Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2011:140 | First vendor Publication | 2011-10-01 |
Vendor | Mandriva | Last vendor Modification | 2011-10-01 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Security issues were identified and fixed in mozilla firefox and thunderbird: Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site (CVE-2011-2372). Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-2995). Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (CVE-2011-2996). Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle location as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170 (CVE-2011-2999). Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values (CVE-2011-3000). Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error (CVE-2011-3001). Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression (CVE-2011-3867). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 Additionally, some packages which require so, have been rebuilt and are being provided as updates. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:140 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
17 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
17 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
17 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13854 | |||
Oval ID: | oval:org.mitre.oval:def:13854 | ||
Title: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2372 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13957 | |||
Oval ID: | oval:org.mitre.oval:def:13957 | ||
Title: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2995 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14012 | |||
Oval ID: | oval:org.mitre.oval:def:14012 | ||
Title: | Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. | ||
Description: | Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2998 | Version: | 11 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14064 | |||
Oval ID: | oval:org.mitre.oval:def:14064 | ||
Title: | Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Description: | Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2996 | Version: | 11 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14252 | |||
Oval ID: | oval:org.mitre.oval:def:14252 | ||
Title: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-2999 | Version: | 22 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14361 | |||
Oval ID: | oval:org.mitre.oval:def:14361 | ||
Title: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3000 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Thunderbird Mozilla Seamonkey Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14442 | |||
Oval ID: | oval:org.mitre.oval:def:14442 | ||
Title: | Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. | ||
Description: | Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3001 | Version: | 24 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Mozilla Seamonkey Mozilla Thunderbird Mozilla Firefox |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14709 | |||
Oval ID: | oval:org.mitre.oval:def:14709 | ||
Title: | DSA-2312-1 iceape -- several | ||
Description: | Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. The oldstable distribution is not affected. The iceape package only provides the XPCOM code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2312-1 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | iceape |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14910 | |||
Oval ID: | oval:org.mitre.oval:def:14910 | ||
Title: | DSA-2317-1 icedove -- several | ||
Description: | CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. As indicated in the Lenny release notes, security support for the Icedove packages in the oldstable needed to be stopped before the end of the regular Lenny security maintenance life cycle. You are strongly encouraged to upgrade to stable or switch to a different mail client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2317-1 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | icedove |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15132 | |||
Oval ID: | oval:org.mitre.oval:def:15132 | ||
Title: | DSA-2313-1 iceweasel -- several | ||
Description: | Several vulnerabilities have been found in Iceweasel, a web browser based on Firefox: CVE-2011-2372 Mariusz Mlynski discovered that websites could open a download dialog - which has "open" as the default action -, while a user presses the ENTER key. CVE-2011-2995 Benjamin Smedberg, Bob Clary and Jesse Ruderman discovered crashes in the rendering engine, which could lead to the execution of arbitrary code. CVE-2011-2998 Mark Kaplan discovered an integer underflow in the javascript engine, which could lead to the execution of arbitrary code. CVE-2011-2999 Boris Zbarsky discovered that incorrect handling of the window.location object could lead to bypasses of the same-origin policy. CVE-2011-3000 Ian Graham discovered that multiple Location headers might lead to CRLF injection. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2313-1 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | iceweasel |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20680 | |||
Oval ID: | oval:org.mitre.oval:def:20680 | ||
Title: | USN-1210-1 -- firefox, xulrunner-1.9.2 vulnerabilities | ||
Description: | Multiple vulnerabilities have been fixed in Firefox and Xulrunner. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1210-1 CVE-2011-2995 CVE-2011-2996 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 10.04 | Product(s): | firefox xulrunner-1.9.2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21120 | |||
Oval ID: | oval:org.mitre.oval:def:21120 | ||
Title: | USN-1213-1 -- thunderbird vulnerabilities | ||
Description: | Multiple vulnerabilities were fixed in Thunderbird. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1213-1 CVE-2011-2995 CVE-2011-2996 CVE-2011-2999 CVE-2011-3000 CVE-2011-2372 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.10 Ubuntu 10.04 | Product(s): | thunderbird |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22014 | |||
Oval ID: | oval:org.mitre.oval:def:22014 | ||
Title: | RHSA-2011:1343: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1343-01 CESA-2011:1343 CVE-2011-2998 CVE-2011-2999 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22072 | |||
Oval ID: | oval:org.mitre.oval:def:22072 | ||
Title: | RHSA-2011:1342: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1342-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 68 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22193 | |||
Oval ID: | oval:org.mitre.oval:def:22193 | ||
Title: | RHSA-2011:1341: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1341-01 CESA-2011:1341 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 68 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22791 | |||
Oval ID: | oval:org.mitre.oval:def:22791 | ||
Title: | ELSA-2011:1342: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1342-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 25 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22887 | |||
Oval ID: | oval:org.mitre.oval:def:22887 | ||
Title: | ELSA-2011:1343: thunderbird security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1343-01 CVE-2011-2998 CVE-2011-2999 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22973 | |||
Oval ID: | oval:org.mitre.oval:def:22973 | ||
Title: | DEPRECATED: ELSA-2011:1341: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1341-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 26 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23500 | |||
Oval ID: | oval:org.mitre.oval:def:23500 | ||
Title: | ELSA-2011:1341: firefox security update (Critical) | ||
Description: | Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:1341-01 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 25 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | firefox xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27971 | |||
Oval ID: | oval:org.mitre.oval:def:27971 | ||
Title: | DEPRECATED: ELSA-2011-1342 -- thunderbird security update (critical) | ||
Description: | [3.1.15-1.0.1.el6_1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball [3.1.15-1] - Update to 3.1.15 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1342 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | thunderbird |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8602 | |||
Oval ID: | oval:org.mitre.oval:def:8602 | ||
Title: | Mozilla Firefox 'window.location' Same Origin Policy Security Bypass Vulnerability | ||
Description: | Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0170 | Version: | 12 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for seamonkey CESA-2011:1344 centos4 x86_64 File : nvt/gb_CESA-2011_1344_seamonkey_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos5 x86_64 File : nvt/gb_CESA-2011_1343_thunderbird_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2011:1341 centos4 x86_64 File : nvt/gb_CESA-2011_1341_firefox_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos4 x86_64 File : nvt/gb_CESA-2011_1343_thunderbird_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for firefox CESA-2011:1341 centos5 x86_64 File : nvt/gb_CESA-2011_1341_firefox_centos5_x86_64.nasl |
2012-07-09 | Name : RedHat Update for thunderbird RHSA-2011:1342-01 File : nvt/gb_RHSA-2011_1342-01_thunderbird.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2313-1 (iceweasel) File : nvt/deb_2313_1.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2312-1 (iceape) File : nvt/deb_2312_1.nasl |
2011-10-16 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox59.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2317-1 (icedove) File : nvt/deb_2317_1.nasl |
2011-10-14 | Name : Mozilla Products Same Origin Policy Bypass Vulnerability (MAC OS X) File : nvt/gb_mozilla_prdts_sec_bypass_vuln_macosx.nasl |
2011-10-14 | Name : Mozilla Products Multiple Vulnerabilities - Oct 2011 (MAC OS X) File : nvt/gb_mozilla_prdts_mult_vuln_macosx_oct11.nasl |
2011-10-14 | Name : Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption... File : nvt/gb_mozilla_prdts_dialog_bypass_n_use_after_free_mem_crptn_vuln_macosx.nasl |
2011-10-14 | Name : Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (MAC ... File : nvt/gb_mozilla_firefox_mem_corrpt_n_int_underflow_vuln_macosx.nasl |
2011-10-10 | Name : Ubuntu Update for mozvoikko USN-1222-2 File : nvt/gb_ubuntu_USN_1222_2.nasl |
2011-10-04 | Name : Mozilla Products Multiple Vulnerabilities - Oct 2011 (Windows) File : nvt/gb_mozilla_prdts_mult_vuln_win_oct11.nasl |
2011-10-04 | Name : Mozilla Products Same Origin Policy Bypass Vulnerability (Windows) File : nvt/gb_mozilla_prdts_sec_bypass_vuln_win.nasl |
2011-10-04 | Name : Mozilla Products Enter Key Dialog Bypass and Use-After-Free Memory Corruption... File : nvt/gb_mozilla_prdts_dialog_bypass_n_use_after_free_mem_crptn_vuln_win.nasl |
2011-10-04 | Name : Mozilla Firefox Memory Corruption and Integer Underflow Vulnerabilities (Wind... File : nvt/gb_mozilla_firefox_mem_corrpt_n_int_underflow_vuln_win.nasl |
2011-10-04 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2011:140 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2011_140.nasl |
2011-10-04 | Name : Mandriva Update for firefox MDVSA-2011:139 (firefox) File : nvt/gb_mandriva_MDVSA_2011_139.nasl |
2011-09-30 | Name : Ubuntu Update for firefox USN-1210-1 File : nvt/gb_ubuntu_USN_1210_1.nasl |
2011-09-30 | Name : Ubuntu Update for thunderbird USN-1213-1 File : nvt/gb_ubuntu_USN_1213_1.nasl |
2011-09-30 | Name : Ubuntu Update for firefox USN-1222-1 File : nvt/gb_ubuntu_USN_1222_1.nasl |
2011-09-30 | Name : RedHat Update for seamonkey RHSA-2011:1344-01 File : nvt/gb_RHSA-2011_1344-01_seamonkey.nasl |
2011-09-30 | Name : RedHat Update for thunderbird RHSA-2011:1343-01 File : nvt/gb_RHSA-2011_1343-01_thunderbird.nasl |
2011-09-30 | Name : RedHat Update for firefox RHSA-2011:1341-01 File : nvt/gb_RHSA-2011_1341-01_firefox.nasl |
2011-09-30 | Name : CentOS Update for seamonkey CESA-2011:1344 centos4 i386 File : nvt/gb_CESA-2011_1344_seamonkey_centos4_i386.nasl |
2011-09-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos5 i386 File : nvt/gb_CESA-2011_1343_thunderbird_centos5_i386.nasl |
2011-09-30 | Name : CentOS Update for thunderbird CESA-2011:1343 centos4 i386 File : nvt/gb_CESA-2011_1343_thunderbird_centos4_i386.nasl |
2011-09-30 | Name : CentOS Update for firefox CESA-2011:1341 centos5 i386 File : nvt/gb_CESA-2011_1341_firefox_centos5_i386.nasl |
2011-09-30 | Name : CentOS Update for firefox CESA-2011:1341 centos4 i386 File : nvt/gb_CESA-2011_1341_firefox_centos4_i386.nasl |
2010-04-29 | Name : Mandriva Update for firefox MDVSA-2010:070-1 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070_1.nasl |
2010-04-19 | Name : Mandriva Update for firefox MDVA-2010:121 (firefox) File : nvt/gb_mandriva_MDVA_2010_121.nasl |
2010-04-16 | Name : Mandriva Update for firefox-ext-plasmanotify MDVA-2010:118 (firefox-ext-plasm... File : nvt/gb_mandriva_MDVA_2010_118.nasl |
2010-04-16 | Name : Mandriva Update for firefox MDVSA-2010:070 (firefox) File : nvt/gb_mandriva_MDVSA_2010_070.nasl |
2010-03-30 | Name : Firefox Multiple Vulnerabilities Mar-10 (Linux) File : nvt/secpod_firefox_mult_vuln_mar10_lin.nasl |
2010-03-30 | Name : Firefox Multiple Vulnerabilities Mar-10 (Win) File : nvt/secpod_firefox_mult_vuln_mar10_win.nasl |
2010-02-22 | Name : Mandriva Update for blogtk MDVA-2010:070-1 (blogtk) File : nvt/gb_mandriva_MDVA_2010_070_1.nasl |
2010-02-19 | Name : Mandriva Update for blogtk MDVA-2010:070 (blogtk) File : nvt/gb_mandriva_MDVA_2010_070.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
75841 | Mozilla Multiple Product Enter Key Download Dialog Verification Bypass |
75840 | Mozilla Multiple Product PLUGINSPAGE Enter Key Addon Installation Verificatio... |
75839 | Mozilla Multiple Product Multiple Header Handling HTTP Response Splitting Wea... |
75838 | Mozilla Multiple Product window.location Named Frame Creation Same Origin Pol... |
75837 | Mozilla Firefox Regular Expression Unspecified Underflow |
75835 | Mozilla Multiple Product Plugin API Unspecified Remote DoS |
75834 | Mozilla Multiple Product Multiple Unspecified Memory Corruption (2011-2995) |
63271 | Mozilla Firefox Plugins window.location Same Origin Policy Bypass XSS |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Mozilla multiple content-disposition headers malicious redirect attempt RuleID : 20586 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla multiple content-length headers malicious redirect attempt RuleID : 20585 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla multiple content-type headers malicious redirect attempt RuleID : 20584 - Revision : 8 - Type : BROWSER-FIREFOX |
2014-01-10 | Mozilla multiple location headers malicious redirect attempt RuleID : 20583 - Revision : 7 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_thunderbird_20120404_2.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_firefox_20121210.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-111130.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2011-9.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaFirefox-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-110928.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-111130.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1344.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1342.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-1343.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-141.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-142.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_seamonkey_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_thunderbird_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110928_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7784.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-111004.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-111114.nasl - Type : ACT_GATHER_INFO |
2011-10-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7783.nasl - Type : ACT_GATHER_INFO |
2011-10-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2317.nasl - Type : ACT_GATHER_INFO |
2011-10-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1222-2.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-140.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_3_6_23.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_firefox_7_0.nasl - Type : ACT_GATHER_INFO |
2011-10-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-139.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1222-1.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1344.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2312.nasl - Type : ACT_GATHER_INFO |
2011-09-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2313.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1213-1.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2011-1343.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1210-1.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_24.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1344.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1342.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1341.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a mail client that may be affected by multip... File : mozilla_thunderbird_70.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_70.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3623.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1fade8a3e9e811e095804061862b8c22.nasl - Type : ACT_GATHER_INFO |
2011-09-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-1343.nasl - Type : ACT_GATHER_INFO |
2011-08-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_60.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_23.nasl - Type : ACT_GATHER_INFO |
2011-08-17 | Name : The remote Windows host contains a mail client that may be affected by multip... File : mozilla_thunderbird_60.nasl - Type : ACT_GATHER_INFO |
2010-04-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-070.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote Windows host contains a web browser that is affected by Multiple V... File : mozilla_firefox_362.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:42:27 |
|
2013-05-11 00:48:38 |
|