instances, Firefox could have trouble accessing some websites.
Family: unix Class: patch
Reference(s): USN-1149-2
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2376
CVE-2011-2373
CVE-2011-2377
CVE-2011-2371
CVE-2011-0083
CVE-2011-0085
CVE-2011-2363
CVE-2011-2362
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13987
 
Oval ID: oval:org.mitre.oval:def:13987
Title: Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
Description: Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2371
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14046
 
Oval ID: oval:org.mitre.oval:def:14046
Title: Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
Description: Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2363
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14071
 
Oval ID: oval:org.mitre.oval:def:14071
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2375
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14123
 
Oval ID: oval:org.mitre.oval:def:14123
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2374
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Firefox
Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14152
 
Oval ID: oval:org.mitre.oval:def:14152
Title: USN-1149-1 -- firefox, xulrunner-1.9.2 vulnerabilities
Description: firefox: safe and easy web browser from Mozilla - xulrunner-1.9.2: XUL + XPCOM application runner Multiple Vulnerabilities were fixed in Firefox and Xulrunner
Family: unix Class: patch
Reference(s): USN-1149-1
CVE-2011-2364
CVE-2011-2365
CVE-2011-2374
CVE-2011-2376
CVE-2011-2373
CVE-2011-2377
CVE-2011-2371
CVE-2011-0083
CVE-2011-0085
CVE-2011-2363
CVE-2011-2362
Version: 5
Platform(s): Ubuntu 10.10
Ubuntu 10.04
Product(s): firefox
xulrunner-1.9.2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14178
 
Oval ID: oval:org.mitre.oval:def:14178
Title: Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
Description: Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2373
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14184
 
Oval ID: oval:org.mitre.oval:def:14184
Title: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364.
Description: Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2365
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14396
 
Oval ID: oval:org.mitre.oval:def:14396
Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2011-2376
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14432
 
Oval ID: oval:org.mitre.oval:def:14432
Title: Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.
Description: Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.
Family: windows Class: vulnerability
Reference(s): CVE-2011-0085
Version: 20
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Mozilla Thunderbird
Mozilla Firefox
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20220
 
Oval ID: oval:org.mitre.oval:def:20220
Title: DSA-2273-3 icedove - multiple issues
Description: Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
Family: unix Class: patch
Reference(s): DSA-2273-3
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2376
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): icedove
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28788
 
Oval ID: oval:org.mitre.oval:def:28788
Title: DSA-2273-1 -- icedove -- several vulnerabilities
Description: Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
Family: unix Class: patch
Reference(s): DSA-2273-1
CVE-2011-0083
CVE-2011-0085
CVE-2011-2362
CVE-2011-2363
CVE-2011-2365
CVE-2011-2371
CVE-2011-2373
CVE-2011-2374
CVE-2011-2376
Version: 3
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): icedove
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 278
Application 59
Application 127

ExploitDB Exploits

id Description
2012-02-27 Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit
2011-10-12 Mozilla Firefox Array.reduceRight() Integer Overflow Exploit

OpenVAS Exploits

Date Description
2012-07-30 Name : CentOS Update for firefox CESA-2011:0885 centos4 x86_64
File : nvt/gb_CESA-2011_0885_firefox_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for firefox CESA-2011:0885 centos5 x86_64
File : nvt/gb_CESA-2011_0885_firefox_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for thunderbird CESA-2011:0887 centos4 x86_64
File : nvt/gb_CESA-2011_0887_thunderbird_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for thunderbird CESA-2011:0887 centos5 x86_64
File : nvt/gb_CESA-2011_0887_thunderbird_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for seamonkey CESA-2011:0888 centos4 x86_64
File : nvt/gb_CESA-2011_0888_seamonkey_centos4_x86_64.nasl
2012-06-06 Name : RedHat Update for thunderbird RHSA-2011:0886-01
File : nvt/gb_RHSA-2011_0886-01_thunderbird.nasl
2011-08-18 Name : SuSE Update for MozillaFirefox,MozillaThunderbird SUSE-SA:2011:028
File : nvt/gb_suse_2011_028.nasl
2011-08-18 Name : CentOS Update for firefox CESA-2011:0885 centos4 i386
File : nvt/gb_CESA-2011_0885_firefox_centos4_i386.nasl
2011-08-18 Name : CentOS Update for thunderbird CESA-2011:0887 centos4 i386
File : nvt/gb_CESA-2011_0887_thunderbird_centos4_i386.nasl
2011-08-18 Name : CentOS Update for seamonkey CESA-2011:0888 centos4 i386
File : nvt/gb_CESA-2011_0888_seamonkey_centos4_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2011:0885 centos5 i386
File : nvt/gb_CESA-2011_0885_firefox_centos5_i386.nasl
2011-08-09 Name : CentOS Update for thunderbird CESA-2011:0887 centos5 i386
File : nvt/gb_CESA-2011_0887_thunderbird_centos5_i386.nasl
2011-08-03 Name : Debian Security Advisory DSA 2269-1 (iceape)
File : nvt/deb_2269_1.nasl
2011-08-03 Name : Debian Security Advisory DSA 2268-1 (iceweasel)
File : nvt/deb_2268_1.nasl
2011-08-03 Name : FreeBSD Ports: firefox
File : nvt/freebsd_firefox57.nasl
2011-08-03 Name : Debian Security Advisory DSA 2273-1 (icedove)
File : nvt/deb_2273_1.nasl
2011-07-18 Name : Ubuntu Update for thunderbird USN-1150-1
File : nvt/gb_ubuntu_USN_1150_1.nasl
2011-07-08 Name : Ubuntu Update for firefox USN-1149-2
File : nvt/gb_ubuntu_USN_1149_2.nasl
2011-07-07 Name : Mozilla Products Multiple Denial of Service Vulnerabilities July-11 (Windows)
File : nvt/gb_mozilla_prdts_mult_dos_vuln_win_jul11.nasl
2011-07-07 Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 01
File : nvt/gb_mozilla_prdts_mult_vuln_win01_jul11.nasl
2011-07-07 Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 02
File : nvt/gb_mozilla_prdts_mult_vuln_win02_jul11.nasl
2011-07-07 Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 03
File : nvt/gb_mozilla_prdts_mult_vuln_win03_jul11.nasl
2011-07-07 Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows) - 04
File : nvt/gb_mozilla_prdts_mult_vuln_win04_jul11.nasl
2011-07-07 Name : Mozilla Products Multiple Vulnerabilities July-11 (Windows)
File : nvt/gb_mozilla_prdts_mult_vuln_win_jul11.nasl
2011-06-24 Name : Ubuntu Update for mozvoikko USN-1157-2
File : nvt/gb_ubuntu_USN_1157_2.nasl
2011-06-24 Name : Ubuntu Update for firefox USN-1157-1
File : nvt/gb_ubuntu_USN_1157_1.nasl
2011-06-24 Name : Ubuntu Update for firefox USN-1157-3
File : nvt/gb_ubuntu_USN_1157_3.nasl
2011-06-24 Name : Ubuntu Update for firefox USN-1149-1
File : nvt/gb_ubuntu_USN_1149_1.nasl
2011-06-24 Name : Mandriva Update for mozilla MDVSA-2011:111 (mozilla)
File : nvt/gb_mandriva_MDVSA_2011_111.nasl
2011-06-24 Name : RedHat Update for seamonkey RHSA-2011:0888-01
File : nvt/gb_RHSA-2011_0888-01_seamonkey.nasl
2011-06-24 Name : RedHat Update for thunderbird RHSA-2011:0887-01
File : nvt/gb_RHSA-2011_0887-01_thunderbird.nasl
2011-06-24 Name : RedHat Update for firefox RHSA-2011:0885-01
File : nvt/gb_RHSA-2011_0885-01_firefox.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
73188 Mozilla Multiple Products Trailing Dot Cookie Cross-domain Information Disclo...

73187 Mozilla Multiple Products nsXULCommandDispatcher.cpp Use-after-free Remote Co...

73186 Mozilla Multiple Products nsSVGPointList::AppendElement() Use-after-free Remo...

73185 Mozilla Multiple Products nsSVGPathSegList::ReplaceItem() Use-after-free Remo...

73184 Mozilla Multiple Products Array.reduceRight() Method Overflow

73183 Mozilla Multiple Products multipart/x-mixed-replace Image Handling Memory Cor...

73182 Mozilla Multiple Products XUL Document Handling Use-after-free Arbitrary Code...

73181 Mozilla Multiple Products Unspecified DoS (2011-2365)

73180 Mozilla Multiple Products Unspecified DoS (2011-2364)

73179 Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2376)

73178 Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2375)

73177 Mozilla Multiple Products Multiple Unspecified Memory Corruption (2011-2374)

Snort® IPS/IDS

Date Description
2014-03-08 Mozilla Array.reduceRight integer overflow attempt
RuleID : 29625 - Revision : 2 - Type : BROWSER-FIREFOX
2014-03-08 Mozilla Array.reduceRight integer overflow attempt
RuleID : 29624 - Revision : 2 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Array.reduceRight integer overflow
RuleID : 24188 - Revision : 4 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Array.reduceRight integer overflow
RuleID : 24187 - Revision : 4 - Type : BROWSER-FIREFOX
2014-01-10 Phoenix exploit kit post-compromise behavior
RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC
2014-01-10 Phoenix exploit kit landing page
RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Mozilla Array.reduceRight integer overflow
RuleID : 19714 - Revision : 5 - Type : BROWSER-FIREFOX
2014-01-10 Mozilla Array.reduceRight integer overflow
RuleID : 19713 - Revision : 8 - Type : BROWSER-FIREFOX

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_mozilla-js192-110622.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaFirefox-110622.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_MozillaThunderbird-110627.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_4_MozillaThunderbird-110628.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0886.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0888.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2011-0887.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-0885.nasl - Type : ACT_GATHER_INFO
2013-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20110621_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20110621_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110621_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110621_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7596.nasl - Type : ACT_GATHER_INFO
2011-08-17 Name : The remote Windows host contains a web browser that may be affected by multip...
File : seamonkey_22.nasl - Type : ACT_GATHER_INFO
2011-08-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0888.nasl - Type : ACT_GATHER_INFO
2011-07-18 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1150-1.nasl - Type : ACT_GATHER_INFO
2011-07-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2273.nasl - Type : ACT_GATHER_INFO
2011-07-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2269.nasl - Type : ACT_GATHER_INFO
2011-07-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2268.nasl - Type : ACT_GATHER_INFO
2011-07-01 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_MozillaFirefox-7597.nasl - Type : ACT_GATHER_INFO
2011-07-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_MozillaFirefox-110628.nasl - Type : ACT_GATHER_INFO
2011-06-30 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1149-2.nasl - Type : ACT_GATHER_INFO
2011-06-24 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_3_6_18.nasl - Type : ACT_GATHER_INFO
2011-06-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1157-3.nasl - Type : ACT_GATHER_INFO
2011-06-24 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_firefox_5_0.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1157-1.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1157-2.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2011-0887.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1149-1.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-111.nasl - Type : ACT_GATHER_INFO
2011-06-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2011-0885.nasl - Type : ACT_GATHER_INFO
2011-06-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0888.nasl - Type : ACT_GATHER_INFO
2011-06-22 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2011-0887.nasl - Type : ACT_GATHER_INFO
2011-06-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0886.nasl - Type : ACT_GATHER_INFO
2011-06-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-0885.nasl - Type : ACT_GATHER_INFO
2011-06-21 Name : The remote Windows host contains a mail client that is affected by multiple v...
File : mozilla_thunderbird_3111.nasl - Type : ACT_GATHER_INFO
2011-06-21 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_50.nasl - Type : ACT_GATHER_INFO
2011-06-21 Name : The remote Windows host contains a web browser that is affected by multiple v...
File : mozilla_firefox_3618.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:42:20
  • Multiple Updates