10 - RHSA-2004:486

Executive Summary

Summary
Title	Updated mozilla packages fix security issues

Informations
Name	RHSA-2004:486	First vendor Publication	2004-09-30
Vendor	RedHat	Last vendor Modification	2004-09-30
Severity (Vendor)	N/A	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated mozilla packages that fix a number of security issues are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor.

Jesse Ruderman discovered a cross-domain scripting bug in Mozilla. If a user is tricked into dragging a javascript link into another frame or page, it becomes possible for an attacker to steal or modify sensitive information from that site. Additionally, if a user is tricked into dragging two links in sequence to another window (not frame), it is possible for the attacker to execute arbitrary commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0905 to this issue.

Gael Delalleau discovered an integer overflow which affects the BMP handling code inside Mozilla. An attacker could create a carefully crafted BMP file in such a way that it would cause Mozilla to crash or execute arbitrary code when the image is viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0904 to this issue.

Georgi Guninski discovered a stack-based buffer overflow in the vCard display routines. An attacker could create a carefully crafted vCard file in such a way that it would cause Mozilla to crash or execute arbitrary code when viewed. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0903 to this issue.

Wladimir Palant discovered a flaw in the way javascript interacts with the clipboard. It is possible that an attacker could use malicious javascript code to steal sensitive data which has been copied into the clipboard. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0908 to this issue.

Georgi Guninski discovered a heap based buffer overflow in the "Send Page" feature. It is possible that an attacker could construct a link in such a way that a user attempting to forward it could result in a crash or arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0902 to this issue.

Users of Mozilla should update to these updated packages, which contain backported patches and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

133023 - CAN-2004-0902 "send page" heap based buffer overflow 133024 - CAN-2004-0902 "send page" heap based buffer overflow 133022 - CAN-2004-0908 javascript clipboard information leakage 133021 - CAN-2004-0908 javascript clipboard information leakage 133017 - CAN-2004-0903 VCard buffer overflow 133016 - CAN-2004-0903 VCard buffer overflow 133015 - CAN-2004-0904 BMP integer overflows 133014 - CAN-2004-0904 BMP integer overflows 133013 - CAN-2004-0905 javascript link dragging information leak 133012 - CAN-2004-0905 javascript link dragging information leak

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2004-486.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10378

Oval ID:	oval:org.mitre.oval:def:10378
Title:	Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
Description:	Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0905	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section mozilla-js-debugger is earlier than 37:1.4.3-3.0.4 AND mozilla is earlier than 37:1.4.3-3.0.4 AND mozilla-chat is earlier than 37:1.4.3-3.0.4 AND mozilla-mail is earlier than 37:1.4.3-3.0.4 AND mozilla-dom-inspector is earlier than 37:1.4.3-3.0.4 AND mozilla-devel is earlier than 37:1.4.3-3.0.4 AND mozilla-nss is earlier than 37:1.4.3-3.0.4 AND mozilla-nss-devel is earlier than 37:1.4.3-3.0.4 AND mozilla-nspr is earlier than 37:1.4.3-3.0.4 AND mozilla-nspr-devel is earlier than 37:1.4.3-3.0.4

Definition Id: oval:org.mitre.oval:def:10873

Oval ID:	oval:org.mitre.oval:def:10873
Title:	Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
Description:	Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0903	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section mozilla-js-debugger is earlier than 37:1.4.3-3.0.4 AND mozilla is earlier than 37:1.4.3-3.0.4 AND mozilla-chat is earlier than 37:1.4.3-3.0.4 AND mozilla-mail is earlier than 37:1.4.3-3.0.4 AND mozilla-dom-inspector is earlier than 37:1.4.3-3.0.4 AND mozilla-devel is earlier than 37:1.4.3-3.0.4 AND mozilla-nss is earlier than 37:1.4.3-3.0.4 AND mozilla-nss-devel is earlier than 37:1.4.3-3.0.4 AND mozilla-nspr is earlier than 37:1.4.3-3.0.4 AND mozilla-nspr-devel is earlier than 37:1.4.3-3.0.4

Definition Id: oval:org.mitre.oval:def:10952

Oval ID:	oval:org.mitre.oval:def:10952
Title:	Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
Description:	Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0904	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section mozilla-js-debugger is earlier than 37:1.4.3-3.0.4 AND mozilla is earlier than 37:1.4.3-3.0.4 AND mozilla-chat is earlier than 37:1.4.3-3.0.4 AND mozilla-mail is earlier than 37:1.4.3-3.0.4 AND mozilla-dom-inspector is earlier than 37:1.4.3-3.0.4 AND mozilla-devel is earlier than 37:1.4.3-3.0.4 AND mozilla-nss is earlier than 37:1.4.3-3.0.4 AND mozilla-nss-devel is earlier than 37:1.4.3-3.0.4 AND mozilla-nspr is earlier than 37:1.4.3-3.0.4 AND mozilla-nspr-devel is earlier than 37:1.4.3-3.0.4

Definition Id: oval:org.mitre.oval:def:11201

Oval ID:	oval:org.mitre.oval:def:11201
Title:	Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
Description:	Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0902	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section mozilla-js-debugger is earlier than 37:1.4.3-3.0.4 AND mozilla is earlier than 37:1.4.3-3.0.4 AND mozilla-chat is earlier than 37:1.4.3-3.0.4 AND mozilla-mail is earlier than 37:1.4.3-3.0.4 AND mozilla-dom-inspector is earlier than 37:1.4.3-3.0.4 AND mozilla-devel is earlier than 37:1.4.3-3.0.4 AND mozilla-nss is earlier than 37:1.4.3-3.0.4 AND mozilla-nss-devel is earlier than 37:1.4.3-3.0.4 AND mozilla-nspr is earlier than 37:1.4.3-3.0.4 AND mozilla-nspr-devel is earlier than 37:1.4.3-3.0.4

Definition Id: oval:org.mitre.oval:def:9745

Oval ID:	oval:org.mitre.oval:def:9745
Title:	Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
Description:	Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0908	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section mozilla-js-debugger is earlier than 37:1.4.3-3.0.4 AND mozilla is earlier than 37:1.4.3-3.0.4 AND mozilla-chat is earlier than 37:1.4.3-3.0.4 AND mozilla-mail is earlier than 37:1.4.3-3.0.4 AND mozilla-dom-inspector is earlier than 37:1.4.3-3.0.4 AND mozilla-devel is earlier than 37:1.4.3-3.0.4 AND mozilla-nss is earlier than 37:1.4.3-3.0.4 AND mozilla-nss-devel is earlier than 37:1.4.3-3.0.4 AND mozilla-nspr is earlier than 37:1.4.3-3.0.4 AND mozilla-nspr-devel is earlier than 37:1.4.3-3.0.4

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mozilla Firefox cpe:2.3:a:mozilla:firefox:0.9.3:::::::* cpe:2.3:a:mozilla:firefox:0.9.2:::::::* cpe:2.3:a:mozilla:firefox:0.9.1:::::::* cpe:2.3:a:mozilla:firefox:0.9:rc:::::: cpe:2.3:a:mozilla:firefox:0.9:::::::* cpe:2.3:a:mozilla:firefox:0.8:::::::*	6
Application	Mozilla cpe:2.3:a:mozilla:mozilla:1.7.2:::::::* cpe:2.3:a:mozilla:mozilla:1.7.1:::::::* cpe:2.3:a:mozilla:mozilla:1.7:beta:::::: cpe:2.3:a:mozilla:mozilla:1.7:rc3:::::: cpe:2.3:a:mozilla:mozilla:1.7:alpha:::::: cpe:2.3:a:mozilla:mozilla:1.7:rc2:::::: cpe:2.3:a:mozilla:mozilla:1.7:rc1:::::: cpe:2.3:a:mozilla:mozilla:1.7:::::::* cpe:2.3:a:mozilla:mozilla:1.6:::::::* cpe:2.3:a:mozilla:mozilla:1.5.1:::::::* cpe:2.3:a:mozilla:mozilla:1.5:::::::* cpe:2.3:a:mozilla:mozilla:1.4.4:::::::* cpe:2.3:a:mozilla:mozilla:1.4.2:::::::* cpe:2.3:a:mozilla:mozilla:1.4.1:::::::* cpe:2.3:a:mozilla:mozilla:1.4:alpha:::::: cpe:2.3:a:mozilla:mozilla:1.4:beta:::::: cpe:2.3:a:mozilla:mozilla:1.4:::::::* cpe:2.3:a:mozilla:mozilla:1.3.1:::::::* cpe:2.3:a:mozilla:mozilla:1.3:::::::* cpe:2.3:a:mozilla:mozilla:1.2.1:::::::* cpe:2.3:a:mozilla:mozilla:1.2:alpha:::::: cpe:2.3:a:mozilla:mozilla:1.2:beta:::::: cpe:2.3:a:mozilla:mozilla:1.2:::::::* cpe:2.3:a:mozilla:mozilla:1.1:::::::* cpe:2.3:a:mozilla:mozilla:1.1:beta:::::: cpe:2.3:a:mozilla:mozilla:1.1:alpha:::::: cpe:2.3:a:mozilla:mozilla:1.0.2:::::::* cpe:2.3:a:mozilla:mozilla:1.0.1:::::::* cpe:2.3:a:mozilla:mozilla:1.0:rc1:::::: cpe:2.3:a:mozilla:mozilla:1.0:::::::* cpe:2.3:a:mozilla:mozilla:1.0:rc2:::::: cpe:2.3:a:mozilla:mozilla:0.9.9:::::::* cpe:2.3:a:mozilla:mozilla:0.9.8:::::::* cpe:2.3:a:mozilla:mozilla:0.9.7:::::::* cpe:2.3:a:mozilla:mozilla:0.9.6:::::::* cpe:2.3:a:mozilla:mozilla:0.9.5:::::::* cpe:2.3:a:mozilla:mozilla:0.9.48:::::::* cpe:2.3:a:mozilla:mozilla:0.9.4.1:::::::* cpe:2.3:a:mozilla:mozilla:0.9.4:::::::* cpe:2.3:a:mozilla:mozilla:0.9.35:::::::* cpe:2.3:a:mozilla:mozilla:0.9.3:::::::* cpe:2.3:a:mozilla:mozilla:0.9.2.1:::::::* cpe:2.3:a:mozilla:mozilla:0.9.2:::::::* cpe:2.3:a:mozilla:mozilla:0.8:::::::*	44
Application	Mozilla Thunderbird cpe:2.3:a:mozilla:thunderbird:0.7.3:::::::* cpe:2.3:a:mozilla:thunderbird:0.7.2:::::::* cpe:2.3:a:mozilla:thunderbird:0.7.1:::::::* cpe:2.3:a:mozilla:thunderbird:0.7:-:::::: cpe:2.3:a:mozilla:thunderbird:0.6:::::::* cpe:2.3:a:mozilla:thunderbird:0.5:::::::* cpe:2.3:a:mozilla:thunderbird:0.4:::::::* cpe:2.3:a:mozilla:thunderbird:0.3:::::::* cpe:2.3:a:mozilla:thunderbird:0.2:::::::* cpe:2.3:a:mozilla:thunderbird:0.1:::::::*	10
Application	Netscape Navigator cpe:2.3:a:netscape:navigator:7.2:::::::* cpe:2.3:a:netscape:navigator:7.1:::::::* cpe:2.3:a:netscape:navigator:7.0.2:::::::* cpe:2.3:a:netscape:navigator:7.0:::::::*	4
Os	Conectiva Linux cpe:2.3:o:conectiva:linux:10.0:::::::* cpe:2.3:o:conectiva:linux:9.0:::::::*	2
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server::::: cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server::::: cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server::::: cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server::::: cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64::::: cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server::::: cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64::::: cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64::::: cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::	9
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*	1
Os	Redhat Fedora Core cpe:2.3:o:redhat:fedora_core:core_1.0:::::::*	1
Os	Redhat Linux cpe:2.3:o:redhat:linux:9.0::i386::::: cpe:2.3:o:redhat:linux:7.3::i686::::: cpe:2.3:o:redhat:linux:7.3::i386::::: cpe:2.3:o:redhat:linux:7.3:::::::*	4
Os	Redhat Linux Advanced Workstation cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64::::: cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium_processor:::::	2
Os	Suse Suse Linux cpe:2.3:o:suse:suse_linux:9.1:::::::* cpe:2.3:o:suse:suse_linux:9.0::enterprise_server::::: cpe:2.3:o:suse:suse_linux:9.0:::::::* cpe:2.3:o:suse:suse_linux:9.0::x86_64::::: cpe:2.3:o:suse:suse_linux:8.2:::::::* cpe:2.3:o:suse:suse_linux:8.1:::::::* cpe:2.3:o:suse:suse_linux:8::enterprise_server::::: cpe:2.3:o:suse:suse_linux:1.0::desktop:::::	8

OpenVAS Exploits

Date	Description
2009-10-10	Name : SLES9: Security update for Mozilla File : nvt/sles9p5012017.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200409-26 (Mozilla) File : nvt/glsa_200409_26.nasl
2008-09-04	Name : FreeBSD Ports: thunderbird File : nvt/freebsd_thunderbird0.nasl
2008-09-04	Name : FreeBSD Ports: thunderbird File : nvt/freebsd_thunderbird3.nasl
2008-09-04	Name : FreeBSD Ports: thunderbird File : nvt/freebsd_thunderbird4.nasl
2008-09-04	Name : FreeBSD Ports: thunderbird File : nvt/freebsd_thunderbird5.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
10528	Mozilla Multiple Products Link non-ASCII Hostname Overflow
10527	Mozilla Multiple Products POP3 Response Overflow
10526	Mozilla Multiple Products Send Page Overflow
10525	Mozilla Multiple Products BMP Image Overflow
10524	Mozilla Multiple Products Javascript Drag and Drop XSS
9968	Mozilla Multiple Products nsMsgCompUtils.cpp Multiple Overflows A local overflow exists in Mozilla, Firefox and Thunderbird. The Send Page function fails to validate input received from the page to be sent resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
9966	Mozilla Multiple Products nsVCardObj.cpp writeGroup() Function Overflow A local overflow exists in Mozilla-based applications and Netscape Navigator. The writegroup() function of the nsVCardObj.cpp component fails to ensure parameters with group properties (eg, TEL.HOME) are an acceptable length, resulting in a stack-based overflow. With a specially crafted vCard, an attacker can cause a denial of service condition, and possibly code execution, resulting in a loss of availability and integrity.
9965	Mozilla Multiple Products Text Field Script Generation Arbitrary Clipboard Co...

Snort® IPS/IDS

Date	Description
2018-01-17	Mozilla Firefox buffer overflow attempt RuleID : 45172 - Revision : 1 - Type : BROWSER-FIREFOX
2018-01-17	Mozilla Firefox buffer overflow attempt RuleID : 45171 - Revision : 1 - Type : BROWSER-FIREFOX
2014-01-10	Microsoft Windows Bitmap width integer overflow multipacket attempt RuleID : 3634 - Revision : 9 - Type : WEB-CLIENT
2014-01-10	Microsoft Windows Bitmap width integer overflow attempt RuleID : 3632 - Revision : 25 - Type : FILE-IMAGE
2015-10-01	Microsoft Windows Bitmap width integer overflow attempt RuleID : 35848 - Revision : 3 - Type : FILE-IMAGE

Nessus® Vulnerability Scanner

Date	Description
2005-07-13	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_93d6162f115311d9bc4a000c41e2cdad.nasl - Type : ACT_GATHER_INFO
2005-07-13	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ab9c559e115a11d9bc4a000c41e2cdad.nasl - Type : ACT_GATHER_INFO
2005-07-13	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b2e6d1d6133911d9bc4a000c41e2cdad.nasl - Type : ACT_GATHER_INFO
2005-07-13	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_da690355115911d9bc4a000c41e2cdad.nasl - Type : ACT_GATHER_INFO
2004-10-20	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-107.nasl - Type : ACT_GATHER_INFO
2004-10-02	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-486.nasl - Type : ACT_GATHER_INFO
2004-09-21	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200409-26.nasl - Type : ACT_GATHER_INFO
2004-09-15	Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_multiple_flaws.nasl - Type : ACT_GATHER_INFO
2004-09-15	Name : The remote host has an application that is affected by multiple flaws. File : thunderbird_multiple_flaws.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:48:41	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	5
CPE ID(s)	91
osvdb(s)	8
Openvas Exploit(s)	6
Snort® Rule(s)	5
Nessus® Exploit(s)	9

	Related
10	CVE-2004-0904
10	CVE-2004-0903
10	CVE-2004-0902
4.6	CVE-2004-0905
4	CVE-2004-0908
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 5 more Alert(s)

10 - RHSA-2004:486

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU