Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2013:165 First vendor Publication 2013-05-15
Vendor Mandriva Last vendor Modification 2013-05-15
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple security issues was identified and fixed in mozilla firefox:

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code (CVE-2013-0801).

Security researcher Cody Crews reported a method to call a content level constructor that allows for this constructor to have chrome privileged accesss. This affects chrome object wrappers (COW) and allows for write actions on objects when only read actions should be allowed. This can lead to cross-site scripting (XSS) attacks (CVE-2013-1670).

Security researcher Nils reported a use-after-free when resizing video while playing. This could allow for arbitrary code execution (CVE-2013-1674).

Mozilla community member Ms2ger discovered that some DOMSVGZoomEvent functions are used without being properly initialized, causing uninitialized memory to be used when they are called by web content. This could lead to a information leakage to sites depending on the contents of this uninitialized memory (CVE-2013-1675).

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a series of use-after-free, out of bounds read, and invalid write problems rated as moderate to critical as security issues in shipped software. Some of these issues are potentially exploitable, allowing for remote code execution. We would also like to thank Abhishek for reporting additional use-after-free flaws in dir=auto code introduced during Firefox development. These were fixed before general release (CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681).

The mozilla firefox packages has been upgraded to the latest ESR version (17.0.6) which is unaffected by these security flaws.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:165

CWE : Common Weakness Enumeration

% Id Name
40 % CWE-399 Resource Management Errors
40 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10 % CWE-264 Permissions, Privileges, and Access Controls
10 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:16577
 
Oval ID: oval:org.mitre.oval:def:16577
Title: The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors.
Description: The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1678
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16956
 
Oval ID: oval:org.mitre.oval:def:16956
Title: The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
Description: The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1676
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16976
 
Oval ID: oval:org.mitre.oval:def:16976
Title: Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent sensitive information from process memory via a crafted web site.
Description: Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1675
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16979
 
Oval ID: oval:org.mitre.oval:def:16979
Title: The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
Description: The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1677
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16988
 
Oval ID: oval:org.mitre.oval:def:16988
Title: Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Description: Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1681
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17031
 
Oval ID: oval:org.mitre.oval:def:17031
Title: Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Description: Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1680
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17046
 
Oval ID: oval:org.mitre.oval:def:17046
Title: The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
Description: The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1670
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17062
 
Oval ID: oval:org.mitre.oval:def:17062
Title: Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.
Description: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0801
Version: 23
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla SeaMonkey
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17085
 
Oval ID: oval:org.mitre.oval:def:17085
Title: Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Description: Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1679
Version: 17
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17093
 
Oval ID: oval:org.mitre.oval:def:17093
Title: USN-1822-1 -- Firefox vulnerabilities
Description: Firefox could be made to crash or run programs as your login if it opened a malicious website.
Family: unix Class: patch
Reference(s): usn-1822-1
CVE-2013-0801
CVE-2013-1669
CVE-2013-1670
CVE-2013-1671
CVE-2013-1674
CVE-2013-1675
CVE-2013-1676
CVE-2013-1677
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
Version: 7
Platform(s): Ubuntu 13.04
Ubuntu 12.04
Ubuntu 12.10
Product(s): firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17147
 
Oval ID: oval:org.mitre.oval:def:17147
Title: Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video.
Description: Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1674
Version: 16
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox ESR
Mozilla Thunderbird ESR
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17825
 
Oval ID: oval:org.mitre.oval:def:17825
Title: DSA-2699-1 iceweasel - several
Description: Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, missing input sanitising vulnerabilities, use-after-free vulnerabilities, buffer overflows and other programming errors may lead to the execution of arbitrary code, privilege escalation, information leaks or cross-site-scripting.
Family: unix Class: patch
Reference(s): DSA-2699-1
CVE-2013-0773
CVE-2013-0775
CVE-2013-0776
CVE-2013-0780
CVE-2013-0782
CVE-2013-0783
CVE-2013-0787
CVE-2013-0788
CVE-2013-0793
CVE-2013-0795
CVE-2013-0796
CVE-2013-0800
CVE-2013-0801
CVE-2013-1670
CVE-2013-1674
CVE-2013-1675
CVE-2013-1676
CVE-2013-1677
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
Version: 8
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): iceweasel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18282
 
Oval ID: oval:org.mitre.oval:def:18282
Title: USN-1823-1 -- thunderbird vulnerabilities
Description: Several security issues were fixed in Thunderbird.
Family: unix Class: patch
Reference(s): USN-1823-1
CVE-2013-0801
CVE-2013-1669
CVE-2013-1670
CVE-2013-1674
CVE-2013-1675
CVE-2013-1676
CVE-2013-1677
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
Version: 7
Platform(s): Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21038
 
Oval ID: oval:org.mitre.oval:def:21038
Title: RHSA-2013:0821: thunderbird security update (Important)
Description: Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Family: unix Class: patch
Reference(s): RHSA-2013:0821-01
CESA-2013:0821
CVE-2013-0801
CVE-2013-1670
CVE-2013-1674
CVE-2013-1675
CVE-2013-1676
CVE-2013-1677
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
Version: 143
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21139
 
Oval ID: oval:org.mitre.oval:def:21139
Title: RHSA-2013:0820: firefox security update (Critical)
Description: Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Family: unix Class: patch
Reference(s): RHSA-2013:0820-01
CESA-2013:0820
CVE-2013-0801
CVE-2013-1670
CVE-2013-1674
CVE-2013-1675
CVE-2013-1676
CVE-2013-1677
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
Version: 143
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22889
 
Oval ID: oval:org.mitre.oval:def:22889
Title: DEPRECATED: ELSA-2013:0821: thunderbird security update (Important)
Description: Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:0821-01
CVE-2013-0801
CVE-2013-1670
CVE-2013-1674
CVE-2013-1675
CVE-2013-1676
CVE-2013-1677
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
Version: 46
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22971
 
Oval ID: oval:org.mitre.oval:def:22971
Title: DEPRECATED: ELSA-2013:0820: firefox security update (Critical)
Description: Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:0820-01
CVE-2013-0801
CVE-2013-1670
CVE-2013-1674
CVE-2013-1675
CVE-2013-1676
CVE-2013-1677
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
Version: 46
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23946
 
Oval ID: oval:org.mitre.oval:def:23946
Title: ELSA-2013:0821: thunderbird security update (Important)
Description: Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:0821-01
CVE-2013-0801
CVE-2013-1670
CVE-2013-1674
CVE-2013-1675
CVE-2013-1676
CVE-2013-1677
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
Version: 45
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24014
 
Oval ID: oval:org.mitre.oval:def:24014
Title: ELSA-2013:0820: firefox security update (Critical)
Description: Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Family: unix Class: patch
Reference(s): ELSA-2013:0820-01
CVE-2013-0801
CVE-2013-1670
CVE-2013-1674
CVE-2013-1675
CVE-2013-1676
CVE-2013-1677
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
Version: 45
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26956
 
Oval ID: oval:org.mitre.oval:def:26956
Title: DEPRECATED: ELSA-2013-0820 -- firefox security update (critical)
Description: firefox [17.0.6-1.0.1.el6_4] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones [17.0.6-1] - Update to 17.0.6 ESR [17.0.5-2] - Updated XulRunner check xulrunner [17.0.6-2.0.1.el6_4] - Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js - Removed XULRUNNER_VERSION from SOURCE21 [17.0.6-2] - Update to 17.0.6 ESR [17.0.5-2] - Updated nss and nspr versions
Family: unix Class: patch
Reference(s): ELSA-2013-0820
CVE-2013-0801
CVE-2013-1670
CVE-2013-1674
CVE-2013-1675
CVE-2013-1676
CVE-2013-1677
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): firefox
xulrunner
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27481
 
Oval ID: oval:org.mitre.oval:def:27481
Title: DEPRECATED: ELSA-2013-0821 -- thunderbird security update (important)
Description: [17.0.6-2.0.1.el6_4] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [17.0.6-2] - Update to 17.0.6 ESR
Family: unix Class: patch
Reference(s): ELSA-2013-0821
CVE-2013-0801
CVE-2013-1670
CVE-2013-1674
CVE-2013-1675
CVE-2013-1676
CVE-2013-1677
CVE-2013-1678
CVE-2013-1679
CVE-2013-1680
CVE-2013-1681
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): thunderbird
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 334
Application 6
Application 225
Application 6

ExploitDB Exploits

id Description
2014-08-19 Firefox toString console.time Privileged Javascript Injection

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-448.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-447.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-438.nasl - Type : ACT_GATHER_INFO
2013-09-28 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201309-23.nasl - Type : ACT_GATHER_INFO
2013-07-18 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_firefox-20130628-130702.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2013-0821.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0820.nasl - Type : ACT_GATHER_INFO
2013-07-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2720.nasl - Type : ACT_GATHER_INFO
2013-06-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2699.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Windows host contains a mail client that is potentially affected b...
File : mozilla_thunderbird_1706_esr.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130514_thunderbird_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130514_firefox_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Windows host contains a mail client that is potentially affected b...
File : mozilla_thunderbird_1706.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Windows host contains a web browser that is potentially affected b...
File : mozilla_firefox_21.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Windows host contains a web browser that is potentially affected b...
File : mozilla_firefox_1706_esr.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Mac OS X host contains a mail client that is potentially affected ...
File : macosx_thunderbird_17_0_6_esr.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Mac OS X host contains a mail client that is potentially affected ...
File : macosx_thunderbird_17_0_6.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Mac OS X host contains a web browser that is potentially affected ...
File : macosx_firefox_21.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Mac OS X host contains a web browser that is potentially affected ...
File : macosx_firefox_17_0_6_esr.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_4a1ca8a4bd8211e2b7a0d43d7e0c7c02.nasl - Type : ACT_GATHER_INFO
2013-05-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0820.nasl - Type : ACT_GATHER_INFO
2013-05-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0820.nasl - Type : ACT_GATHER_INFO
2013-05-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0821.nasl - Type : ACT_GATHER_INFO
2013-05-15 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1822-1.nasl - Type : ACT_GATHER_INFO
2013-05-15 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1823-1.nasl - Type : ACT_GATHER_INFO
2013-05-15 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2013-0821.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2013-05-16 17:21:31
  • Multiple Updates
2013-05-15 13:18:19
  • First insertion