Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Firefox security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2006:0328 | First vendor Publication | 2006-04-14 |
| Vendor | RedHat | Last vendor Modification | 2006-04-14 |
| Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated firefox packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox processes malformed javascript. A malicious web page could modify the content of a different open web page, possibly stealing sensitive information or conducting a cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741) Several bugs were found in the way Firefox processes certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742) Several bugs were found in the way Firefox processes malformed web pages. A carefully crafted malicious web page could cause the execution of arbitrary code as the user running Firefox. (CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739) A bug was found in the way Firefox displays the secure site icon. If a browser is configured to display the non-default secure site modal warning dialog, it may be possible to trick a user into believing they are viewing a secure site. (CVE-2006-1740) A bug was found in the way Firefox allows javascript mutation events on "input" form elements. A malicious web page could be created in such a way that when a user submits a form, an arbitrary file could be uploaded to the attacker. (CVE-2006-1729) Users of Firefox are advised to upgrade to these updated packages containing Firefox version 1.0.8 which corrects these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 183537 - CVE-2006-0749 Firefox Tag Order Vulnerability 188814 - CVE-2006-1741 Cross-site JavaScript injection using event handlers 188816 - CVE-2006-1742 JavaScript garbage-collection hazard audit 188818 - CVE-2006-1737 Crashes with evidence of memory corruption (CVE-2006-1738, CVE-2006-1739) 188820 - CVE-2006-1740 Secure-site spoof (requires security warning dialog) 188822 - CVE-2006-1735 Privilege escalation via XBL.method.eval 188824 - CVE-2006-1734 Privilege escalation using a JavaScript function's cloned parent 188826 - CVE-2006-1733 Accessing XBL compilation scope via valueOf.call() 188828 - CVE-2006-1732 cross-site scripting through window.controllers 188830 - CVE-2006-0749 Mozilla Firefox Tag Order Vulnerability 188832 - CVE-2006-1731 Cross-site scripting using .valueOf.call() 188834 - CVE-2006-1724 Crashes with evidence of memory corruption (1.5.0.2) 188836 - CVE-2006-1730 CSS Letter-Spacing Heap Overflow Vulnerability 188838 - CVE-2006-1729 File stealing by changing input type 188840 - CVE-2006-1728 Privilege escalation using crypto.generateCRMFRequest 188842 - CVE-2006-1727 Privilege escalation through Print Preview |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2006-0328.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 20 % | CWE-399 | Resource Management Errors |
| 20 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 20 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 20 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 10 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 10 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:1037 | |||
| Oval ID: | oval:org.mitre.oval:def:1037 | ||
| Title: | Mozilla Privilege Escalation via XBL.method.eval | ||
| Description: | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1735 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10815 | |||
| Oval ID: | oval:org.mitre.oval:def:10815 | ||
| Title: | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain." | ||
| Description: | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-1733 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1087 | |||
| Oval ID: | oval:org.mitre.oval:def:1087 | ||
| Title: | Mozilla JavaScript Garbage-collection Hazard Audit | ||
| Description: | The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1742 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1247 | |||
| Oval ID: | oval:org.mitre.oval:def:1247 | ||
| Title: | Mozilla Privilege Escalation Using a JavaScript Function's Cloned Parent | ||
| Description: | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1734 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1266 | |||
| Oval ID: | oval:org.mitre.oval:def:1266 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (Firefox Regression Fix) | ||
| Description: | A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1790 | Version: | 2 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1614 | |||
| Oval ID: | oval:org.mitre.oval:def:1614 | ||
| Title: | Mozilla CSS Letter-Spacing Heap Overflow Vulnerability | ||
| Description: | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1730 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1649 | |||
| Oval ID: | oval:org.mitre.oval:def:1649 | ||
| Title: | Mozilla Privilege Escalation through Print Preview | ||
| Description: | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview". | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1727 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1667 | |||
| Oval ID: | oval:org.mitre.oval:def:1667 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (CSS BO) | ||
| Description: | The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1739 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1687 | |||
| Oval ID: | oval:org.mitre.oval:def:1687 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (moz-grid) | ||
| Description: | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1738 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1698 | |||
| Oval ID: | oval:org.mitre.oval:def:1698 | ||
| Title: | Mozilla Privilege Escalation Using crypto.generateCRMFRequest | ||
| Description: | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1728 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1811 | |||
| Oval ID: | oval:org.mitre.oval:def:1811 | ||
| Title: | Mozilla Secure-site Spoof (requires security warning dialog) | ||
| Description: | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1740 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1829 | |||
| Oval ID: | oval:org.mitre.oval:def:1829 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (RegEx) | ||
| Description: | Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1737 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1848 | |||
| Oval ID: | oval:org.mitre.oval:def:1848 | ||
| Title: | Mozilla Mozilla Firefox Tag Order Vulnerability | ||
| Description: | nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-0749 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1855 | |||
| Oval ID: | oval:org.mitre.oval:def:1855 | ||
| Title: | Mozilla Cross-site JavaScript Injection Using Event Handlers | ||
| Description: | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1741 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1887 | |||
| Oval ID: | oval:org.mitre.oval:def:1887 | ||
| Title: | Mozilla Cross-site Scripting through window.controllers | ||
| Description: | Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1732 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1901 | |||
| Oval ID: | oval:org.mitre.oval:def:1901 | ||
| Title: | Mozilla Crashes with Evidence of Memory Corruption (CVE-2006-1724) | ||
| Description: | Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1724 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1929 | |||
| Oval ID: | oval:org.mitre.oval:def:1929 | ||
| Title: | Mozilla File Stealing by Changing Input Type | ||
| Description: | Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1729 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1955 | |||
| Oval ID: | oval:org.mitre.oval:def:1955 | ||
| Title: | Mozilla Cross-site Scripting Using .valueOf.call() | ||
| Description: | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1731 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:2020 | |||
| Oval ID: | oval:org.mitre.oval:def:2020 | ||
| Title: | Mozilla Accessing XBL Compilation Scope via valueOf.call() | ||
| Description: | Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-1733 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | mozilla |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9167 | |||
| Oval ID: | oval:org.mitre.oval:def:9167 | ||
| Title: | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". | ||
| Description: | Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-1741 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-10 | Name : SLES9: Security update for Mozilla suite File : nvt/sles9p5019559.nasl |
| 2009-05-05 | Name : HP-UX Update for Thunderbird HPSBUX02156 File : nvt/gb_hp_ux_HPSBUX02156.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200604-12 (mozilla-firefox) File : nvt/glsa_200604_12.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200604-18 (mozilla) File : nvt/glsa_200604_18.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200605-09 (mozilla-thunderbird) File : nvt/glsa_200605_09.nasl |
| 2008-09-04 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox22.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1044-1 (mozilla-firefox) File : nvt/deb_1044_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1046-1 (mozilla) File : nvt/deb_1046_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1051-1 (mozilla-thunderbird) File : nvt/deb_1051_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1118-1 (mozilla) File : nvt/deb_1118_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1120-1 (mozilla-firefox) File : nvt/deb_1120_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1134-1 (mozilla-thunderbird) File : nvt/deb_1134_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 24680 | Mozilla Multiple Products XBL Control Print Preview Privilege Escalation |
| 24679 | Mozilla Multiple Products crypto.generateCRMFRequest Method Arbitrary Code Ex... |
| 24678 | Mozilla Multiple Products Text Box Arbitrary File Access |
| 24677 | Mozilla Multiple Products CSS letter-spacing Property Overflow |
| 24672 | Mozilla Multiple Products DHTML Unspecified Memory Corruption (282105) |
| 24671 | Mozilla Multiple Products .valueOf.call() / .valueOf.apply() Same-origin Bypass |
| 24670 | Mozilla Multiple Products nsHTMLContentSink.cpp Crafted HTML Memory Corruption |
| 24669 | Mozilla Multiple Products window.controllers Array Same-origin Bypass |
| 24668 | Mozilla Multiple Products XBL Binding Multiple Method Privilege Escalation |
| 24667 | Mozilla Multiple Products Object.watch Method Arbitrary Code Execution |
| 24666 | Mozilla Multiple Products XBL.method.eval Javascript Function Privilege Escal... |
| 24664 | Mozilla Multiple Products Popup Window Trusted Site Spoofing |
| 24663 | Mozilla Multiple Products InstallTrigger.install() Method Memory Corruption |
| 24662 | Mozilla Multiple Products -moz-grid* Modification DoS |
| 24661 | Mozilla Multiple Products Javascript Regular Expression Parsing Overflow |
| 24660 | Mozilla Multiple Products CSS border-rendering Code Crafted CSS Memory Corrup... |
| 24659 | Mozilla Multiple Products Javascript Engine garbage-collection Temporary Vari... |
| 24658 | Mozilla Multiple Products Modal Alert Suspended Handler XSS |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-12-29 | Mozilla products CSS rendering out-of-bounds array write attempt RuleID : 44991 - Revision : 3 - Type : BROWSER-FIREFOX |
| 2017-08-23 | Mozilla Firefox multiple vulnerabilities memory corruption attempt RuleID : 43642 - Revision : 4 - Type : BROWSER-FIREFOX |
| 2016-03-14 | Mozilla Firefox Javascript large regex memory corruption attempt RuleID : 36789 - Revision : 2 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Object.watch parent access attempt RuleID : 20739 - Revision : 5 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla XBL.method memory corruption attempt RuleID : 20730 - Revision : 6 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla XBL object init code execution attempt RuleID : 20729 - Revision : 7 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox Javascript large regex memory corruption attempt RuleID : 18298 - Revision : 7 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox InstallTrigger.install memory corruption attempt RuleID : 18187 - Revision : 6 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla products -moz-grid and -moz-grid-group display styles code execution ... RuleID : 18186 - Revision : 6 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla products CSS rendering out-of-bounds array write attempt RuleID : 18078 - Revision : 7 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla products CSS rendering out-of-bounds array write attempt RuleID : 18077 - Revision : 8 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox tag order memory corruption attempt RuleID : 17581 - Revision : 13 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox tag order memory corruption attempt RuleID : 16050 - Revision : 9 - Type : BROWSER-FIREFOX |
| 2014-01-10 | Mozilla Firefox CSS Letter-Spacing overflow attempt RuleID : 16044 - Revision : 9 - Type : BROWSER-FIREFOX |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-12-21 | Name : A web browser on the remote host is prone to multiple flaws. File : mozilla_firefox_108.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-323-1.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-296-2.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-296-1.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_MozillaFirefox-1585.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris8_120671.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote host is missing Sun Security Patch number 120671-08 File : solaris9_120671.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-487.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-488.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-489.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-490.nasl - Type : ACT_GATHER_INFO |
| 2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris8_x86_120672.nasl - Type : ACT_GATHER_INFO |
| 2006-12-06 | Name : The remote host is missing Sun Security Patch number 120672-08 File : solaris9_x86_120672.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 119115-36 File : solaris10_119115.nasl - Type : ACT_GATHER_INFO |
| 2006-11-06 | Name : The remote host is missing Sun Security Patch number 119116-35 File : solaris10_x86_119116.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1046.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1134.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1120.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1118.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1051.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1044.nasl - Type : ACT_GATHER_INFO |
| 2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0330.nasl - Type : ACT_GATHER_INFO |
| 2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0328.nasl - Type : ACT_GATHER_INFO |
| 2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0329.nasl - Type : ACT_GATHER_INFO |
| 2006-05-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200605-09.nasl - Type : ACT_GATHER_INFO |
| 2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_84630f4acd8c11dab7b9000c6ec775d9.nasl - Type : ACT_GATHER_INFO |
| 2006-05-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-276-1.nasl - Type : ACT_GATHER_INFO |
| 2006-05-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200604-18.nasl - Type : ACT_GATHER_INFO |
| 2006-04-28 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-275-1.nasl - Type : ACT_GATHER_INFO |
| 2006-04-26 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0330.nasl - Type : ACT_GATHER_INFO |
| 2006-04-26 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-078.nasl - Type : ACT_GATHER_INFO |
| 2006-04-26 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-075.nasl - Type : ACT_GATHER_INFO |
| 2006-04-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200604-12.nasl - Type : ACT_GATHER_INFO |
| 2006-04-26 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_021.nasl - Type : ACT_GATHER_INFO |
| 2006-04-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-410.nasl - Type : ACT_GATHER_INFO |
| 2006-04-21 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-411.nasl - Type : ACT_GATHER_INFO |
| 2006-04-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-271-1.nasl - Type : ACT_GATHER_INFO |
| 2006-04-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0329.nasl - Type : ACT_GATHER_INFO |
| 2006-04-17 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0328.nasl - Type : ACT_GATHER_INFO |
| 2006-04-14 | Name : A web browser on the remote host is prone to multiple flaws. File : mozilla_firefox_1502.nasl - Type : ACT_GATHER_INFO |
| 2006-04-14 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_101.nasl - Type : ACT_GATHER_INFO |
| 2006-02-05 | Name : A web browser on the remote host is prone to multiple flaws. File : seamonkey_10.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:49:59 |
|
