Executive Summary
| Summary | |
|---|---|
| Title | mozilla security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2005:335 | First vendor Publication | 2005-03-23 |
| Vendor | RedHat | Last vendor Modification | 2005-03-23 |
| Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated mozilla packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0399 to this issue. A bug was found in the way Mozilla responds to proxy auth requests. It is possible for a malicious webserver to steal credentials from a victims browser by issuing a 407 proxy authentication request. (CAN-2005-0147) A bug was found in the way Mozilla displays dialog windows. It is possible that a malicious web page which is being displayed in a background tab could present the user with a dialog window appearing to come from the active page. (CAN-2004-1380) A bug was found in the way Mozilla Mail handles cookies when loading content over HTTP regardless of the user's preference. It is possible that a particular user could be tracked through the use of malicious mail messages which load content over HTTP. (CAN-2005-0149) A flaw was found in the way Firefox displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CAN-2005-0233) A bug was found in the way Firefox handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CAN-2004-1156) A bug was found in the way Mozilla saves temporary files. Temporary files are saved with world readable permissions, which could allow a local malicious user to view potentially sensitive data. (CAN-2005-0142) A bug was found in the way Mozilla handles synthetic middle click events. It is possible for a malicious web page to steal the contents of a victims clipboard. (CAN-2005-0146) A bug was found in the way Mozilla processes XUL content. If a malicious web page can trick a user into dragging an object, it is possible to load malicious XUL content. (CAN-2005-0401) A bug was found in the way Mozilla loads links in a new tab which are middle clicked. A malicious web page could read local files or modify privileged chrom settings. (CAN-2005-0141) A bug was found in the way Mozilla displays the secure site icon. A malicious web page can use a view-source URL targetted at a secure page, while loading an insecure page, yet the secure site icon shows the previous secure state. (CAN-2005-0144) A bug was found in the way Mozilla displays the secure site icon. A malicious web page can display the secure site icon by loading a binary file from a secured site. (CAN-2005-0143) A bug was found in the way Firefox displays the download dialog window. A malicious site can obfuscate the content displayed in the source field, tricking a user into thinking they are downloading content from a trusted source. (CAN-2005-0585) Users of Mozilla are advised to upgrade to this updated package which contains Mozilla version 1.7.6 to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 142508 - 144228 - 146188 - CAN-2005-0141 multiple mozilla issues CAN-2004-1316 CAN-2005-0142 CAN-2005-0143 CAN-2005-0144 CAN-2004-1380 CAN-2004-1381 CAN-2005-0146 CAN-2005-0147 CAN-2005-0149 147397 - homograph spoofing 150866 - 151730 - |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2005-335.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:100026 | |||
| Oval ID: | oval:org.mitre.oval:def:100026 | ||
| Title: | Mozilla XUL Drag and Drop Security Bypass Vulnerability | ||
| Description: | FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2005-0401 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:100028 | |||
| Oval ID: | oval:org.mitre.oval:def:100028 | ||
| Title: | Mozilla GIF Heap Overflow | ||
| Description: | Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2005-0399 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:100029 | |||
| Oval ID: | oval:org.mitre.oval:def:100029 | ||
| Title: | Mozilla IDN Homograph Spoofing Vulnerability | ||
| Description: | The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2005-0233 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:100035 | |||
| Oval ID: | oval:org.mitre.oval:def:100035 | ||
| Title: | Mozilla Download Dialog Source Spoofing Vulnerability | ||
| Description: | Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2005-0585 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:100045 | |||
| Oval ID: | oval:org.mitre.oval:def:100045 | ||
| Title: | Mozilla Popup Content Spoofing Vulnerability | ||
| Description: | Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2004-1156 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:100047 | |||
| Oval ID: | oval:org.mitre.oval:def:100047 | ||
| Title: | Mozilla Mail News Cookie Security Bypass Vulnerability | ||
| Description: | Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers bypass the user's intended privacy and security policy by using cookies in e-mail messages. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2005-0149 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:100049 | |||
| Oval ID: | oval:org.mitre.oval:def:100049 | ||
| Title: | Mozilla 407 Proxy Information Disclosure Vulnerability | ||
| Description: | Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2005-0147 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:100050 | |||
| Oval ID: | oval:org.mitre.oval:def:100050 | ||
| Title: | Mozilla Inactive Tab Dialog Box Vulnerability | ||
| Description: | Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2004-1380 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Mozilla Firefox mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:100052 | |||
| Oval ID: | oval:org.mitre.oval:def:100052 | ||
| Title: | Mozilla Malicious news: Vulnerability | ||
| Description: | Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2004-1316 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Thunderbird |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:100053 | |||
| Oval ID: | oval:org.mitre.oval:def:100053 | ||
| Title: | Mozilla Inactive Tab Form Data Theft Vulnerability | ||
| Description: | Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2004-1381 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:100054 | |||
| Oval ID: | oval:org.mitre.oval:def:100054 | ||
| Title: | Mozilla SSL Lock Image Spoofing via "View Source" | ||
| Description: | Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2005-0144 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:100055 | |||
| Oval ID: | oval:org.mitre.oval:def:100055 | ||
| Title: | Mozilla SSL Lock Image Spoofing during Binary Download | ||
| Description: | Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2005-0143 | Version: | 5 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla Mozilla Firefox |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:100056 | |||
| Oval ID: | oval:org.mitre.oval:def:100056 | ||
| Title: | Mozilla Creates World-readable temp Files | ||
| Description: | Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2005-0142 | Version: | 4 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:100057 | |||
| Oval ID: | oval:org.mitre.oval:def:100057 | ||
| Title: | Mozilla Local File Loading Vulnerability | ||
| Description: | Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2005-0141 | Version: | 4 |
| Platform(s): | Microsoft Windows NT Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10117 | |||
| Oval ID: | oval:org.mitre.oval:def:10117 | ||
| Title: | Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | ||
| Description: | Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-1156 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11229 | |||
| Oval ID: | oval:org.mitre.oval:def:11229 | ||
| Title: | The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | ||
| Description: | The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-0233 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9578 | |||
| Oval ID: | oval:org.mitre.oval:def:9578 | ||
| Title: | Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme. | ||
| Description: | Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-0147 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9808 | |||
| Oval ID: | oval:org.mitre.oval:def:9808 | ||
| Title: | Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. | ||
| Description: | Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-1316 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9924 | |||
| Oval ID: | oval:org.mitre.oval:def:9924 | ||
| Title: | Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks. | ||
| Description: | Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-0585 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Mozilla Firefox GIF processing buffer overflow | More info here |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-05-05 | Name : HP-UX Update for Mozilla remote HPSBUX01133 File : nvt/gb_hp_ux_HPSBUX01133.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-10 (Firefox) File : nvt/glsa_200503_10.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-30 (Mozilla) File : nvt/glsa_200503_30.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-31 (Firefox) File : nvt/glsa_200503_31.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-32 (Thunderbird) File : nvt/glsa_200503_32.nasl |
| 2008-09-04 | Name : mozilla -- heap overflow in NNTP handler File : nvt/freebsd_de-netscape7.nasl |
| 2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox5.nasl |
| 2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox8.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 59843 | Mozilla Multiple Browsers Cross-domain Browser Window Injection Content Spoofing |
| 15010 | Mozilla Drag and Drop Privileged XUL Loading (firescrolling 2) |
| 14937 | Mozilla Multiple Browser GIF Processing Overflow |
| 13578 | Mozilla Multiple Browser International Domain Name (IDN) Punycode Encoded Dom... |
| 13339 | Mozilla Multiple Products network.cookie.disableCookieForMailNews Email Secur... |
| 13338 | Mozilla Multiple Products Proxy Auth Request NTLM or SPNEGO Credential Theft |
| 13337 | Mozilla Multiple Products Clipboard Paste Operation Information Disclosure |
| 13336 | Mozilla Multiple Products view-source: URL Reference Lock Icon Weakness |
| 13335 | Mozilla Multiple Products Insecure Page Secure Binary Lock Icon Weakness |
| 13334 | Multiple Mozilla Product Custom getter / toString Method Arbitrary File Access |
| 12740 | Mozilla Browsers Download Source Spoofing |
| 12637 | Mozilla nsNNTPProtocol.cpp NNTP news:// URI Handling Overflow DoS Mozilla contains a flaw that may allow a malicious user to crash the application. The issue is triggered when a user sends a specially crafted, overly long "news://" URI. causing a buffer overflow within the 'MSG_UnEscapeSearchUrl()' function within "nsNNTPProtocol.cpp" occurs. It is possible that the flaw may allow an attacker to crash mozilla resulting in a loss of availability. |
| 11118 | Mozilla Multiple Products Downloaded File Content Disclosure |
| 10984 | Multiple Browser Cross Tab Form Focus Mozilla Web Browser, Firefox, Netscape, Maxthon and Avant Browser contain a flaw that may allow a malicious user to gain confidential data by shifting focus on forms from an active tab to an inactive tab. The issue is triggered when a user visits a specially crafted URL that may allow inactive tabs to gain focus from form fields on web sites in another tab resulting in a loss of confidentiality. |
| 10983 | Multiple Browser Cross Tab Dialog Box Spoofing Multiple web browsers contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an attacker creating a specially-crafted web page that would produce an inactive tab or window to launch a dialog box that appears to come from a trusted source, which could disclose sensitive information resulting in a loss of confidentiality. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Mozilla GIF multipacket heap overflow - ANIMEXTS1.0 RuleID : 6503 - Revision : 9 - Type : WEB-CLIENT |
| 2014-01-10 | Mozilla GIF single packet heap overflow - ANIMEXTS1.0 RuleID : 6502 - Revision : 15 - Type : FILE-IMAGE |
| 2014-01-10 | Mozilla GIF multipacket heap overflow - NETSCAPE2.0 RuleID : 3536 - Revision : 13 - Type : WEB-CLIENT |
| 2014-01-10 | Mozilla GIF single packet heap overflow - NETSCAPE2.0 RuleID : 3534 - Revision : 26 - Type : FILE-IMAGE |
| 2014-01-10 | Mozilla NNTP URL Handling Buffer Overflow attempt RuleID : 17482 - Revision : 13 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Products IDN Spoofing Vulnerability Attempt RuleID : 17409 - Revision : 12 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-384.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-149-3.nasl - Type : ACT_GATHER_INFO |
| 2005-10-24 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_016.nasl - Type : ACT_GATHER_INFO |
| 2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-246.nasl - Type : ACT_GATHER_INFO |
| 2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-249.nasl - Type : ACT_GATHER_INFO |
| 2005-09-12 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-247.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3fbf9db2658b11d9abad000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_7d2aac529c6b11d999a7000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b09119856e2a11d99557000a95bc6fae.nasl - Type : ACT_GATHER_INFO |
| 2005-05-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-248.nasl - Type : ACT_GATHER_INFO |
| 2005-05-17 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-088.nasl - Type : ACT_GATHER_INFO |
| 2005-04-29 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-384.nasl - Type : ACT_GATHER_INFO |
| 2005-04-12 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_022.nasl - Type : ACT_GATHER_INFO |
| 2005-03-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200503-30.nasl - Type : ACT_GATHER_INFO |
| 2005-03-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200503-31.nasl - Type : ACT_GATHER_INFO |
| 2005-03-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200503-32.nasl - Type : ACT_GATHER_INFO |
| 2005-03-25 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-337.nasl - Type : ACT_GATHER_INFO |
| 2005-03-25 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-336.nasl - Type : ACT_GATHER_INFO |
| 2005-03-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-335.nasl - Type : ACT_GATHER_INFO |
| 2005-03-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-323.nasl - Type : ACT_GATHER_INFO |
| 2005-03-23 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_102.nasl - Type : ACT_GATHER_INFO |
| 2005-03-23 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_102.nasl - Type : ACT_GATHER_INFO |
| 2005-03-23 | Name : A web browser installed on the remote host contains multiple vulnerabilities. File : mozilla_176.nasl - Type : ACT_GATHER_INFO |
| 2005-03-17 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-058.nasl - Type : ACT_GATHER_INFO |
| 2005-03-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200503-10.nasl - Type : ACT_GATHER_INFO |
| 2005-03-02 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-176.nasl - Type : ACT_GATHER_INFO |
| 2005-02-25 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_101.nasl - Type : ACT_GATHER_INFO |
| 2005-02-22 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-094.nasl - Type : ACT_GATHER_INFO |
| 2005-01-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-038.nasl - Type : ACT_GATHER_INFO |
| 2005-01-02 | Name : A web browser on the remote host is prone to a heap overflow attack. File : mozilla_nntp_heap_overflow.nasl - Type : ACT_GATHER_INFO |
| 2004-11-13 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_img.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:49:13 |
|
| 2013-05-11 12:22:58 |
|
